Ransomware is one of the most critical cybersecurity threats to businesses today. While these attacks have always been relevant, they’ve become a far more relevant concern lately. According to a recent report from IT security firm NCC Group, ransomware attacks increased by 288% between Q1 and Q2 2021.
Almost half of these attacks (49%) in the past three months have targeted victims in the U.S. As these threats grow increasingly common, companies must ensure they have sufficient defenses in place. The rise in ransomware in the context of larger cybercrime trends makes it clear they aren’t likely to diminish soon.
A Troubling Trend
Cybercrime as a whole has seen a troubling rise over the past two years. The FBI’s Internet Crime Complaint Center logged 1 million grievances between March 2020 and May 2021. For comparison, it took almost three years to receive the last million complaints.
While overall cybercrime has grown, this ransomware wave far outpaces the broader trend. As such, companies can’t attribute the rise in ransomware to the increasing prevalence of cybercrime as a whole. Rather, ransomware is leading the curve, growing at a far higher rate than other attack types.
Ransomware’s growth has been exponential. These attacks grew by 150% in 2020, a significant jump, but one that pales in comparison to what NCC Group has logged this year. If this trend continues, the ransomware threat could quickly grow out of control.
Why Ransomware Attacks Are Rising
Ransomware’s accelerating growth is the result of a diverse mix of scenarios. The most straightforward of these drivers is the world’s increasing reliance on digital data. As this information becomes a more critical part of business operations, cybercriminals stand to gain more from ransomware attacks.
Another reason behind this wave is the rise of ransomware-as-a-service (RaaS). Ready-made ransomware tools have become easily accessible, giving more threat actors the ability to initiate these attacks, regardless of their expertise. Some of the most prominent recent ransomware attacks, including the Colonial Pipeline hack, have come from these RaaS tools or creators.
More businesses have opted to pay the ransom in the past year instead of mitigating the attack another way. A recent survey found that 42.5% of companies across industries would at least consider paying the ransom. In some less-tech-savvy sectors, like construction, that number was as high as 74%.
With more to gain, a higher chance at success and easily accessible tools, it’s unsurprising that cybercriminals would prefer ransomware today.
How Organizations Can Stay Safe
Businesses should take several steps to defend themselves amid these rising ransomware threats. First, companies should never pay the fee in a ransomware attack, as it encourages future attacks and doesn’t guarantee the safe return of their data. Multiple free online tools can decrypt data instead.
Phishing emails are the most common ransomware delivery method, so organizations must emphasize employee training. All workers should know how to spot and react to phishing attempts so they don’t fall prey to these attacks. Other best practices like multifactor authentication can help reduce risks, too.
Businesses should also create offline encrypted backups of all mission-critical data. This won’t stop ransomware attacks, but it will mitigate their impact. Network segmentation and tighter user access controls will do the same.
Restricted access controls apply to third parties, too. Organizations should thoroughly vet everyone that could access their data, holding them to high standards and limiting their privileges. Zero-trust security architecture may not be necessary but is recommended for businesses with highly sensitive data.
Businesses Can’t Overlook the Ransomware Threat
The recent rise in ransomware is troubling, but it’s not a death sentence. Organizations should stay updated on these trends, adopting additional cybersecurity measures as necessary. This will allow businesses to remain safe despite these rising threats.