Group 6 Created with Sketch.

Cyber Threat Awareness – Potential Impacts of Ransomware

Learn how to help prevent ransomware cyberattacks with a quiz to test your knowledge

Ransomware is a type of malicious software, malware, that gains access to files or systems and blocks user access. All files, or even entire devices, are held hostage using encryption until the victim pays a ransom, with untraceable cryptocurrency, in exchange for a decryption key.

Potential Impacts of a Ransomware Attack

Revenue

Revenue loss from operational disruption.

Reputation

Reputational damage from inability to serve customers.

Financial

Financial loss in the form of ransom payment, insurance premium increase, fines, remediation and rebuilding, operational delays or lost customer opportunity.

Data

Data breach of sensitive or confidential data, intellectual property, customer information or credentials.

graph_icon Created with Sketch.
$25b*
Projected
costs of
ransomware
in 2021
dollar_icon Created with Sketch. $
$377K*
Average cost per
ransomware
incident
exclamation_icon Created with Sketch. !
$84K*
Average
ransomware
demand
down_icon Created with Sketch.
16.2 days*
Average
downtime
following attack


*https://www.coveware.com/blog/2020/1/22/ransomware-costs-double-in-q4-as-ryuk-sodinokibi-proliferate

Test your knowledge

Question 1
What are the possible impacts to a company from a ransomware attack?

Oval 4 Created with Sketch.
Fill 1 Created with Sketch.

A. Revenue loss from operational disruption

Oval 4 Created with Sketch.
Fill 1 Created with Sketch.

B. Reputational damage from inability to serve customers

Oval 4 Created with Sketch.
Fill 1 Created with Sketch.

C. Data breach of sensitive or confidential data, intellectual property, customer information or credentials

Oval 4 Created with Sketch.
Fill 1 Created with Sketch.

D. Financial loss from remediation and rebuilding, operational delays or lost customer opportunity, and possible data protection related fines

Oval 4 Created with Sketch.
Fill 1 Created with Sketch.

E. All of the above

Question 2
The average ransomware incident only impacts a company for less than a week?

Oval 4 Created with Sketch.
Fill 1 Created with Sketch.

A. True

Oval 4 Created with Sketch.
Fill 1 Created with Sketch.

B. False

Question 3
The best way for employees to help prevent their company from becoming a victim of ransomware is:

Oval 4 Created with Sketch.
Fill 1 Created with Sketch.

A. Do not open attachments or click on links in emails that are unusual, or from someone you do not know

Oval 4 Created with Sketch.
Fill 1 Created with Sketch.

B. Be wary of “vishing,” a criminal tactic to impersonate someone via phone to convince a victim to click a link or open an attachment

Oval 4 Created with Sketch.
Fill 1 Created with Sketch.

C. Report suspicious emails or computer activity to your IT or cybersecurity department

Oval 4 Created with Sketch.
Fill 1 Created with Sketch.

D. All of the above

left_overlay Created with Sketch.

Ransomware Attack Prevention

How individual employees can prevent ransomware:

  • Do not open attachments or click on links in emails that are unusual, or from someone you do not know
  • Be wary of “vishing,” a criminal tactic to impersonate someone via phone to convince a victim to click a link or open an attachment
  • Report suspicious emails or computer activity to your IT or cybersecurity department

How your company can prevent ransomware attacks:

  • Keep your network up-to-date with the latest software patches
  • Use robust antivirus and firewall protections in your network
  • Back up data securely and separately from your network, and routinely test restoring backups
  • Deploy mandatory employee training and testing on phishing and other security practices
  • Run simulations and drills to assess your capability and resiliency in the event of an attack
  • Consider physical or logical network segmentation
  • Employ the concept of ‘least privilege’ to limit the use of administrator privileges
  • Create your own “Red Team” or hire one from a cybersecurity firm to routinely attack and evaluate your systems using the same techniques as the bad guys

What about cybersecurity insurance?

  • Could mitigate some attack expenses in short-term
  • Does not prevent reputational damage from an incident or data breach
  • Cannot regain lost data or intellectual property
  • Should not be considered a replacement for good cybersecurity practices

Additional Ransomware resources:

Back to top button Back to top
 

Copyright © 2020 JPMorgan Chase & Co. All rights reserved.