-

Combatting the rising risk of ransomware

Ransomware attacks are growing in the UK. To foil the cybercriminals, British businesses need to invest in resilience, cyber education and training, and constantly test their strategies.

The rapid rise of ransomware

A huge number of UK businesses have been forced to pay a ransom following a ransom attack in the last 12 months. According to a survey from cybersecurity specialist Mimecast1^ 48% of UK businesses have been affected by ransomware in the past 12 months to April 2021, with 50% of those organisations affected paying cybercriminals the ransom. This means that almost a quarter (24%) of organisations within the UK have paid a ransom in the last year.

Ransomware was a steadily growing threat before the pandemic, but now, with so many office employees working remotely, that threat has exploded. These attacks are increasingly lucrative for cybercriminals and the ability to have their ransoms paid in cryptocurrency means they are almost impossible to track. Companies are at risk of losing their money and their data, but paying the ransom feeds a vicious cycle, encouraging more criminals by showing there’s money to be made.

“The more you inadvertently promote this activity by paying the ransom, the more the threat actors will take this as the norm,” says Nimesh Patel, Global Head and Director of Third Party Security Assurance & Monitoring at Barclays. “Companies should do everything they can to have the best controls in place, so they can avoid paying the ransom.”

The more you inadvertently promote this activity by paying the ransom, the more the threat actors will take this as the norm.

Behind the rise in ransomware

Ransomware is a particularly difficult type of cyber attack to handle, as many of the ways of countering the attack are actually counterproductive. For cybercriminals, seeing that companies are willing to pay ever-greater amounts of money to get their data back has led to more and more attacks.

“This is a business model that is highly profitable for criminals,” explains Sarah Michaels, Head of Strategic Cyber Intelligence at Barclays. “We have seen the amount of ransoms demanded, and the amount paid, just go up and up over the last 12 to 15 months. So we've seen ransoms on the order of 50 to 70 million US dollars.”

It’s not just the threat actors holding the companies to ransom that are making money, it’s the affiliates and access brokers who are providing the malware as well. Many criminal groups are making money from these attacks, and as long as they can, they will keep doing it. The problem is so prevalent, that companies are increasingly taking out cyber extortion insurance. But again, this measure of protection is backfiring.

“Cyber extortion insurance is in effect providing ransomware operators with a guaranteed source of income. We've actually seen these criminals trying to obtain information about the value and extent of company's cyber insurance policy so that they know how much of a ransom to ask for,” says Michaels.

Cyber extortion insurance is in effect providing ransomware operators with a guaranteed source of income. We've actually seen these criminals trying to obtain information about the value and extent of company's cyber insurance policy so that they know how much of a ransom to ask for.

No company too big or too small

Ransomware attacks have become more sophisticated as they become more lucrative. Cybercriminals are targeting companies that have high value assets or hold high value data, or those that are more sensitive to any downtime.

The operators have become more ambitious in who they target and much more strategic in their selections. To do that, they carry out sophisticated reconnaissance, targeting company executives over social media, for example, or launching enticing phishing campaigns to gain entry. However, that doesn’t mean that smaller companies are less at risk.

“A big pay out is enticing, but it may be more difficult to secure,” Patel points out, “Lots of companies at £5000 each is still a pretty decent pay out.”

Once the perpetrators gain entry, they look to disable the organisation’s systems and steal their data. Increasingly, they may combine their ransom demands with other forms of attack. For example, Michaels highlights the case of the US software supplier Kaseya, whose own systems were used to infiltrate across its supply chain2^. Companies are also often subjected to a DDoS (distributed denial of service) attack at the same time as the ransomware.

A strong cybersecurity foundation

As with many other forms of cyber attack, a company’s number one defence is educating and training its staff. In essence, you need to make sure that employees are never “click-happy”, says Patel.

“First and foremost is human control, education and awareness, teach employees to always scrutinise something that looks suspicious and that goes for within their personal environment as well,” he says.

Strong identification methods are also key, such as multifactor authentication, sufficient password complexity and a lockout system that kicks in after a certain number of attempts. This should be further bolstered by a monitoring system that covers all valuable assets, good security software, patch management and vulnerability control.

“And not just for your organisation, for your third parties as well. Ensure that suppliers have appropriate levels and strategies for cybersecurity too,” adds Patel.

First and foremost is human control, education and awareness, teach employees to always scrutinise something that looks suspicious and that goes for within their personal environment as well.

How to strengthen your business resilience

Where ransomware differs from other attacks is how the criminals weaponise a company’s data. Combatting that aspect requires resilience and data back-ups, particularly when paying the ransom doesn’t guarantee that the data will be secured. Companies without that resilience will feel that they have no choice but to pay up to get their data back and their businesses back on track. But the Mimecast survey also found that 25% of organisations that paid the ransom didn’t recover their stolen data.

“The key thing is data integrity,” says Michaels. “Companies need to ensure that data is secure and available through an alternative platform. That can be accomplished through system segmentation and retaining hard copies of key information and assets that allow the company to continue operating.”

Patel adds that this business resilience is worth investing in: “Something like a ransomware attack can completely finish a company. You could be put out of business by being forced offline. Companies must test and rehearse their disaster recovery process, and make sure they are as prepared as they can be.”

Protecting your business from ransomware:

  • Educate employees on cyber awareness
  • Use strong identification methods
  • Monitor valuable business assets
  • Assess the security of your supply chain
  • Invest in data back-ups and business resilience
  • Test and rehearse your disaster recovery process
  • Remain vigilant at all times.

Read related insights

Insights

Fraud Protection

Fraudsters are working as hard as you are. Our content can help you stay ahead of them.

insights

Cyber Fraud Toolkit

What are the key cyber fraud threats your business may face today, and how can you mitigate those risks?

insights

Securing your supply chain’s weakest links from fraud

Supply chains can be complex and opaque, making it very challenging to manage cyber risk across the chain. But while the risks are growing, the solutions are too.