Protecting your business from ransomware attacks with Alfahive

Generative AI
CyberRisk
February 7, 2023

Ransomware has become a major concern for businesses of all sizes, industries, and locations. From banking and financial services to manufacturing to education, no one is safe from the potential exploitation of their sensitive data by cyber criminals. Understanding the signs and vulnerabilities that ransomware attackers look for is crucial in protecting your business from attack.  

According to a 2021 report from cybersecurity firm Trellix, the banking and financial services sector is particularly susceptible to cyber-attacks and is the industry most frequently targeted by ransomware perpetrators. Manufacturing companies are also popular targets for ransomware attacks, with a high likelihood of having their stolen data leaked online. According to Palo Alto Networks' Unit 42, in 2020 alone, cybercriminals leaked the data of 45 manufacturing companies. IBM's report for 2021 showed that it resolved more cyber attacks for the manufacturing industry than for any other.

The good news for industrial companies is that a recent survey by Sophos revealed that only 19% of companies affected by ransomware attacks ended up paying the ransom, even though nearly half of those who were hit had their data encrypted. This may be due to the industry's greater preparedness in restoring data from backups, as opposed to attempting to decrypt stolen files, which is often ineffective. The survey indicated that 36% of respondents in the manufacturing industry faced ransomware attacks.

Factors that make companies vulnerable to ransomware attacks

Ransomware attackers consider the worth of a company's data as a crucial factor. If the attacker can secure or encrypt valuable confidential information, the victim may be more likely to agree to a larger ransom demand or the stolen data can fetch a greater sum from Dark Web buyers. Sectors such as professional services, financial services, and manufacturing are particularly attractive targets for ransomware due to the nature of the sensitive information they possess.

Ransomware attackers also target organizations with insufficient cyber defence measures. Small to medium-sized businesses are particularly vulnerable as they tend to have limited security compared to large enterprises. The rise of ransomware-as-a-service (RaaS) has made it accessible for almost anyone to carry out ransomware attacks for a fee. As a result, even amateur cyber criminals can launch attacks and look for low-hanging fruit.

Ransomware attackers also consider the potential for a larger ransom payment. Companies in wealthy industries, such as entertainment, may be more enticing targets due to their ability to provide a more substantial pay-out. Nonetheless, even medium-sized businesses that generate a few million dollars a year could be vulnerable to attack as they can still offer a substantial sum to an individual or a small group of attackers.

Financial motivations are not the only driving force behind ransomware attacks. Some cyber criminals seek to cause as much destruction as possible, particularly in state-sponsored cyber-attacks. Software supply chain companies are some of the most at-risk organizations in this scenario.

Repeat ransomware attacks: A growing trend in cybercrime

Repeat ransomware attacks have become increasingly prevalent in recent years, with some organizations falling victim multiple times per year, according to IBM Ponemon's report. On average, a company may be subject to ransomware attacks 2 to 4 times in a single year. A survey conducted by Cybereason with 1,263 companies showed that even after submitting a ransom payment, 80% of the victims soon became targets of another attack. This highlights the importance of taking proactive measures to prevent ransomware attacks and minimize the risk of becoming a repeat victim.

The rise of ransomware-as-a-service (RaaS) has become a notable trend in the cybercrime world. The most proficient cyber-criminal groups have discovered that they can maximize profits and reduce their own personal risk by creating the ransomware themselves and then renting its usage to affiliates for a fee or a share of the profits. The success of this model has been so significant that it's likely that less skilled cyber criminal gangs will adopt a similar approach in the future.

Proactive ransomware risk management with Alfahive's data-driven solution

At Alfahive, we understand the challenges that companies face in managing ransomware risk and the need for a more comprehensive approach that aligns with a company's specific security needs. Our solution is based on industry-specific, data-driven models that provide a clear understanding of the ransomware risks facing the organization, including the potential financial exposure and probability of an impact. This information enables organizations to make more informed decisions about risk management and to take a more proactive and strategic approach to ransomware risk. Our platform also provides a common language for business and technology stakeholders to communicate which helps in the decision-making process.

In addition to providing a clear understanding of the risks facing the organization, our solution also helps companies to prioritize remediation actions in a way that is aligned with their business objectives. By quantifying cyber risk in financial terms, companies are better able to understand the potential impact of a ransomware incident on their bottom line and to make more informed decisions about risk management. This is particularly important for companies that are subject to regulatory compliance requirements and need to demonstrate that they have adequate controls in place to manage cyber risk.

According to a recent survey, over half of the surveyed companies reported that an executive or an employee had been approached to participate in a ransomware attack. The percentage of companies that reported being approached by a ransomware gang rose from 48% to 65% in a matter of months.

The recent shutdown of the Hive ransomware group by the FBI was a major victory for the cybersecurity community. Despite this triumph, it's crucial to remember that new threat actors will emerge and continue to target vulnerable sectors. The Hive ransomware group, for example, caused significant disruption in the medical sector, both in the US and abroad, including the June 2022 attack on Costa Rica's public health service.

These events serve as important reminders of the low-frequency, high-impact incidents that can severely affect the delivery of essential goods and services. This is why it's essential to understand the importance of cyber risk quantification. By prioritizing what matters, you can maintain optimal controls without overextending resources. Cyber risk quantification enables you to focus on the high-impact consequences that can cripple your business and make meaningful decisions to ensure better business outcomes.

We invite forward-looking organizations to take advantage of our free-of-charge two-week value discovery pilot with our platform and join us in our approach to making a lasting impact in the cyber risk management world.