Ransomware: Protect your business and its data from this cyber threat
Ransomware is a type of malicious software or malware. Cybercriminals use it to invade a victim’s system and encrypt the files, which makes the data inaccessible to the victim. The fraudster then demands a ransom payment in exchange for restoring access to the victim. Ransomware is among the most dangerous cyber threats facing businesses today, causing operational shutdowns, financial loss, and reputational harm. As businesses continue to manage sensitive information across complex networks, the risk increases.
Why businesses are prime targets for ransomware attacks
Cybercriminals target businesses based on several risk factors:
- High-value operations. Critical service providers are more likely to pay to restore functionality.
- Sensitive data. Businesses handling personal or regulated information are ideal targets.
- Complex IT environments. Mergers, outdated systems, and remote access expand vulnerabilities.
- Remote workforces. Increased access points create more opportunities for breaches.
How ransomware attacks typically work
An employee unknowingly downloads ransomware onto their computer or leaves their system vulnerable to attack by clicking links or attachments in phishing emails, downloading infected software or apps, visiting compromised or deceptive websites, or using outdated software.
The ransomware infiltrates the system and silently spreads, encrypting data files such as business documents, photos, and financial records. The encrypted files can only be unlocked with a unique decryption key — held by the fraudster.
A ransom note is sent to the employee or business leader, often displayed directly on the screen. The note demands payment in exchange for the decryption key and threatens permanent data loss if the business doesn’t comply.
The financial consequences of ransomware attacks on businesses
Direct Financial Loss
The immediate cost is the ransom itself, but paying it doesn’t guarantee the fraudster will provide the decryption key, restore the files, or stop demanding payments.
Indirect Financial Loss
These include data costs related to the loss of important financial documents, and recovery costs, including the costs of system restoration, data recovery, and new enhanced security measures. If a data breach occurs, the business could also incur costs of legal fees and client compensation for compromised data and credit report monitoring services.
Preparation is key to safeguarding your business.
Educate employees
Conduct ongoing training on identifying phishing attempts, using strong passwords, and avoiding risky behavior online. Teach best practices around software use, MFA setup, and data sharing.
Strengthen IT infrastructure
Inventory all devices and data; apply patches and secure legacy systems. Segment networks to isolate critical systems. And maintain encrypted, offline backups to protect against data loss.
Adopt a layered security strategy
Use spam filters, disable macros, and run phishing simulations. Implement Zero Trust architecture to limit access and require reauthentication.
Secure financial systems
Restrict online banking access and require dual approvals for transactions.
Simulate and monitor
Track typical system behaviors to spot anomalies and run mock incidents to test response readiness.
Plan ahead
Develop a response playbook, engage third-party cybersecurity experts, and consider cyber insurance.
What to do if your business experiences a ransomware attack
Even the best defenses aren’t foolproof. If your business is attacked:
- Notify your bank and your cyber insurance provider.
- Follow your response plan, which should include determining if sensitive data was exposed, following legal notification requirements, and communicating clearly with internal teams and external stakeholders.
Ransomware is a persistent threat, but preparation is a powerful defense.
Monitor alerts from StopRansomware.gov, review their response checklist, and keep your employees up to date on the latest threats and your business’s response plan and prevention policies.
We’re committed to arming you with the latest information on cybercrime and payments fraud. Visit key.com/cybersecurity to learn more. For information about KeyBank’s core fraud solutions, connect with your payments advisor or relationship manager.