Cases of ransomware – malware with the sole purpose of holding your data hostage and demanding a ransom in exchange for its potential return – rose 715% globally in the first half of 2020.
This astronomical number, published recently in a report by security publisher BitDefender, is scary, especially for small and medium-sized businesses that lack the financial resources and technology to cope.
According to the group of American insurance companies AIG, which has just conducted a survey of 25,000 small businesses and SMEs over the same period, ransomware has now taken the lead in customer claims with a 47% increase in the severity of attacks, some ransoms which can reach tens of millions of dollars. In the same dynamic, the security editor Checkpoint goes even further in its latest statements by announcing that an organization is the victim of ransomware every 10 seconds around the world.
Weakened companies but which do not file a complaint
The increase in ransomware is not new data, but the current circumstances (epidemic, short-time working, accelerated deployment of teleworking without solid tools to respond to it, potential loss of customer confidence) greatly weaken companies, faced with hackers who now work hand in hand in groups whose functioning is modeled on that of the cartels. Attacks are better organized and the substituted data is sometimes the object of lucrative auctions on the “dark web”. A list of e-mail addresses of senior executives within a company, combined with personal elements to better dupe recipients, can thus represent a good basis for serving future targeted phishing campaigns.
However, despite this alarming context and according to the observation established even recently by the European criminal police agency Europol, few targeted companies file a complaint against hackers. Whether it is to preserve their reputation by concealing the incident as much as possible or because it is essential to continue their activities as quickly as possible – hackers primarily targeting organizations with a very low tolerance for production downtime – too many companies prefer to pay the ransom. Taking advantage of this situation, and the lack of resources deployed to counter them, ransomware is gaining ground. This is particularly the state of the hexagonal of Anssi (the National Agency for the Security of Information Systems) which, despite the treatment of 104 ransomware attacks since the beginning of 2020 (against 54 over the whole of 2019 ), still deplores this lack of comprehensive vision to act more effectively.
How to avoid attacks?
Yet solutions do exist, such as the deployment of data protection and migration software that is proving its worth every day. The Anssi has also published a very well documented guide on this subject.
We must also put an end to the traditional approach of cybersecurity aimed at “barricading” systems: companies must adopt a proactive, automated cyber-resilient approach that is integrated into their work environments, by constantly preparing for a possible data leak or the threat of production shutdown. Aimed at protecting as well as detecting, responding and recovering, cyber resilience must offer permanent business continuity through the fastest possible response and data recovery capabilities.
Guaranteeing greater peace of mind, a backup and recovery plan must follow essential rules. For each snapshot (instantaneous “photo” of the data), several local and remote copies must be created, as well as a “disconnected” copy, ie inaccessible to even a talented hacker. This plan must also integrate artificial intelligence systems capable of learning the classic behavior of a data, its modifications throughout its life cycle, regardless of the work environment used.. So when a sudden surge in activity is recorded in storage spaces – such as during a ransomware attempt – the reaction time can be immediate. Increased speed of intervention and enhanced capacity for adaptation guarantee greater peace of mind for companies.