5 Ransomware Misconceptions

When it comes to today’s cyberthreats, what you don’t know can hurt you.

Ransomware has emerged, not only as a financially and operationally devastating cyberthreat, but as one of the most prevalent sources of attack on the modern enterprise.

By encrypting your data and denying you access, and then demanding ransom to restore access after payment, malicious cyber attackers are taking organizations hostage. At the same time, cybercriminals can also expose data on a leak site or the dark web, causing even more damage to your brand and incurring regulatory fines. At least 16 different ransomware variants are now threatening to expose data or utilize leak sites, and more variants will likely continue this trend.¹ In 2021, ransomware costs are expected to reach $20 billion.²

What’s driving the increase in ransomware:

• Data growth—Today’s business is data driven, and as an organization’s reliance on data grows, so does its value to the organization, making it even more attractive to cyber attackers.
• Shift to remote work—41% of organizations have reported experiencing increased incidents while employees are working from home.³
• Increased threat surface—The proliferation of endpoints and IoT, from remote workers to industrial control systems, have cybercriminals looking for ways to breach unsecured ports and systems connected to the internet.
• Victims are paying—Crime does pay when it comes to ransomware, with 70% of businesses infected with ransomware paying the ransom to get their data back.⁴
• Cryptocurrencies—The preferred source of ransom payment, cryptocurrencies are harder to trace and less regulated, emboldening cybercriminals who don’t fear getting caught.

Unfortunately, when it comes to ransomware, several misconceptions can put your organization in the crosshairs of an attack. Let’s look at the top five.

Misconception #1: It Won’t Happen to Me.

In the movies, the bad guys only go after the big guys. But in the cyberworld, things are different. It just takes one employee opening an email that contains a malicious attachment, and a ransomware attack is off and running. It’s that easy, and every organization is that vulnerable.

The average ransom paid for organizations increased 171% from 2019 to 2020—and cybercriminals are getting greedier.⁵ While the average ransom paid in 2020 was $312,493, the highest ransom paid by an organization was $30 million—double the highest payment in 2019.⁶

Because it’s so easy, and the payoff continues to grow, there’s no target too big or too small to victimize—and no organization is immune.

Misconception #2: I Have a Backup System, So I Don’t Need to Worry.

Traditional backup solutions weren’t designed to protect against today’s ransomware threats. In addition to lacking air gapping or other ransomware protections, such as immutable backups that can’t be encrypted or deleted by an attack, data restored from backups may be weeks or months old. Simply scanning backups when they’re created also isn’t a viable approach to protecting against ransomware attacks because scanning tools may not identify the latest malware.

Given the valuable data included in backups, they are key targets because attackers want to prevent recovery. While backup solutions are critical to safeguarding data in the case of disasters, accidental deletion, or corruption, they were not designed to secure an organization against today’s malicious threats.

Because it’s so easy, and the payoff continues to grow, there’s no target too big or too small to victimize—and no organization is immune from ransomware.

Misconception #3: Cyber Insurance Will Cover My Losses.

As ransomware attacks increase, insurance carriers aren’t taking the hit lying down. That’s why premiums are rising and coverage limitations are going into effect even as organizations want more protection from an attack’s damaging impact. Cyber insurance is no longer a guarantee of financial payout in the aftermath of an attack, and underwriters are requiring detailed proof of the cybersecurity measures an organization has undertaken, such as using multifactor authentication to verify users.

Insurers are also limiting the coverage and terms they offer and reducing the number of reimbursements for ransomware attacks.⁷

The average ransom paid for organizations increased 171% from 2019 to 2020— and cybercriminals are getting greedier.⁸

Misconception #4: My Endpoints Are Protected, So I’m Okay.

Many organizations invest considerable time and money to protect endpoints in the belief that attackers won’t look further. But your ransomware protection shouldn’t end there because enterprise resources are also at risk for attack. Network segregation, via firewalls, VPNs, or other separation approaches, combined with data center segmentation, can define security controls down to the workload level and ensure a segregated environment.

Misconception #5: Protecting Against Ransomware Takes a Lot of Money and Resources.

An effective ransomware protection strategy is built upon a layered security approach that shrinks the attack surface and enables you to operationalize security practices. It should start with an understanding of your data and critical assets, and a review of existing operational processes around security. Identifying gaps and evaluating the technology architecture in place (on-premises, cloud, and hybrid), as well as what’s needed to establish a strong security posture is also critical. Governance requirements need to be assessed, and proper procedures to operationalize your strategy need to be developed.

Ransomware can halt your business operations, cause harm to your business’ reputation, and trigger compliance fines and penalties—creating massive financial implications. Protecting your organization and IT infrastructure against ransomware doesn’t have to take a lot of money or resources, but it does take the right partner.

EchoStor takes a holistic view of your environment to drive maximum value from networking and security solutions. Our experienced team guides your transition to next-generation solutions so you can confidently modernize knowing that security is embedded in your network to automate protection and reduce risk.

Explore how EchoStor’s team of IT experts can help you evolve and take advantage of the benefits of an in-depth design and layered approach to security and protection against ransomware threats.

1. Palo Alto Networks, Highlights from the 2021 Unit 42 Ransomware Threat Report, March 2021.
2. Braue D, Global Ransomware Damage Costs Predicted to Exceed $265 Billion by 2031, Cybersecurity Magazine, June 2021.
3. Bates S, Harvey Nash/KPMG CIO Survey: Everything changed. Or did it?, 2020.
4. IBM, 2020 Cost of a Data Breach Report.
5. Palo Alto Networks, Highlights from the 2021 Unit 42 Ransomware Threat Report, March 2021.
6. Palo Alto Networks, Highlights from the 2021 Unit 42 Ransomware Threat Report, March 2021.
7. Bajak F, Cyber Insurance Industry in Crosshairs of Ransomware Criminals, Insurance Journal, July 2021.
8. Palo Alto Networks, Highlights from the 2021 Unit 42 Ransomware Threat Report, March 2021.