What Is Ransomware?
A Complete Overview

Ransomware is responsible for more than 25% of third-party breaches. Here’s what you should know to protect your company.

What Is Ransomware?

Ransomware is a type of malware that denies authorized users access to the files of a system; it encrypts files so they’re unusable until the targeted individual/company pays a ransom for the decryption key:

• Worldwide, over 200 million ransomware attacks occurred in the first half of 2022.
• 43% of all global ransomware attacks occur in the United States.

Ransomware attacks first hit the scene in 1989 and continue to grow in breadth and sophistication. Threat actors initially used ransomware in phishing attacks targeting an individual’s personal computer. Now, threat actors are using global ransomware attacks to extort millions of dollars from large corporations, governments, and regulatory organizations.

Whereas ransomware was originally deployed largely by individual threat actors, now large ransomware groups dominate the landscape. These groups function like legal organizations with sophisticated infrastructure, funding, and advanced tools to carry out devastating attacks.

In 2016, threat actors began producing and selling ransomware variants in packages to interested parties — often with technical support from the developer. This Ransomware as a Service (RaaS) model revolutionized ransomware, eliminating the need for specialized knowledge to use the malware.

Do You Know Your Cyber Ecosystem’s Ransomware Risk?

When it comes to ransomware, most organizations take the necessary precautions to protect themselves against threat actors trying to access company data and hold it for ransom.

An organization’s ransomware protection strategy might include:

• Educating employees to raise awareness of common ransomware attack types and how to avoid them. 
• Using anti-malware tools to monitor email traffic, block suspicious file transfers, and perform system scans.
• Patching system software and performing regular maintenance to ensure it’s up-to-date and secure.

While implementing internal ransomware protection strategies is important, many organizations don’t consider protection against third-party ransomware risk. Our 2023 Third Party Breach Report found that ransomware accounted for 27% of all third-party breaches in the last year.

As businesses grow more interconnected, it’s critical to consider your company’s ransomware security posture and the security posture of your entire cyber ecosystem, including any third- and fourth-party vendors you’re working with.

The Cost of Ransomware

The first cost that comes to mind with ransomware is the actual ransom. In the past year, we’ve seen an increase in ransom amounts demanded by threat actors, including the largest ransom yet in February of 2023.

Prominent ransomware group LockBit demanded $80 million from Royal Mail, the UK’s leading mail delivery service. Here are a few examples of other large ransoms demanded in the past year:

• July 2022: The Conti ransomware group gained entry to the Costa Rican government’s files, stole and encrypted data, and demanded a ransom of $20 million. 
• August 2022: Ransomware group LockBit targeted a regional hospital system outside of Paris, CHSF Hospital Essonnes, stole data and demanded a ransom of $10 million.
• October 2022: German automotive parts producer Continental received a ransom request of $50 million after ransomware group LockBit stole 40 terabytes of internal company data.

While ransom amounts are on the rise, most people fail to consider the other serious effects of these attacks, which include:

• Business disruption: When an organization cannot access files, it can dramatically impact the company’s ability to function. If the disruption is in an industry with time-sensitive work like healthcare, a patient’s health outcome could be affected. 
• Reputation damage: Many ransomware attacks go unreported. Some companies consider it easier to pay the ransom, retrieve the files, and resume normal operations. Why? Announcing a ransomware attack can seriously impact an organization’s financial standing or potential partnerships and alter customer perception. This is especially true of high-trust industries like financial services. 
• Clean-up costs: Even if a victim pays the ransom, there are other costs to consider before the organization can return to normal. Often, associated costs include rising cyber insurance premiums, attorney and litigation fees, public relations fees, and fines if the organization fails to comply with regulatory bodies when the attack occurs.

Want to learn more about the costs of ransomware attacks and other cyber incidents? Check out our eBook “Understanding the True Magnitude of a Cyber Incident.”

How To Protect Your Organization from Ransomware

Campaigns from government and private-sector organizations are driving awareness around the growth of ransomware and helping organizations consider how best to protect themselves against the threat of ransomware attacks. In early 2023, The U.S. released its National Cybersecurity Strategy and classified ransomware as a national security threat.

Non-profit platform KnowBe4 sponsors National Ransomware Awareness Month in July and promotes security awareness by providing free ransomware resources. Collaboration in the security community also increases knowledge about known ransomware gangs and their attack methods, helping organizations avoid potential attacks.

Ideally, an organization’s ransomware strategy should address risk in two key areas: internal risk and vendor risk. While most organizations are working toward boosting their cybersecurity posture to protect against ransomware attacks, a significant amount still neglect vendor ransomware risk assessment and protection.

Internal Ransomware Risk Assessment and Protection

In addition to educating employees, using anti-malware tools, and patching system software to improve your organization’s ransomware protection, here are a few other steps you can take to boost your company’s ransomware security posture:

• Monitor your ransomware indicators. Applying active ransomware risk assessment to your organization’s infrastructure can help catch vulnerabilities before threat actors exploit them. Indicators to track include:
• Open critical ports.
• Leaked credentials.
• Email security configurations.
• Phishing/fraudulent domains.
• Create an incident response plan. Developing and maintaining a comprehensive incident response plan to address potential ransomware attacks can help your organization maintain business operations and reduce the negative impacts of an attack.

Vendor Ransomware Risk Assessment and Protection

In addition to internal security changes and monitoring your organization’s infrastructure, you’ll need to assess the ransomware risk levels of your company’s vendors and partners.

To mitigate the risk of ransomware attacks due to third-party vendors, your organization should implement the following:

• Perform a ransomware risk assessment on each vendor prior to partnership. Thoroughly vetting potential vendors’ level of ransomware risk can help your organization determine if additional security qualifications are needed to ensure your data is secure or if there’s an acceptable level of risk. 
• Require third-party vendors to adhere to industry best practices. Ideally, vendors should follow recommended cybersecurity standards in their own organization, meet  applicable industry compliance regulations, and provide transparent documentation around how they handle shared data.
• Perform regular audits of your third-party vendors’ security practices. Over time, your vendors’ security positions may change for better or worse. It’s important to constantly assess each vendor’s security posture to ensure they’re maintaining or improving security measures.  
• Build a culture of collaboration and information sharing. Ransomware risk protection is a community effort — organizations must partner together to share information on attacks and evolving security efforts. Sharing attack information helps protect other organizations and aids in the speedy development of patches and security fixes.

Our Ransomware Knowledge Starter Pack

Looking to expand your knowledge on ransomware risk assessment and protection, but still trying to figure out where to start? Check out our starter pack of ransomware essentials:

Uncover Your Vendors’ (And Your Own) Ransomware Risk

At Black Kite, we understand that ransomware risk assessment is key to organizations improving their internal security posture and ensuring their third-party risk levels are as low as possible.

To assist, we developed the Ransomware Susceptibility Index®.

The Ransomware Susceptibility Index® helps companies understand which of their vendors are most prone to a ransomware attack by assessing the vendor’s security posture and producing an RSI™ rating within minutes. Our RSI™ ratings use data collected from a variety of OSINT sources and analyzed with machine learning to assess an organization’s vulnerability level in common ransomware indicators:

• Remote code execution.
• Open critical ports.
• Phishing or fraudulent domains.
• Leaked credentials.
• Company size.
• Company industry.
• Stealer logs.
• Endpoint security.
• Email security.

Your organization can use RSI™ ratings to develop an effective course of action for remediating internal system vulnerabilities or as a guidepost to determine whether or not a third-party vendor’s security posture is an acceptable risk.

Ready to reduce your ransomware risk?