Ransomware

What is Ransomware?

Ransomware. You’ve most likely heard about it in the news, but you don’t really understand what it is and how, if at all, it affects you. Don’t worry, you are not alone. Ransomware is a relatively new and sophisticated form of cyber-attack. It involves attackers gaining access to an organization’s systems and then encrypting them, locking the organization out of their own information. The attackers then hold the information “hostage” and demand that the organization pay a ransom to unlock the data.

Examples of Ransomware Attacks

Ransomware attacks can be devastating to an organization for several reasons. Losing access to systems doesn’t just mean email accounts can’t be accessed. It could mean that all organizational control is forfeited.

In 2021 Colonial Pipelines experienced a ransomware attack that caused gas shortages and panic on the East Coast of the United States. Attackers gained access to Colonial Pipeline’s network and began to steal data while simultaneously encrypting it and demanding a ransom. To stop the spread of the attack, the pipeline shut down operations. The shutdown resulted in nationwide panic and a state of emergency in 17 East Coast states. Colonial Pipelines then paid almost $5 million in ransom to the attackers.

A cyber-criminal organization targeted the beef industry by launching a series of attacks on JBS USA, one of the largest meatpackers in the world. This organization used a tactic known as ‘Triple Extortion,’ which involves 1) encrypting an organization’s data so they can no longer access it, 2) threatening to release sensitive company data, and 3) using stolen data to target individuals and extort money from them as well. JBS USA paid the attackers approximately $11m, before being able to reestablish operations in less than a day. Despite their remarkable recovery time, the beef industry took a major hit, and the cost of beef almost doubled in a matter of weeks after the incident.

How Common are Ransomware Attacks?

These statistics highlight the growing threat and financial impact of ransomware attacks.

1. 59% of organizations were hit by ransomware in 2023, with a global average of 4,000 attacks every day.¹
   
2. The average ransom payment increased significantly, reaching $2.73 million in 2024.²
   
3. 85% of private-sector organizations reported losing business or revenue due to ransomware attacks.³
   
4. 75% of ransomware incidents now involve encrypting the victim’s data.⁴
   
5. The highest recorded ransom payment demanded in 2024 was $70 million.⁵
   
6. Healthcare was the most affected sector in 2023, with 249 reported cases.⁶

Preparing Ourselves

Since we know that the primary methods of infiltration leading to ransomware attacks are compromised credentials and phishing, we know what we need to do to protect ourselves against those attacks.

Creating strong passwords and being able to identify phishing attempts are key to warding off cyber-attacks. All the firewalls and cybersecurity in the world can’t protect you if the criminal can simply log in to the system using a stolen username and password.

Below are some key principles to protecting your credentials:

1. Enable two-step verification on all your accounts.
   
   • The attackers in the Colonial Pipeline attack gained access to Colonial’s systems by using a compromised password, which was likely obtained through a phishing attack. The account that was compromised did not have two-step verification so once the attackers obtained the stolen credentials, there was nothing stopping them from going into Colonial’s system and wreaking havoc.
2. Create a strong password using unique characters.
   
3. Don’t reuse passwords and use different passwords for different accounts.
   
4. Change your passwords regularly.
   
   • In the Colonial Pipeline attack, the password that was used had been stolen and sold on the dark web months prior, but the password had never been changed, so criminals were still able to use it.
5. Using the built‑in reporting option in your email application.
   
   • Reporting phishes as quickly as possible will lower the likelihood that someone falls victim to the attempt.
6. Promote positive security awareness practices with those around you. It takes all of us remaining vigilant to keep our workforce protected!

As we each take responsibility for our security awareness rather than relying on technology, we’ll be more prepared to protect our information stewardship and help others do the same.