RansomAware: An Executive Guide to Digital Extorsion

YOUR FILES HAVE BEEN ENCRYPTED, PAY NOW (₿)… YOU HAVE 24 HOURS.

Mr. Lopez, a C-Level executive of an important bank, arrives early to the company’s headquarters, after playing a few rounds of padel with colleagues. This is part of his morning routine, together with sipping coffee while catching up on past emails. 

Today, he finds a message from a branch manager requesting authorization on an urgent invoice to be paid by the end of the day. “More information in the attached link,” reads the message. Mr. Lopez has 200 messages in his inbox and no time to spare, so he clicks on the link to review the request.

Minutes later, his computer freezes and an unexpected message is displayed: “ALL YOUR FILES ARE ENCRYPTED, TO RECOVER THEM YOU MUST SEND PAYMENT IN THE NEXT 24 HOURS”.

A second message pops up: “5 BITCOIN, FOLLOW OUR INSTRUCTIONS OR WE WILL PUBLISH ALL OF YOUR DATA TO THE PUBLIC.”

His heart sinks. The first thought that comes to mind are the millions of confidential data records that he has access to: accounting data, terms and conditions behind a merger with another institution, private customer data, family pictures, just to name a few.

For what feels like an eternity, he panics and does not know what to do. He is the organization’s chief financial officer and the executive ambassador to many internal departments, including the cybersecurity team. Oh, the irony! 

This is the reality behind ransomware; it hits you hard, and makes you reflect on all that should have been done to prevent it. Cyberattacks on enterprises appear in the headlines week after week and there is still a sense of immunity among business leaders. Perhaps this is a good opportunity to look at the basic concepts every executive should understand about today’s most feared cyberthreat.

What is ransomware?

It is a type of cyberattack where hackers employ malicious software, to steal and/or encrypt your confidential data. It is considered digital extortion because the hacker will demand a ransom payment so your data can be recovered and remains private.

How is ransomware distributed?

Ransomware attacks can be delivered through various means, such as email, removable media (USB), compromised websites, or via exploiting vulnerabilities in software. The most common ways to inject ransomware:

• Phishing: Using fraudulent emails, a criminal will impersonate providers ( SAT, CFE, Amazon, Microsoft, for example), customers, colleagues or family members and trick you into clicking malicious links or download a corrupted file. 

• Zero-Day Attack: Criminals exploit vulnerabilities in your IT infrastructure to gain unauthorized access and spread through your network. The manufacturing, energy, transport and healthcare sectors are ideal targets for cybercrime because of their naturally vulnerable industrial environment. 

What happens if you pay the ransom?

Less than half of victims get their systems and data back. Furthermore, 78% of victims are usually breached again within a year.

How often does ransomware strike?

There are 4,000 new cyberattacks registered daily; every 11 seconds, a company falls victim to ransomware. (Cloudwards (2024, April 16). Ransomware Statistics, Trends and Facts for 2024. https://www.cloudwards.net/ransomware-statistics/)

What is the financial impact on your business?

Organizations are driving digital initiatives to generate new revenue streams and operational efficiency. Since data is a core component of digitalization, it has become a highly valuable asset for modern businesses. 

Cybercrime is after your crown jewels and will permanently test your security until they find a way to compromise your data. Once a breach occurs, the potential losses and unexpected costs will overshadow your business profits. Your business may not survive or be the same after a data breach, due to:

• Revenue losses (remember when a Mexican retail organization shut down credit and digital payment systems for several weeks?).

• Brand reputation and customer churn.

• Investigation, remediation and clean-up fees.

• Regulatory fines, lawsuits and insurance premiums.

Industry

Hospitality - In October ‘23 MGM Resorts was impacted by an attack costing over $100 million.

Healthcare - In February ’24 health insurance giant UnitedHealth suffered a ransomware incident expected to cost between $1.35 billion and $1.6 billion.

Finance - In July ’23 Caja Popular Mexicana suffered a multi-million hack.

Manufacturing During 2023, a data breach cost Clorox an approximate
$356 million and a 20% decline in sales (due to disrupted operations).
Costs associated to cyberattacks are rising in every industry.

Are ransomware gangs a big threat?

If cybercrime was measured as a country, it would be the world’s third largest economy. It is the real deal, and it is probably better equipped, trained and funded than your security team. Your organization needs to take this threat seriously.

As with other types of organized crime, the ransomware ecosystem is made up of different groups. Each group specializes in attack tactics that are then offered to other gangs, for profit. It is an industry where threat actors work together by leveraging the expertise of each other. Go teamwork!

If your organization is hit by ransomware, there will probably be different gangs involved and working in coordination. Therefore, your cyber defenses must work together to minimize risk of infection and disruption.

How to protect against ransomware?

Prevention best practices are essential to protect your business and have a higher probability of recovery if a security incident should happen. 

• Raise awareness. Humans are the weakest link in security, and a common misconception is that only the security specialists should understand and care about cyberthreats. Start by setting the example and add a cybersecurity expert to the executive board, as this will send the correct message to the organization: security is a top priority for this business.

• Training, training, training. Foster a culture of continuous learning in security and risk, at all levels. Users will be better able to identify and react to attacks, potentially saving you millions. 

• Run a risk assessment and be aware of your organization’s crown jewels. Prioritize protection of your most valuable assets, leverage the advanced automation capabilities from security software (XDR, MFA, WAF, DLP).

• Backup your data regularly and follow the 3-2-1 rule; keep 3 separate copies of your data on 2 different storage types with 1 copy offline. 

• Keep systems up to date and reduce exposure to infrastructure vulnerabilities. If you are in the manufacturing, energy or healthcare sector, make sure your security strategy covers your industrial environment (OT/ICS).

• Create a company-wide incident response plan, so everyone knows what to do in case of a security breach. Roles and communication protocols should be defined, both internally and externally (partners/providers/customers). Test your plan to identify and remediate weaknesses.

• Partner with strategic cybersecurity experts with proven expertise in automation. This will help your security team be more productive and capable during an attack, while reducing burnout syndrome.

• Encourage an open mind in a world marked by rapid change and constant innovation. Your security and business strategies need to evolve together, continuously.

Congrats, you made it to the end of this guide and should better understand why ransomware is one of, if not the biggest threat to businesses around the world. Reach out if you have any questions, and stay cybersafe.