Risk Management · January 07, 2021

3 Lessons From Some of 2020's Largest Ransomware Attacks

Ransomware attacks continued to be a major threat in 2020. The COVID-19 pandemic has only exacerbated cybersecurity concerns, with many companies transitioning to remote work. As a result, their digital infrastructures have become more complex and difficult to manage, leaving them more vulnerable to attacks. Preventing these ransomware threats will remain a top security priority for businesses of all sizes in 2021 and beyond.

Still, fending off ransomware attacks, which can come from anywhere at any time, can seem like a daunting proposition. Companies can learn from 2020's notable ransomware examples and be better positioned to protect themselves in the years to come.

1 Train employees to be vigilant 

Ransomware attacks often start as legitimate-seeming emails—sometimes even from corporate sources or financial institutions—containing attachments with malicious links. When the recipient clicks on the link, the ransomware program infects the system.

That was the case when a group of hackers known as DoppelPaymer attacked the City of Florence, Alabama, in early June. The hackers sent the city's IT manager a fake shipping email from DHL and were able to get the IT manager's credentials, which allowed them to shut down the city's email system and steal sensitive financial information about the city's citizens.

Even the best cybersecurity tools and software can fail if an employee unintentionally falls victim to a phishing email. That's why ongoing security awareness training is critical. A team member with the Flagstaff Unified School District in Flagstaff, Arizona, helped minimize the impact of a ransomware attack in September when they noticed something odd in their computer system and alerted IT. That prompt action allowed the school district officials to sever the internet connection quickly and isolate the issue while only having to close schools for 2 days.

2 Have your backups in place 

The most important step in preventing cyberattacks and recovering from them quickly is to get your company's data backups in place and up to date. That way, if a ransomware attack infects and encrypts your company's systems, you still have a good working copy to recover information and restore your data. Data backups helped the La Salle County government offices in La Salle, Illinois, restore their systems and get back to work within 3 days of its February ransomware attack.

Also, keep backups in a separate, off-site physical location. Defense contractor Communications & Power Industries, or CPI, learned this lesson the hard way in January when an administrator set off file-encrypted malware by clicking on an unsafe link while logged in to a work computer. The ransomware spread to every CPI office and computer, including the company's on-site backups, allowing sensitive military data to be held for ransom.

3 To pay or not to pay? 

Travelex chose to pay hackers a $2.3 million ransom after the group known as Sodinokibi took down the foreign exchange company's websites across 30 countries on New Year's Eve. In July, Garmin paid a multimillion-dollar ransom to Evil Corp., a Russian crime organization that had attacked the company's systems, shutting them down for 5 days. The hackers demanded payment in exchange for a decryption key that would restore Garmin's data.

In both these cases, the companies were trying to protect their customers' private information and maintain their trust while resuming time-sensitive business operations as soon as possible. They also had cyberinsurance policies.

However, most cybersecurity experts and law enforcement officials caution against paying ransoms. Paying the ransom only encourages cybercriminals to strike again. Besides, you're dealing with criminals—there's no guarantee that information a company is trying to protect won't end up on the dark web even if it pays the ransom.

Cybersecurity in 2021 and beyond

With the right practical strategies in place, organizations can learn best practices from these ransomware examples. This way, they can improve their ransomware protection efforts in 2020 and guard against ransomware threats for years to come.


Financial insights for your business

No results found

Links to third-party websites may have a privacy policy different from First Citizens Bank and may provide less security than this website. First Citizens Bank and its affiliates are not responsible for the products, services and content on any third-party website.

This information is provided for educational purposes only and should not be relied on or interpreted as accounting, financial planning, investment, legal or tax advice. First Citizens Bank (or its affiliates) neither endorses nor guarantees this information, and encourages you to consult a professional for advice applicable to your specific situation.