Ransomware threatens businesses, government agencies, and individuals alike by holding data hostage unless the victim pays the ransom. Beyond using technology, one key way to combat ransomware is through training, ensuring that your employees understand ransomware, can identify it, and can avoid falling prey to it. That task is vital but may be challenging, considering the lack of ransomware awareness found in a recent survey from Kaspersky.
For its report “Ransomware Revealed: Paying for the Protection of your Privacy,” released on Thursday, Kaspersky commissioned research firm Opinion Matters to survey more than 2,000 business employees in the US and more than 1,000 in Canada. The survey was designed to find out how much they know about ransomware and its potential impact on themselves and their companies.
SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)
Among the respondents, 37% said they don’t even know what ransomware is, showing a basic lack of knowledge and awareness about this threat. Further, 32% who’ve already been the victim of a ransomware attack admitted that they don’t know what ransomware is, a sign that they might not be able to identify future attacks.
More than a third (35%) of respondents said they wouldn’t know what to do if their personal information was at risk of being exposed and their company didn’t pay the ransom. Some 21% of those who’ve experienced an attack think an organization should never pay the ransom. Only 15% of people who’ve never been hit by ransomware expressed the same opinion.
SEE: How to get users on board with essential security measures (free PDF) (TechRepublic)
Asked how to deal with a ransomware attack, 31% in the US and 28% in Canada said an organization should use a ransomware decryption tool, while only 5% in the US and 4% in Canada believe an employee should offer to pay the ransom if their data is at stake and the company won’t pay.
Stopping a ransomware attack that’s already in progress adds another area of uncertainty. A full 45% of respondents said they wouldn’t know what to do in response to an attack. Among those who’ve already been victims of ransomware, 40% said they wouldn’t know what to do in response. Some said that one appropriate first step would be to disconnect the computer from the internet, while many said simply that an organization should locate and rectify the threat.
The goal behind ransomware is to steal or encrypt your data so it’s inaccessible to you. But who is responsible for protecting your data in the first place? A full 68% said IT security teams should be most responsible for safeguarding the data of employees by establishing the necessary security. Only 5% believe that individual employees should be responsible for their own information by more carefully checking links and file attachments in their emails.
SEE: Phishing and spearphishing: An IT pro’s guide (free PDF) (TechRepublic)
When an organization or government agency is hit by a ransomware attack, who should be notified and when? Among the respondents, 32% said they feel the public should be notified first, while 44% said they think employees should be first on the list. Some 46% believe employees should be notified internally right away, while only 2% think the information should be shielded from employees.
Cybercriminals who launch ransomware attacks are typically not so interested in the data as they are in the bitcoins they hope to get from the victim. That means they expect at least some of their targets to pay up. However, 67% of the respondents said they wouldn’t be willing to pay any amount of money to recover personal files held hostage by a ransomware attack.
SEE: The Dark Web: A guide for business professionals (free PDF) (TechRepublic)
Of course, even if you pay the ransom, there’s no guarantee the criminals will honor their side of the bargain. In that vein, more than 20% of those surveyed said they feel they wouldn’t get any of their personal information back after paying the ransom.
To protect your organization and your employees against ransomware, Kaspersky offers several recommendations:
- Keep security updated. Install all security updates as soon as they appear. Most cyberattacks exploit vulnerabilities that have already been reported and addressed, so installing the latest security updates lowers the chances of an attack.
- Keep your software updated. Always update your operating system to eliminate recent vulnerabilities and use a robust security solution with updated databases.
- Use VPNs and strong passwords. Protect remote access to corporate networks by using VPNs and secure passwords for domain accounts.
- Back up. Keep fresh backup copies of your files so you can replace them in case they are lost due to malware or a broken device and store them not only on a physical medium but also in the cloud for greater reliability.
- Report ransomware attacks. Remember that ransomware is a criminal offense, and you shouldn’t pay a ransom. If you become a victim, report it to your local law enforcement agency.
- Try decrypting the affected data. Before you even consider paying the ransom, try to find a decryptor on the internet first. Some of them are available for free and listed on Kaspersky’s Free Ransomware Decryptors page.
- Educate employees. Educate staff about cybersecurity hygiene to prevent attacks from happening. Kaspersky offers automated security awareness training with a special scenario focused on threats relevant to local public administration.
- Use the right security products. Use a security solution to protect your business data from ransomware. You want one that offers behavior detection, anomaly control, and exploit prevention capabilities to detect known and unknown threats and prevent malicious activity.
Finally, Kaspersky advises organizations to not give in and pay the ransom.
“First, paying a ransom will never guarantee that all of your data will be returned–it might be partially returned or not at all,” Brian Bartholomew, principal security researcher for the Global Research and Analysis Team at Kaspersky North America, said in a press release. “There is also no way to tell if your information has been sold in underground markets once obtained. Second, paying a ransom only encourages cybercriminals to further carry out these attacks as they are one of the most financially profitable attacks malefactors can perform. The more business organizations give in to ransomware attacks, the more we will see them continue to trend in the threat landscape.”
Conducted in November 2019, the survey elicited opinions from 2,007 business employees ages 17 and older in the US and 1,011 employees of the same age in Canada.