The Threat of Ransomware Attacks
The spike in ransomware attacks presents an urgent threat to the payment security community. On this blog, we cover basic questions with Lisa Plaggemier, Executive Director National Cybersecurity Alliance and PCI SSC Executive Director Lance Johnson about this growing threat to businesses across the U.S. and around the world and how to better protect yourself from this dangerous attack.
Why is understanding the threat of ransomware attacks so important?
Lance Johnson: Ransomware attacks have been front and center in the news over the past year due to high-profile breaches that have impacted businesses across the globe. The high-profile ransomware attacks in 2021 have been part of a larger global increase in ransomware crime. With a dramatic increase in working from home due to the COVID-19 pandemic, there has been a significant increase in ransomware attacks. Over the calendar year 2021, it is estimated that ransomware attacks cost the world $20 billion and hit 37% of all businesses and organizations. These cyber threats are real and require immediate action to better protect against these ongoing criminal activities.
So how exactly do these attacks work?
Lance Johnson: A ransomware attack involves cyber actors gaining access to your network, systems and data and then rendering parts of these unusable, and/or stealing some of the data you have stored. The cyber-actor then ‘ransoms’ the data back requiring payment to provide a decryption key to allow for the recovery of the encrypted data and systems or to guarantee sensitive data is not further exposed. In some cases, ransomware actors will publicly release or sell the data that has been stolen if the victim does not pay. Ransomware attacks are often the result of a phishing attack, when a company employee clicks on a malicious link, or the exploitation of known vulnerabilities in outdated software that an organization has not updated using patches they receive from software vendors.
What businesses are at risk of this devious attack? Should small merchants care about this?
Lisa Plaggemier: All organizations, large and small, public and private, are at risk of ransomware attacks. Ransomware is an ever-growing cyber threat that can devastate an organization, especially small organizations without the resources to combat it. The U.S. suffered 65,000 ransomware attacks in 2020 and sadly, small businesses and non-profits bore the brunt of those attacks.
Small businesses and non-profits are attractive targets because they typically lack the security infrastructure and resources of larger businesses. Recent reports estimate 37% of all businesses and organizations were hit by ransomware in 2021 and 32% of ransomware victims paid a ransom demand.
What are some prevention best practices to stop this attack from happening in the first place?
Lance Johnson: When it comes to protecting payment card data, which is often the target of a cyber-attack, adherence to the PCI DSS is considered a best practice. PCI DSS is the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data and/or sensitive authentication data. It consists of steps that mirror security best practices.
For dealing with the threat of ransomware attacks related to payment security, the PCI DSS has recently published an industry threat bulletin on ransomware attacks. In our bulletin we discuss best practices for preventing these type of attacks. To read the bulletin please visit: RANSOMWARE ATTACKS BACK ON THE RISE
What are some ways small merchants can learn more about ransomware attacks and the threats they face?
Lisa Plaggemier: As the business world has shifted online during the COVID-19 pandemic, ransomware attacks have increased in frequency, sophistication, and ransom payment amounts. The National CyberSecurity Alliance has made this issue a priority and we are working to educate the business marketplace about the seriousness of this threat and ways to protect against it. For small business owners, the best way to defend against ransomware is by educating themselves and their teams about cybersecurity threats.
Some good resources for that include: