We know ransomware is currently one of the greatest threats in cybersecurity.
Once your organization has been hit, you’re likely to be targeted again. But how much do we understand its impact?
To gain greater insight into the risks of repeated ransomware attacks, Sophos commissioned The State of Endpoint Security Today.
This report details the findings of research among more than 2,700 IT decision-makers from mid-sized businesses across ten countries.
The ransomware threat defined
Despite the splash ransomware made in 2017, the survey found that organizations are still not fully prepared to face current threats. Over 50% of the organizations surveyed don’t have specific anti-ransomware technology or processes in place. This is despite that in 2017, attackers perfected their ransomware delivery techniques. The result was a series of global outbreaks such as WannaCry, NotPetya and Bad Rabbit.
Though most ransomware is hitting Windows users, it’s clear that people aren’t immune if they use other platforms. Mobile devices are particularly at risk. The amount of ransomware contaminating Android apps, whether they’re in Google Play or other online sources, is alarming.
What is the impact of this? For starters, more than half of organizations surveyed were hit with a ransomware attack last year. Most organizations were hit more than once. Traditional antivirus alone appears to be insufficient, as 75% of the organizations surveyed were running up-to-date endpoint protection when the ransomware attack occurred.
Ransomware attacks are expensive. Beyond just the ransom paid, the total financial impact of a ransomware attack can include downtime, work hours, device cost, network cost, lost opportunities.
The research found that the median cost of a ransomware attack is nearly US$133,000 (£100,000). The most common cost experienced was between US$13,000 and $70,000, but nearly half of the respondents (46%) incurred costs between $13,000 and $133,000. For an unlucky 5% of respondents, their ransomware attacks cost $1.3 to $6.6 million.
Defending against the threat of ransomware
The threat of ransomware is going to get worse as attackers improve their tactics. What can businesses do?
- Back up regularly and keep a recent backup copy off-site: There are dozens of ways other than ransomware that files can be lost. Fire, flood, theft, damage or even accidents can be just as damaging. Encrypting backups also relieves the worries that the backup device may fall into the wrong hands.
- Don’t enable macros in document attachments received via email: Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading the user to turn macros back on, so don’t!
- Patch early, patch often: Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, browsers, Flash and more. The sooner a business patches, the fewer open holes remain for the crooks to exploit.
- Use specific anti-ransomware technology, such as Sophos Intercept X. Stop previously unseen types of ransomware with technology that identifies the behaviour of ransomware – like the unauthorized encryption of files – automatically, as soon as the behaviour is noticed.
Further cause for concern
The report also revealed a startling ignorance of exploits and anti-exploit technology – that is, technology that doesn’t rely on previously known and identified malware but rather watches for the exploits hackers prefer to use when creating malware. While millions of new types of malware are created every day – one every four seconds, by some estimations – hackers tend to rely on just a few specific tactics, or exploits, to make their malware effective. Technology that can spot use of an exploit immediately can stop malware before it takes hold. More than half of organizations don’t yet have anti-exploit technology, which exposes those businesses to these highly effective tactics by hackers.
Nearly 70% of IT professionals weren’t able to correctly define anti-exploit technology, despite those same professionals saying they understand it is critical to prevent modern, evolving attacks.
There is also a lack of understanding around predictive, next-generation technologies like machine or deep learning. More than half (56%) of respondents admit they don’t understand the differences between machine and deep learning. Though the understanding of the need for predictive, next generation technology is trending in the right direction – 60% of respondents are planning to implement such technology within a year – currently only 25% have such technology in place.
One challenge in this area is the size of the available training pool to develop machine learning technology. Training engines to identify malware requires a huge pool of data. Home-grown solutions often simply lack the amount of data they need to develop a functional, successful engine,. Even third-party solutions can come up short, either because of a lack of samples or because those organizations impacted by attacks don’t want to release information for fear word will get out they were hit by malware or ransomware. A solution with access to sufficient data to build an operational machine or deep learning solution, like Intercept X, which is backed up by the constantly expanding research and data collected by SophosLabs, is necessary to make the most of machine or deep learning capabilities.
The state of endpoint protection and how current attacks are impacting users and administrators may be worrying, but we’ve got good news. Deep learning provides the capability to identify malicious or potentially unwanted files without ever having seen them before, faster than the human mind can. This combined with anti-exploit technology to block the techniques attackers love to use makes for a powerful defence against the biggest threats to IT security today.
The Sophos Group is a leading global provider of cloud-enabled enduser and network security solutions, offering organisations end-to-end protection against known and unknown IT security threats through products that are easy to install, configure, update and maintain.
The Group has more than 30 years of experience in enterprise security and has built a portfolio of products that protect more than 260,000 organisations and more than 100 million endusers in 150 countries across a variety of industries.