Rapid improvements in computer processing power since the early 2010s have fuelled the emergence of ransomware attacks. Computers are now so powerful that they can encrypt their own files in just a few hours, meaning criminals are carrying out attacks relatively quickly without getting caught.

All organisations – large and small – are proving vulnerable. That includes businesses, educational institutions, hospitals and healthcare providers, government agencies and non-profits.

The most common gateway for successful ransomware attacks is unpatched systems, as well as VPN (virtual private network) and RDP (remote desktop protocol) connections not secured using two-factor authentication (2FA). Warnings from installed anti-virus software are also, unfortunately, repeatedly ignored on critical systems such as Microsoft Windows domain controllers.

Phased attacks
Cyber criminals who carry out successful ransomware attacks do so in several phases. First, an attacker gains access to a network through phishing emails. Next comes analysis of an organisation’s network and assets to determine where the vulnerabilities lie. Then comes the actual attack, when files are infected and encrypted to make them inaccessible. Finally, the attacker demands a ransom – if the organisation does not pay up, it is increasingly common for the attackers to publicly disclose the compromised data.

Despite ongoing efforts by cyber-security experts over many years to sensitise companies to the potential dangers posed by ransomware, they are not taking the recommended measures and “best practices”. So, risk exposure is high: Swiss companies, among others, unfortunately are falling victim to these cyber attacks time and again. It is common for ransoms in the six- or seven-figure range to be paid. This allows cyber criminals to finance the infrastructure necessary for such attacks, pay collaborators such as money launderers, and move on to prepare attacks on other companies.

Four forms of protection
When it comes to guarding against ransomware attacks, there are four broad actions you can take.

1. Promote user awareness: User education is a key area. Users need to be educated about the threat of ransomware and how it can be spread.
2. Block dangerous e-mail attachments: E-mail attachments should be blocked on the e-mail gateway, including Microsoft Office documents with macros.
3. Install software updates (patches): Make sure all of your systems are patched and updated.
4. Conduct offline back-ups: Regular backups of the company’s data should be created.