Blog

Ransomware is one of the most significant cybersecurity threats facing businesses today. This type of malware encrypts files and systems, rendering them inaccessible until the victim pays a ransom.

With an increasing number of organizations relying on digital infrastructure, cybercriminals have found lucrative opportunities to exploit vulnerabilities and demand hefty ransoms in exchange for restoring access to critical data.

In 2024 alone, there were many high-profile ransomware attacks that made national headlines. These included RBC, which saw more than one million of its clients fall victim to a phishing campaign and the CRA, which experienced a breach that resulted in more than two million Canadian taxpayers’ personal information become exposed. Suncor Energy also fell victim to a sophisticated attack that disrupted operations and exposed personal information of employees and contractors.

While these cases were well publicized, thousands more slide under the radar says John Svazic, founder, and principal consultant of Cambridge-based EliteSec Information Security Consultants Inc., making ransomware a silent threat to businesses.

“No one talks about it because it happens so frequently. It’s not news anymore,” he says, noting only attacks on bigger companies or institutions capture media attention.  “Unfortunately, for all the smaller business that get hit with it that’s a different story altogether. And sadly, there's not much smaller organizations can do about it, aside from either paying the ransom or in more depressing circumstances, shut down because they can't afford it.”

Cybercrime costs rising

One of the most immediate and severe consequences of a ransomware attack is financial loss.  According to the U.S. Department of State, the annual average cost of cybercrime is predicted to hit more than $23 trillion in 2027.

Ransom demands - depending on the size of the target - can range from hundreds to thousands of dollars. Even if the business decides not to pay, the costs of recovery, including IT support, security enhancements, and potential legal fees, can be significant. Additionally, businesses may suffer from loss of revenue due to operational downtime, as systems remain locked until the issue is resolved. Their reputation with customers may also be damaged in wake of an attack.

To combat potential threats, John urges businesses, especially smaller ones, make sure they don’t become a victim.

“Part of it is awareness training and making sure your staff is aware of what they're doing,” he says, noting that ransomware attacks take on two different flavours.

One, involves the data being encrypted until a ransom is paid and the victim provided with a decryption key, the other involves holding the data hostage then blackmailing the victim until a ransom is paid to prevent it from being ‘leaked’.

Cybercriminals look for weaknesses

“They claim they will delete your data after the ransom is paid, and most of the time they will. However, you always run the risk they may just come back in a few months,” says John, adding all businesses, regardless of size can become a victim since they have an online presence.  “The likelihood of someone targeting you specifically is low unless you've really made a name for yourself and or you have essentially ticked someone off.”

He says most cybercriminals are ‘lazy’ and seek out the lowest common denominators when it comes to selecting their targets. 

“Not all ransomware attacks turn into multi-million-dollar ransoms. They’re searching the internet to see what's available and testing systems to see if they are connected properly and configured,” says John. “That means are you staying up to date with patching? Are there any known weaknesses? Are you staying up to date with locking things down? Did you just buy something off the shelf and plug it in and put it on the internet?”

As a result, he recommends business owners cover the basics in terms of security, which includes ensuring passwords are not shared or continually reused.

Personal data a target

“Awareness training is super important. There are security awareness programs that are available commercially as well as free,” says John, adding thanks to AI tools like ChatGPT and Grammarly, gone are the days when phishing emails littered with typos and grammatical mistakes were easy to identify. “They are becoming much harder to spot. You may even have someone who calls in pretending to be someone from the business calling an employee.”

He says in this case, using secondary verification such as a ‘passphrase’, can be a good way to combat fraud. Also, he recommends businesses dispose of data they no longer need, especially valuable credit card information.

“Don’t keep track of stuff you don’t need. This is very common with companies that are dealing with credit card transactions,” says John. “Many years ago, businesses thought they had to keep everything. Now that type of information is a treasure trove for criminals and that’s where you get yourself in trouble.”

He says any personal customer information businesses store is potentially valuable to someone. 

“The question is, how valuable is it?” says John. “It could be as simple as your name, your address, and your e-mail address, and that in itself is sufficient to potentially  start spamming you or your customers to get them to click on links to access their details, including banking information.”

Ransomware stats:

• According to the Verizon Business: 2024 Data Breach Investigations Report, roughly one-third of all breaches involved ransomware or some other extortion technique. Pure extortion attacks have risen over the past year and are now a component of 9% of all breaches. Ransomware actors have moved toward these newer techniques, resulting in a bit of a decline in ransomware to 23%. However, when combined, they represent a strong growth to 32% of breaches. Additionally, ransomware was a top threat across 92% of industries.
• In 2024, roughly 65% of financial organizations worldwide reported experiencing a ransomware attack (according to Statista).
• A 2024 survey of cybersecurity professionals of organizations worldwide revealed that 32% of the organizations suffered ransomware attacks because of exploited vulnerabilities (according to Statista).
• Ransomware victims permanently lose 43% of the data affected by an attack on average (according to SCWorld). 

Tips to combat ransomware

Educate and Train Employees

Phishing emails, malicious attachments, and fraudulent links are common entry points. Regular cybersecurity training can help employees recognize these threats. Training sessions should cover identifying suspicious emails, avoiding unknown links, and understanding the importance of strong, unique passwords.

Implement Strong Password Policies

Enforce policies that require complex passwords combining letters, numbers, and special characters. Encourage the use of multi-factor authentication (MFA) wherever possible, adding an extra layer of security even if passwords are compromised.

Regularly Update Software and Systems

Regularly updating operating systems, applications, and security software ensures that known security flaws are patched. Enable automatic updates where possible to reduce the likelihood of oversight.

Backup Data Frequently

Implement a robust backup strategy that includes daily backups of critical data; storing backups in multiple locations, including offsite or cloud-based solutions; regularly testing backup integrity and recovery processes.

Use Reliable Security Software

Invest in reputable antivirus and anti-malware solutions that offer real-time protection. Firewalls, intrusion detection systems, and email filtering tools add additional layers of defense. Regularly update these tools to ensure they can detect and block the latest threats.

Limit User Access Rights

Not every employee needs access to all company data. Implement the principle of least privilege (PoLP), granting users access only to the information necessary for their roles. This reduces the risk of widespread damage if an account is compromised.

Develop an Incident Response Plan

An incident response plan should include clear roles and responsibilities for response team members; steps to isolate infected systems; communication protocols with stakeholders and law enforcement; procedures for restoring data from backups; regularly review and update the plan and conduct drills to ensure all employees are familiar with their roles in an emergency.

Secure Remote Work Environments

Require the use of virtual private networks (VPNs), enforce strong authentication methods, and ensure remote devices are regularly updated and protected with security software.

Stay Informed About Threats

Subscribe to cybersecurity newsletters, follow reputable security blogs, and participate in industry forums to stay informed about the latest ransomware tactics and defense strategies.