Ransomware Survival Guide

Ransomware is any type of malicious software—also called malware—that infects a victim’s device or server and prevents the technology from working as it should or blocks access to certain data (e.g., confidential files or sensitive information) stored on such technology until the victim pays a ransom. Typically, the cybercriminals behind ransomware attacks demand bitcoin, a type of digital currency that can be difficult for authorities to trace. Businesses of all sizes and sectors can be targeted by ransomware, as it’s not only capable of infecting personal devices but also entire organizational networks. According to the latest research from technology corporation IBM, ransomware is one of the most damaging cyberattack methods, incurring an average of more than $4.6 million in total losses per incident (not including the actual ransom payment).

Compounding concerns, ransomware incidents have surged in both cost and frequency throughout the past decade, largely driven by evolving attack vectors and techniques. After all, while ransomware attacks were originally limited to device-locking tactics, these incidents can now be carried out in several different ways and through various avenues. Additionally, the Ransomware-as-a-Service (RaaS) model no longer requires cybercriminals to possess advanced hacking skills to launch attacks, allowing those of varying digital capabilities to deploy these damaging incidents. The emergence of double and triple extortion ransomware attacks has also raised the stakes for businesses targeted by such incidents, posing the threat of even larger losses.

Amid these trends, the FBI’s Internet Crime Complaint Center recorded a 243% jump in the number of ransomware attacks reported between 2013 and 2020. According to a recent report by software company KnowBe4, these incidents currently represent more than one-fifth (21%) of all cyberattacks, costing victims an estimated $20 billion in 2021 alone. Cybersecurity experts anticipate these trends will continue worsening, with global ransomware damages projected to exceed $30 billion in 2023. Consequently, some cyber insurers have even implemented stricter underwriting standards (e.g., the need for policyholders to have documented cybersecurity practices and incident response plans) or additional coverage restrictions (e.g., ransomware exclusions) to limit their likelihood of making large-scale payouts following such attacks.

With these trends and information in mind, it has become increasingly critical for businesses across industry lines to better understand ransomware incidents, prevention measures and response procedures. In doing so, businesses can adequately limit their risk of being targeted in these attacks and minimize related losses in the event that such incidents do occur. This guide provides businesses with more information on types of ransomware incidents, attack vectors and techniques, frequently targeted industries, prevention strategies, response protocols and recovery considerations. It also contains an appendix with a number of cybersecurity resources—such as case studies, checklists, articles and infographics—that can help businesses mitigate their ransomware exposures.

Remember that this guide is not intended to be exhaustive, nor should any discussion or opinions be construed as legal advice. Employers should contact legal counsel or trusted insurance professionals for appropriate advice.

Download the complete Ransomware Survival Guide.