Attackers usually gain access via a phishing attack or a network configuration vulnerability such as an exposed RDP port. Once they’re in, they can move throughout the network and identify critical data before launching the ransomware attack.
Cooley says three of the most valuable targets for an attacker are “(i) high-value data or assets, such as trade secrets or personally identifiable information; (ii) critical timing issues or red-letter dates, such as tax-filing deadlines or the start of a new school year; and (iii) data backups.”
Additionally, Cooley points out that the costs associated with a ransomware attack include “not only paying the ransom demand but also expenses associated with lost business, time, files, equipment; wages; third-party remediation services; or higher insurance premiums.”
For large companies, ransomware attacks can be extremely costly, and for smaller organizations, one of these attacks could be a business killer. Organizations need to invest in countermeasures to prevent attackers from getting in. New-school security awareness training can address the human element and prevent your employees from falling for phishing attacks. Cooley has the story: https://cdp.cooley.com/big-game-phishing/