• Home
  • /
  • Malware
  • /
  • Ransomware: What you need to know before, during and after an attack

Ransomware: What you need to know before, during and after an attack

By Sashnee Singh, Cybersecurity Leader, Marsh Africa.

Johannesburg, 01 Jun 2021
Sashnee Singh, Cybersecurity Leader, Marsh Africa.
Sashnee Singh, Cybersecurity Leader, Marsh Africa.

“Your files have been encrypted. You have five days to submit the payment, or your files will be lost.” The ominous message glaring out from your screen isn’t farfetched – or even unusual. Instead, this common scenario plays out continually. By the end of 2021, ransomware attacks are expected to target global businesses every 11 seconds.

Ransomware is on a meteoric rise – increasing in frequency, severity and sophistication. As ransomware has proliferated over the past year, more than half of organisations have fallen victim to an attack. With increasing attacks come higher financial and operational impacts, including ransomware payments and associated costs, operational downtime and remediation efforts. In Q3 2020 alone, the average ransomware payment increased more than 30% over the previous quarter.

Driven by the COVID-19 pandemic, businesses have greatly accelerated their digital transformation efforts. From healthcare organisations to government agencies to manufacturing companies and every industry in between, the rapid shift to remote work generally has created wider attack surfaces and less secure environments. The result? A boon to cyber criminals.

What is ransomware exactly?

Ransomware is a type of malware that prevents access to a system or data until the victim pays a ransom. Using a variety of methods, attackers typically encrypt a victim’s files and render them incapable of opening. The attacker then provides instructions and requests a fee (aka, the ransom) in crypto-currency from the victim, dangling a carrot in the form of a decryption key to unlock the encrypted data. Whether the victim pays or not, there is no certainty that the files will be returned or access restored.

In the world of ransomware, cyber criminals are the most common culprits. Cyber criminals conduct ransomware attacks for economic benefit. Ransomware tool kits are widely available for purchase on the dark Web (think RaaS – ransomware as a service), enabling even less skilled cyber criminals to carry out ransomware attacks for profit. The ease with which attackers can execute ransomware attacks also contributes to its continued growth, notes the 2020 Data Breach Investigations Report.

Is my organisation at risk?

Ransomware attacks impact individuals and organisations across industries and around the globe – no organisation is immune. Small and medium-sized businesses remain popular targets, representing 62% of incidents (Beazley 2020 Breach Briefing). In contrast, 38% of ransomware incidents target the middle market.

While ransomware is an issue across industries, some are harder hit than others. Healthcare, professional services and financial services alone account for more than half of ransomware incidents. The healthcare industry is among the most targeted, with financially motivated cyber criminals using ransomware attacks to exploit sensitive patient data.

Marsh will be participating at the ITWeb Security Summit on 2 June on the topic of 'Cyber Risk Quantification – from Risk Management to Risk Transfer'.