Why Ransomware Victims Suffer Repeat Attacks (and What to Do About It)
At first glance, it may seem reasonable that after a cybercriminal successfully pulls off a ransomware attack, they will move on from their victim and target a new company. But, as it turns out, companies that have suffered a ransomware incident are more likely to be targeted again, often by the same attacker. This pattern was uncovered in a recent study by the cybersecurity company Cybereason, which found that 80 percent of ransomware attack victims who paid ransom demands were attacked a second time, usually by the same attacker.
Why Ransomware Victims Are Retargeted
Intuitively, it makes sense that a cybercriminal might try again, especially while the company, struggling to restore operations and shore up its defenses, remains vulnerable. And while companies may believe paying the ransom is the most prudent (even if painful) course of action, paying the ransom indicates to cybercriminals that you’re more likely to pay again. Further, many malware programs cybercriminals contain hidden tools that are often used to launch a second attack. Often, inexperienced IT personnel working to clean up compromised systems overlook these items and fall victim again.
When dealing with some types of malware, the best approach is often to wipe compromised drives and start from scratch rather than trying to analyze remnants of the threat and remove them. Doing so can put companies without solid backups or an inordinately slow recovery process in a bind. And if you’re a small business, you often don’t have the resources to bring in top-quality IT companies and resources in the wake of a cyberattack. You need to restore your operations as quickly as possible, and so you may be tempted by the seeming expediency of paying the ransom. But if you do, you’ll most likely suffer another attack.
How to Prevent Ransomware Attacks
The best option is to prevent ransomware attacks in the first place. Managed security service providers (MSSPs) like Alvarez Technology Group work with your team to simulate ransomware attacks to identify vulnerabilities in your defenses in need of remediation. Not all MSSPs provide preventative services; some come in after the attack to help you assess what went wrong. But you want to work with a provider that can help you prevent the attack from happening in the first place.
You also need to ensure that you’ve got the strongest security measures in place for cyber insurance. Before they pay your claim, insurance companies want to know you’re taking all the proper precautions to prevent an attack. Claims are denied every day when the forensic IT companies insurers pay to investigate claims find that companies have misrepresented the security measures they had in place at the time of the attack. Absorbing the costs of ransom payments and cyberattack-related damages can prove catastrophic for businesses, especially small ones. In fact, sixty percent of small businesses fail within six months of an initial cyber attack.
Cybersecurity’s Evolving Regulatory Landscape
One of the challenges cybersecurity professionals face is that many businesses have avoided sharing information when they’ve fallen victim to a ransomware attack. There are reputational and legal considerations, to be sure, but companies are often hesitant to even report attacks to law enforcement agencies. Business leaders may be pessimistic that local or federal law enforcement agencies would have much success addressing attacks from overseas and believe that their investigatory efforts may further hinder their efforts to resume operations. Worse yet, such investigations, some business leaders assume, could lead to bad press or regulatory action if some form of legal liability was uncovered. Existing state and federal regulations and statutes require businesses in remarkably few industries to disclose breaches, and given their discretion, many companies have opted against voluntary disclosure.
However, in the wake of the high-profile attacks on Colonial Pipeline, JBS Foods, and Kaseya, there’s been a surge of bipartisan support for federal legislation requiring disclosure of breaches within 24 hours by businesses operating in critical infrastructure areas, as well as government agencies and federal contractors. In all likelihood, we’ll see even more related bills be enacted because of how significant a national – and international – concern cybersecurity has become. The unfortunate reality is that ransom payments don’t just support lavish lifestyles. Some of these attacks fund terrorist organizations and hostile nation-state actors. Cybersecurity is not just a matter of protecting our business community but also our nation as well.
If you have the slightest doubt about your company’s cyber defenses or preparedness to address a cyber incident, don’t hesitate to get in touch with Alvarez Technology Group today. With over 20 years of experience providing cybersecurity and managed IT services to companies throughout Monterey, Santa Cruz, and San Benito counties, we’ve got the expertise and tools you need to safeguard your business. Contact us today to get started.