The threat of ransomware is among the biggest challenges that Irish organisations currently face. According to the Institute of Directors in Ireland, 41% of businesses across Ireland have suffered a cyber attack, and ransomware accounts for a large proportion of that total.
Ransomware was used in one of the most infamous cyber attacks in the past few years – the 2021 intrusion into Ireland’s healthcare system, which crippled essential services and left patients without access to facilities for days – but attacks like that happen every day. In fact, research by Statistica found that there were more than 493,300,000 ransomware attacks globally in 2022 alone.
But what exactly is it about ransomware that makes it so dangerous? In this guide, we explain everything you need to know, plus our essential tips on how to protect your organisation from ransomware.
What is ransomware?
Ransomware is a type of malicious program that encrypts a victim’s data or locks them out of their device. The attackers then demand a payment in order to regain access to their systems. The sums can vary greatly, but Zscaler research indicates that victims often pay more than $100,000 (about €92,000).
But that’s just the start of the damage. The trademark of a ransomware attack is that the criminals threaten to publish or sell the compromised data if they aren’t paid, which can result in devastating data breaches. According to an IBM study, the cost of a security breach far exceeds the initial ransom demand, with organisations often spending more than $5 million (€4.6 million) on remediation costs and regulatory penalties.
Types of ransomware
There are countless types – or ‘strains’ – of ransomware, and although they are all designed to cripple the target’s systems and force a ransom payment, there are many ways they can do this. For instance, one of the most common ransomware strains, LockBit, is usually hidden within the attachments of phishing emails, whereas the Ryuk and REvil strains are more likely to exploit RDP (remote desktop protocols).
Likewise, the mechanics of a ransomware attack can fall into two distinct categories:
Crypto ransomware, which encrypts files on the victim’s computer. The encrypted documents remain on the victim’s device, and the user can see their location, but they can’t be opened without the decryption key.
Locker, or screen-locking, ransomware, which prevents the user from using the device altogether. The screen displays a ransom message, which renders the device unusable without the decryption key.
Who is at risk of ransomware – and what is its impact?
As with most cyber security threats, ransomware can affect anyone who uses a computer. However, hackers generally favour organisations that they believe are willing to make a sizeable ransom payment. That doesn’t necessarily mean big businesses have to worry the most, though. Large-scale enterprises account for just 12% of ransomware attacks, according to a report by the Cloud security vendor Akamai, whereas organisations with an annual turnover of less than $50 million (€46 million) represent 67% of the total.
This is because small organisations typically have fewer resources to deal with disruptive incidents, so they’ll have few options but to negotiate with the attackers. According to a study from the IT security firm Sophos, the following sectors are most likely to be targeted:
Construction and property;
Local and national government;
Media, leisure and entertainment;
Energy suppliers; and
The threat is especially pronounced for organisations that work in critical services or that otherwise cannot afford delays. The 2021 ransomware attack on Ireland’s healthcare system is a prime example. Healthcare facilities across the countries were forced to cancel appointments, while several hospitals were locked out of their electronic systems.
This sort of disruption would be bad enough for a standard enterprise, with significant delays damaging the organisation’s reputation and potentially leading to lost revenue. But for the healthcare sector, disturbances might be a matter of life and death, and senior decision-makers might feel as though they have no other choice but to pay up.
How to prevent ransomware attacks
As widespread as ransomware is, there are a few simple ways that organisations can protect themselves. Here are a few tips to help you get started:
Keep your software updated
There are few easier ways to plant ransomware on an organisation’s systems than exploiting known software vulnerabilities. These weaknesses are usually made public when the publisher patches them in an update. Organisations are then expected to apply the patches in order to remove the weakness from their systems. It’s essential that you do this as soon as possible, otherwise, you leave a huge hole in your defences that cyber criminals will be on the lookout for.
Run staff awareness training exercises
Another common way that ransomware is planted is to hide it in a phishing email. Posing as a legitimate sender – such as a contractor sending an invoice or an HR provider sending a payroll notification – the hacker will ask the recipient to open the file, unleashing the ransomware on their systems.
You can combat this threat by teaching your employees what ransomware is, and how it’s used in phishing attacks. Fortunately, most phishing emails contain the same tell-tale clues, so it can be a case of embedding these lessons in regular staff awareness training exercises.
Install antivirus software
Antivirus software is a fundamental part of information security. Tools such as the built-in Windows Defender automatically scan files sent over the Internet for known security threats and ransomware signatures. They will search for viruses on your systems and, depending on your settings, display warnings whenever users attempt to visit unsafe websites or download untrusted files.
Back up your data
You can dramatically reduce your risk of exposure to ransomware by backing up your data. Although this won’t prevent an attack, it will help in the event of a crypto-locking intrusion. This is the dominant form of ransomware, and it encrypts the files on your computer but otherwise leaves the devices undamaged.
If you keep backups in a separate, secure location, you can simply wipe the infected devices and rebuild your systems in a safe environment without having to negotiate with the attackers.
Create business continuity and disaster recovery plans
Data backups go hand in hand with business continuity and disaster recovery plans. These documents explain how your organisation will deal with disruptive incidents and get back to business as usual. Business continuity plans address technical concerns, such as network connections, online systems, phone lines, network drives, servers and business applications.
Meanwhile, disaster recovery plans focus on resolving the disruption. They help organisations identify the source of the disruption and find a way to fix it. These plans are highly technical and address specific deadlines that must be met to prevent a delay from spilling over into a catastrophe.
Certify to Cyber Essentials
Cyber Essentials is a security framework that sets out five basic controls that can protect organisations against 80% of common cyber attacks.
The scheme can help reduce the threat of ransomware, as well as other common security risks, such as phishing, brute-force password breaches and network intrusion. It guidance covers:
- Firewalls and router protection
- Software updates
- Malware protection
- Access controls
- Secure configuration
Organisations can also certify to Cyber Essentials Plus to gain an extra level of security. This advanced scheme includes a technical audit, an external vulnerability assessment and additional tests to ensure that the organisation’s systems are fully secure.
Learn more about Cyber Essentials certification.
Getting started with ISO 27001
If you’re looking for more information about these tips, you should look at ISO 27001. It’s the international standard for information security management, and it helps organisations integrate the core components of data protection – people, processes and technology – within a single strategy.
You can use ISO 27001’s guidance to address an array of information security threats, including ransomware. Its framework covers everything from technical vulnerability management to staff awareness training, giving you the blueprint to secure your systems.