Why does ransomware remain the top priority endpoint security threat? Will other forms of attack ever replace it as the most dangerous family of malware? What can your enterprise do to protect itself against ransomware?
Frequently, cybersecurity experts and researchers find evidence suggesting ransomware decreasing overall as hackers narrow their targets; their research suggests that even though ransomware attacks become more devastating to those affected even as the number of outright victims declines.
Yet at the same time, ransomware continues to haunt the cybersecurity and business worlds. Chainalysis found that crypto payments associated with ransomware grew at least 311 percent in 2020. Tenable discovered that 46 percent of healthcare data breaches start with ransomware. Worse, 35 percent of all breaches link to ransomware attacks.
Meanwhile, a 2020 study by PurpleSec discovered evidence suggesting the number of ransomware attacks rose by 350 percent since 2018. Additionally, the average ransom payment increased by more than 100 percent and downtime by 200 percent. 20 percent of ransomware victims are small to mid-sized businesses.
Ransomware isn’t giving up its crown as a top priority threat in endpoint security. In fact, ransomware might be the most critical non-identity-based threat facing your IT environment.
Why Ransomware Remains the Top Priority Endpoint Security Threat
Other Threats Lack Staying Power
For a few moments, it looked like cryptocurrency mining malware (cryptojacking malware) might take the top spot of malware threats. They appear to be diametrically opposed to ransomware on its face: ransomware is obvious whereas cryptojacking operates in the background, ransomware is a one-time payment while cryptojacking could provide a theoretically perpetual source of income.
Then all of sudden, cryptojacking declined to something like irrelevance. What happened?
Well, the cryptocurrency market happened; it proved far more volatile than anyone expected. Making a reliable source of income through just it alone became nearly impossible. So ransomware, which is a guaranteed payment, retook its throne.
Malware comes in many forms, but ransomware offers reliability. Hackers are criminals, but they need to pay the bills like everyone else.
Myriad Manners of Damage
One of the reasons for the significance of ransomware stems from the ways ransomware can damage an IT environment and an enterprise. First, ransomware by its nature inflicts downtime. After all, it holds data, file, or entire networks hostage for money; hackers might even threaten to erase the data if their demands aren’t met.
Any amount of downtime costs money, It can prevent the fulfillment of orders or purchases, workflows, and communications. It can delay your business from conducting even minute operations.
Moreover, you need to consider the big picture. How does this amount of downtime, especially preventable downtime, look to potential clients and customers? How does it look to current clients and customers, who might worry about the security of their data in the aftermath of a cyber-attack?
The reputational damage resulting from ransomware is hard to quantify. However, it is a pertinent and very real danger to your business, especially to small-to-medium sized businesses which might not have a financial cushion to fall back on.
Of course, this doesn’t even account for the actual ransomware itself, which might be in the hundreds of thousands if not millions of dollars.
Additionally, hackers do not have to abide by whatever agreement they reach with their victims. These are career criminals, and there really isn’t honor among thieves. They could easily take the ransom payment and then sell the data to the Dark Web. Alternatively, they could simply demand another payment on top of the first.
This leads us naturally to another reason ransomware remains a top priority endpoint security threat.
There Are Few Ways to Deal with Ransomware Aftermath
There’s a reason enterprises often admit to suffering cyber-attacks but are more reticent to admit to a ransomware attack. Without the right protections and backup/disaster recovery software in place, businesses have few ways to remove ransomware other than just paying the ransom.
The FBI and cybersecurity experts alike both state that paying the ransom is a bad move; paying criminals only encourages more attacks in the long term. That places organizations between a rock and a hard place; either they labor to regain control of their networks and deal with prolonged downtimes or pay the ransom and contribute to what amounts to a crime wave.
For more on how to prevent ransomware and deal with it as a top priority endpoint security threat, check out the Endpoint Security Buyer’s Guide. Also, check out the Backup and Disaster Recovery resources for mitigating ransomware attacks.