Ransomware events lock users and organizations out of data and infrastructure, and the attackers demand a payment to access data and to not expose affected data. These events can have a significant impact – in the worst cases, shutting down operations entirely and risking the loss of critical information.
Due to the pandemic and the overall increase of technology use, successful ransomware attacks have increased significantly over the last year. In recent weeks, this trend has spiked even more after note-worthy breaches netted attackers millions of dollars.
- Colonial Pipeline – approximately $4 million USD
- JBS Food Processing – approximately $11 million USD
- Ransomware demands are estimated to have cost hundreds of millions of dollars in Canada in 2020
Strikingly, a larger number of public organizations such as hospitals, universities, and colleges are being targeted and extorted. For example, in June 2020, a U.S. Research University paid $1.14 million USD to recover research data.
When organizations pay the ransom, it increases the incentive for attackers. It is critical for the University of Toronto units and individuals understand the risk and be well prepared to prevent ransomware attackers and effectively respond to limit the impact.
How can we proactively reduce the likelihood of a ransomware event?
There is no one approach that will mitigate all risks. Plans must take into account specific technology, threats, use of data, and ability to enable active protections.
At a minimum, in priority order:
- Ensure there are ransomware resilient backups. This includes testing your backups.
- Ensure all devices are updated regularly for security vulnerabilities.
- Have a ransomware-specific incident response playbook.
- Use anti-virus software, and preferably next-generation end point protection.
- Secure user account logins by using MFA.
Especially these days of remote work, it is important to treat your personal and professional use of technology in comparable ways.