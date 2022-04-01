The world of ransomware continues to mutate and grow. It is a constant cat-and-mouse game where perpetrators who are both wily and cunning play the cat, causing havoc to organizations of every size and scope. We are entering a new, more dangerous phase of ransomware—one where nation states, in addition to individuals and groups, are becoming the protagonists.

What that means is that anyone who owns, runs, or works in an organization, regardless of size, needs to be acutely aware of risks presented by the evolving ransomware of today and for years to come. While ransomware attacks are not new, the complexity and cleverness has grown exponentially since the first ever ransomware attack in 1989 which saw attendees at a World Health Organization summit targeted via infected floppy disks. THE DEATH OF DISTANCE Coined in the late 1990s, the term “death of distance” once referred to how technology advances eliminate distance as a problem to overcome. But ransomware in the modern age gives a whole new meaning to the term. From a ransomware perspective, death of distance now means that organizations and individuals can be extorted by someone online from anywhere in the world. Long gone are the days of physical distribution via floppy disks.

With attacks becoming more targeted, better implemented, and much more ruthless, cyber criminals are targeting a scary combination of higher value and more easily penetrable targets. In addition, businesses have become preferred targets because they can and will pay to get their data back. THE REALITY OF AN ATTACK Ransomware attacks can range from the irritating to the insidious, but once inside an organization the attack can replicate and spread, causing more damage as it propagates. Some businesses are fortunate enough to spot the attack right away and immediately begin remediation. But for many, the infection does not reveal itself for days or weeks—or longer—after the initial infection. Criminal cartels and nation states have also become more deliberate in how they target their victims to maximize their profits. These groups will do the research, meaning they will typically have done significant “recon” on their targets to discover exactly how to breach them and which systems to encrypt to cause maximum disruption.

As Kelvin Murray, senior threat research analyst at OpenText notes in the 2021 Webroot BrightCloud Threat Report, “in most cases, ransomware isn’t the beginning of a compromise, it’s actually the end state where the criminals cash in after an extended period. By the time you realize you’ve got ransomware on your network, the criminals may have been in there watching, listening, and tampering with things for weeks or months without your knowledge. They might have even checked out your financials, so they know what kind of ransom to demand.” Meanwhile, The Hidden Costs of Ransomware report contains an assortment of frightening findings, including: 50% of ransomware demands are for more than $50,000

50% of victims are being deceived by a malicious website email link or attachment

46% of businesses say their clients were also impacted by the attack

45% of victims are unaware of the infection for more than 24 hours

38% of businesses say the attack harmed their brand or reputation

17% of victims were unable to recover their data, even after paying the ransom ONLY THE TIP OF THE ICEBERG Small and midsize business (SMBs) often fall victim to ransomware because of a lack of deep knowledge about the issue, unprotected IT systems, or the lack of a comprehensive cybersecurity strategy. But human error is also a risk factor, underscoring the need for security awareness training to better prepare employees in how to spot ransomware threats like malicious phishing emails, installing unapproved apps, or using storage devices like USB sticks without virus scanning first.

SMBs are also uniquely at risk because they generally have fewer resources available and as a result are unlikely to have dedicated security teams. Attackers sneak in by focusing their attention on vulnerable systems such as outdated firewalls and outdated servers—or on innocent employees who don’t necessarily know any better. But the cost of any ransom payment is just the tip of the iceberg. Once infected, recovery and protecting against additional attacks often means modernizing the company’s IT infrastructure. Regardless of company size, this a potentially huge capital expenditure. And if customer data is stolen, especially Personally Identifiable Information (PII), litigation and fines could mean the added expense of legal bills and damages that will have to be paid out.

If you are a small or midsize business owner, it is critical to take a proactive approach against ransomware and other malicious attacks by developing a true defense-in-depth cyber resilience strategy. In addition to network and endpoint security, conducting regular security awareness training for employees—including phishing simulations and courses on best practices for identifying and reporting suspicious activity—plays a vital role by addressing human vulnerabilities. Lastly, ensuring your important business data is backed up and can be restored provides another layer of defense. At OpenText, we offer a range of security and data management offerings for companies of all sizes, and our recent acquisition of Zix further solidifies our powerhouse SMB platform, helping SMBs in the cat-and-mouse world of ransomware. A combination of good digital hygiene, cyber resilience strategies, and the right security-focused partners can help even the odds for businesses of all sizes if (and when) a breach occurs. Prentiss Donohue is the executive vice president of SMB/C sales at OpenText. Follow him on LinkedIn.