Ransomware Is Still the Bully on the Block. Here Is How You Push Back.
Imagine logging in to run your business and finding the door locked from the inside. Your files are there. You just cannot reach them. Someone else holds the key, and they want to be paid before they hand it back.
That is ransomware, and it has been doing this to businesses for more than thirty years.
A bully with a long history
The first ransomware showed up in 1989, when a researcher mailed 20,000 infected floppy disks to AIDS researchers across 90 countries. The malware sat quiet until a machine had been powered on 90 times, then locked it and demanded payment to a company called PC Cyborg. It became known as the AIDS Trojan, and it set the template every attacker since has followed: get inside, take something the victim needs, and charge to give it back.
The tools have gotten far better. Early attackers wrote their own encryption. Today they rent it. Ransomware-as-a-service lets criminals with limited technical skill run serious campaigns, and cryptocurrency makes the payments hard to trace. Names change every couple of years, from CryptoLocker to WannaCry to the data-extortion crews running now, but the play is the same.
What it actually costs
The ransom is the part everyone talks about. It is rarely the expensive part.
- Norsk Hydro, a global aluminum producer, had 22,000 computers across 40 countries hit in 2019. Its 35,000 employees went back to pen and paper, and early damages ran past 45 million pounds.
- Maersk took roughly 300 million dollars in business interruption losses and a 20 percent drop in shipping volume during a ten-day recovery from NotPetya.
- Erie County Medical Center spent six weeks running manual operations and 10 million dollars recovering 6,000 computers.
- The UK's National Health Service shut down centers during the 2017 WannaCry outbreak, disrupting medical and emergency services for days.
Notice the pattern. None of those organizations were destroyed by the ransom note. They were ground down by downtime, lost productivity, manual workarounds, and the long slog back to normal. Loss of reputation comes last and lingers longest, because customers remember who could not serve them.
Paying is not a recovery plan
There is a comfortable assumption that cyber insurance will simply cover the ransom and make the problem disappear. Two things break that assumption.
First, not every policy covers ransomware, and the contract language matters more than most owners realize. Second, paying does not guarantee you get your data back, or that it comes back intact. Servers, files, and software can be damaged beyond repair regardless of whether the check clears.
A weak defense is a decision to surrender in advance.
What a defense that holds looks like
No one can promise 100 percent protection. Anyone who does is selling you something. But the gap between an organization that recovers in hours and one that recovers in six weeks comes down to a handful of disciplines that are well understood and entirely achievable:
- Endpoint protection and tested backups. Backups you have never restored are a guess, not a plan.
- Identity and access management. Least privilege limits how far an intruder can move once they are in.
- Automated phishing defense. Most ransomware still arrives through someone's inbox.
- Dark web monitoring. Know when your credentials are for sale before they are used against you.
- Security awareness training. The people on your network are either your weakest link or your first line. That is a choice you make.
For defense contractors, this is also the work underneath CMMC. The controls, the evidence, and the monitoring that satisfy an assessment are the same disciplines that keep ransomware from turning into a six-week outage. Compliance gets you to the floor. Operating securely is what actually keeps the lights on.
Where BomberJacket fits
We have spent 25-plus years helping organizations build defenses that hold under pressure, from Fortune 500 networks to small and mid-sized businesses to defense contractors working toward CMMC. We are a C3PAO, which means we assess these controls for a living and we know the difference between a checkbox and a control that works.
If you are not certain your defense would hold, that uncertainty is the conversation worth having. Let's talk before an attacker forces the issue.
Related Resources
Free Ebooks & Guides
View All
Ransomware Survival Guide
Essential strategies and best practices to protect your business from ransomware attacks and recover quickly if compromised.
Download Free
All Businesses Should Adopt MFA. Now
Learn why multi-factor authentication is essential for business security and how to implement it across your organization to prevent account takeovers.
Download Free
Inside Threat
Understand and mitigate insider threats with strategies to protect your business from malicious employees, contractors, and accidental data breaches.
Download FreeVisual Guides & Infographics
View All
Cybersecurity Checklist for Data Security and Privacy
A comprehensive checklist to help protect your organization's sensitive data and maintain robust privacy practices.
Download Free
Beware of Business Email Compromise
Learn how to identify and prevent business email compromise attacks that target your organization's financial transactions and sensitive communications.
Download Free
Encryption: Facts & Figures
Essential facts and statistics about encryption technology and its critical role in protecting your organization's sensitive data.
Download Free
Need Help with Cybersecurity?
BomberJacket Networks is a Minnesota MSP with 25 years of expertise. Protect your business with 24/7 threat monitoring, managed detection and response, and comprehensive security services.