Ransomware: Where We are and What is to Come

The technological era has wrought numerous changes in traditional crimes that have plagued society from time immemorial. Ransom attacks have long been recognized by criminals as a method of extracting money from a desperate victim. With the rise of ransomware attacks, criminals can hold healthcare institutions, businesses, or individuals hostage with a single virus. Ransomware attacks are becoming an ever-increasing threat to today’s economy. The first half of 2021 saw an increase of 151 percent in global ransomware threats compared to the first half of 2020.

This increase in ransomware attacks is unlikely to dissipate in 2022. In fact, industry experts predict that 2022 also will see an increase in “triple extortion ransomware.” In a triple extortion ransomware attack, a business is hit with the initial ransomware attack, totally incapacitating the business. The business’s partner is now faced with the extortionary threat of either paying the business’s ransom or losing the supplier to incapacity as the business seeks to regain control of its systems. These attacks have the potential to cripple industries. For example, companies such as Tesla, Puma and the YMCA are scrambling to find an alternative method for handling payroll, managing employee time entries and their overall workforces after Kronos, the HR management company, was struck by a ransomware attack on December 12. It is unclear when Kronos will be back online.

However, businesses (and individuals) can take steps now to protect themselves from ransomware attacks in the future. NIST, the National Institute of Standards and Technology (part of the U.S. Department of Commerce), suggests that individuals and organizations:

  1. Ensure antivirus software is in use at all times, also taking steps to ensure that emails and flash drives are automatically scanned for viruses;
  2. Have scheduled checks for computers to ensure that all computers are fully patched and up-to-date on the latest software;
  3. Employ security software to block access to known ransomware sites;
  4. Only allow authorized apps to be used on devices;
  5. Restrict or prevent access to official networks by personally owned devices;
  6. Employ user accounts, as opposed to accounts with administrative privileges if possible;
  7. If at all possible, avoid using personal applications and websites from company computers; and
  8. Never open files or click on links from an unknown source, unless an antivirus scan is run on the link beforehand.

Additionally, NIST has suggestions of steps businesses can take now to formulate a plan for how they will recover from a future ransomware attack. First, businesses should create an incident recovery plan that includes defined roles for company leadership and strategies on decision making when responding to the attack. Second, businesses should take steps to secure and test a data backup and restoration strategy, making sure to isolate and secure backups of crucial data. Third, companies should maintain an accurate list of critical contacts for the ransomware response.

Ransomware attacks, the latest iteration of an age-old crime, will remain a constant and credible threat to businesses and individuals in the future. As prevalent as ransomware attacks were in 2021, it is likely that the threat will only increase in 2022. Businesses and individuals should take steps now to protect themselves from attacks in the future and respond in the event of a successful attack.

Alyssa M. Zottola, of Spilman, Thomas, and Battle, PLLC