The Impact of Ransomware

The financial impact of ransomware is huge. When you add together the full costs of remediation, including downtime, people time, device cost, network cost, lost opportunities, and ransom paid, the final sums are eye-watering.

Cost to rectify a ransomware attack
flag

US $852,000

flag

£564,000

flag

AU$ $803,875

Ransomware is not new. In fact, the AIDS Information Trojan, the world’s first cyber ransomware attack was released in December of 1989. Since then, cybercriminals have continued to take advantage of developments in both technology and wider society to evolve and finesse their ransomware attacks.

What’s Next for Ransomware?

History teaches us that cybercriminals will continue to exploit changes in technology and society to inflict their ransomware attacks. In essence, ransomware is going to keep evolving.

Three new areas where the dirty tentacles of ransomware are starting to reach

icon-public-cloud-ransomware

Public Cloud
Ransomware

icon-service-provider-attacks

Service Provider
Attacks

icon-encryption-free-attacks

Encryption Free
Attacks

Public cloud ransomware is ransomware that targets and encrypts data stored in public cloud services like Amazon Web Services (AWS), Microsoft Azure (Azure), and Google Cloud Platform (GCP). While the public cloud offers lots of advantages, confusion around security responsibilities creates protection gaps that hackers are quick to exploit.

Service provider attacks. As technology and threats become ever more complex, companies are increasingly outsourcing their IT to specialist managed service providers (MSPs). Cybercriminals have realized that targeting MSPs enables them to hold multiple organizations hostage with a single attack. One attack, many ransoms.

Encryption-free attacks. The ability to encrypt files was one of the original core capabilities needed to make ransomware a viable cybercrime. Today cybercriminals no longer need to encrypt your files to hold you hostage. Why? Because they’ll think you’ll pay up just to stop your data going public.

How to Defend Against Ransomware

Ransomware has evolved into a highly advanced, highly complex threat – and it’s only going to evolve further. With that in mind, how can you minimize your risk of being affected by ransomware?

The answer is to make it as hard as possible for ransomware actors to deploy their complex attacks, and to take advantages of opportunities presented by changes in technology and society. To do this we recommend:

  • Threat protection that disrupts the whole attack chain
  • Strong security practices
  • Ongoing staff education

How Sophos can help

The best protection requires the best defenses, both for data held on premises and data stored in the public cloud.

Intercept X

Sophos Intercept X includes advanced protection technologies that stop ransomware on your endpoints and servers at multiple stages of the attack chain.

XG Firewall

Sophos XG Firewall is packed with advanced protection to detect and block ransomware attacks, and stop hackers moving laterally around your network to escalate privileges.

Intercept X and XG Firewall

Intercept X and XG Firewall are great on their own – and even better together thanks to Synchronized Security. If a detection is triggered in either product, they work together to automatically isolate the affected devices, preventing the threat from spreading further.

MTR

Sophos Managed Threat Response (MTR). Many organizations don’t have the expertise, resources, or desire to monitor their network 24/7. The Sophos MTR service is a dedicated, round-the-clock team of threat hunters and response experts who constantly scan for and act on suspicious activity.

Sophos Cloud Optix

Sophos Cloud Optix continuously analyzes public cloud resources to detect, respond, and prevent gaps in security across AWS, Azure, and GCP public cloud environments that can be exploited in a ransomware attack.

Download the Whitepaper

IT security know-how Written by Sophos experts Useful tips and advice
*
*
*

If you can see this then you have CSS disabled. This is a honeypot to catch bots, leave this textbox empty