The threat of ransomware attacks has become so significant that the National Cybersecurity Alliance and the PCI Security Standards Council issued a joint warning bulletin earlier this month. In 2021, ransomware was responsible for attacks at 37% of businesses globally, with an estimated cost of $20 billion.

In a blog post on the subject, Lance Johnson, executive director of the PCI Security Standards Council, said:
“These cyber threats are real and require immediate action to better protect against these ongoing criminal activities.”

There is nothing new about ransomware, it’s been around for years. What is new is the increased number of attacks. In 2021, ransomware attacks represented 21% of reported data breaches, up from 17% in 2020. Thieves normally use phishing attacks to gain access to consumer data, such as usernames, passwords, and account numbers, but they are also becoming more sophisticated, allowing them to gain access to companies’ networks for bigger attacks. Once the malware is in the network, it can take advantage of any website or software vulnerabilities.

Prevention is by far the best defense against ransomware. Best practices to prevent a ransomware attack include:

• Identifying and securing important and valuable data
• Making sure all software applications are up to date by installing patches from vendors as they become available
• Monitoring the network for suspicious or unauthorized changes and investigating any such changes
• Regularly backing up data and testing the data recovery
• Educating employees about how to spot potential threats and how to avoid them

“The surge in ransomware activity has left many businesses and governments around the world scrambling for answers as they struggle to stay a step ahead of organized cybercriminal gangs,” Johnson says. “Utilizing good payment security practices and protocols can go a long way in guarding against these attacks.”