The Ransomware Arms Race

According to the UK’s National Cyber Security Centre, “ransomware continues to be the most acute cyber threat facing UK organisations and businesses”. Impacting businesses of all sizes, ransomware can be extremely costly, and very difficult to defend against.

Defence, mitigation, and response are vital, but it can be hard to know where to begin, even for businesses with relatively advanced security postures. 

With that in mind, we spoke to cybersecurity experts to get their insights into how organisations can tackle this relentless threat. 

Building A Defence 

When it comes to security, it’s easy to focus on the shiny new defence tool. However, Martin Simpson, Principal at Node4 Security Practice argues that organisations “must get the basics right.”

He advises: “Enhance your defences with good and actionable threat intelligence, and robust monitoring to detect malware before it detonates. It is also important to conduct regular vulnerability scanning and remediation. Understand what your important data is, both in structured and unstructured forms, and protect it accordingly. Doing the basics well helps you understand what your important data is and where it resides so that you can apply the necessary protection.”

Additionally, a key priority for organisations must be identifying and remediating vulnerabilities that ransomware groups may be able to exploit. However, as Nick Palmer, Solutions Engineer at Censys, points out, “this is easier said than done, as very few organisations have a comprehensive view of their potentially vulnerable assets. 

“Attack surfaces have grown beyond what traditional security practices can effectively manage - in fact, on average, 43% of assets on an attack surface are unknown to organisations. This is crucial because you cannot protect what you cannot see. Businesses must, therefore, invest in attack surface management tools, which can continuously monitor an organisation's digital footprint and identify potential risks. 

Evolving Defences

One of the key challenges in the fight against ransomware is that the threat is constantly evolving. As Chris Denbigh-White, CSO at Next DLP explains: “Initially, ransomware attacks were straightforward, employing a single-stage approach: encrypting data and demanding payment for its release. In response, information security professionals advocated for robust backup systems to mitigate potential disruptions caused by widespread data encryption.

“More recently, ransomware gangs have escalated their tactics further by engaging in multifaceted attacks involving encrypting and exfiltrating data and leveraging this information to coerce victims into compliance. This advanced attack level extends to disclosing the breach to victims’ customers and regulatory bodies if ransom demands are not met, thus extending the ultimatum to ‘pay us or we will release your data AND report you!’”

“There is no denying that attackers are getting more dynamic and creative in their attempts to infiltrate businesses,” agrees Andy Swift, Technical Director of Offensive Security at Six Degrees. “Generative AI is only going to speed this up as ransomware developers abuse the technology to help turn new code around faster. No business is immune to attack and this makes resilience equally as vital as threat detection and prevention. Organisations must ensure they have enhanced data protection through authenticated data access, data encryption, and solid data backup solutions.”

Additionally, Darren Thomson, Field CTO EMEAI at Commvault argues that “every organisation should have a clean environment (a “cleanroom”) into which they can recover. Partnered with automation technology, critical cloud applications can be rebuilt in the designated cleanroom quickly, taking recovery time from days or weeks to a matter of hours or minutes and enabling organisations to return to minimal viable operations, even when systems are compromised.”

Out Of The Box Approaches

It’s also worth considering more unconventional methods of fighting ransomware. For example, Laurie Mercer, Security Architect at HackerOne suggests that “one way to offset the risk of ransomware attacks is to counteract the ransomware incentive model for a vulnerability rewards incentive model.”

He continues: “Public bug bounty programs incentivise white hat hackers to highlight gaps in your defences that can be exploited by ransomware gangs. To stop yourself from being hacked, you might need to work with hackers.”

Furthermore, it’s worth challenging the common practice of keeping security insights within individual IT teams. “If one organisation then develops a technique for detecting a specific form of malware, this is invaluable information for many other IT security teams,” concludes Jason Keirstead, Vice President of Collective Defense at Cyware. “But, this valuable insight is rarely shared outside of the organisation that discovered it. This gives attackers a huge advantage because the one thing they have in their arsenal that security teams often don’t have is a collaborative approach. 

“But it doesn’t need to be this way. By adopting a collective cyber defence strategy, organisations can collaborate internally within teams, and externally across industries to share this valuable insight and defend against cyber threats including ransomware.”

Image: Unsplash

You Might Also Read: 

Prioritising  Prevention Is Better Than Paying Ransom:

DIRECTORY OF SUPPLIERS - Ransomware Protection:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Cyber Attacks On The British Education Sector Trending
Overcome PDF Conversion Challenges: A Step-by-Step Guide »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

L3Harris United Kingdom

L3Harris United Kingdom

L3Harris UK (formerly L3 TRL Technology) designs and delivers advanced electronic warfare and cyber security solutions for the protection of people, infrastructure and assets.

EfficientIP

EfficientIP

EfficientIP helps organizations drive business efficiency through agile, secure and reliable network infrastructures.

Centre for International Governance Innovation (CIGI)

Centre for International Governance Innovation (CIGI)

CIGI research areas include Conflict Management & Security which encompass cyber security and cyber warfare.

Concise Technologies

Concise Technologies

Concise Technologies provide specialist IT and telecoms solutions, support services, managed backup, disaster recovery, cyber security and consultancy to SME businesses across the UK and Europe.

SAASPASS

SAASPASS

SAASPASS is a full-stack identity and access management solution, a single product which allows you to manage all your digital and physical access needs securely and conveniently.

Seric Systems

Seric Systems

Seric is a technology business specialising in security, infrastructure and data management.

Neowave

Neowave

Neowave designs, manufactures and markets strong authentication solutions based on smart card components and digital certificates.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

PixelPlex

PixelPlex

PixelPlex is a blockchain and custom software development company with offices and developers in New York, Geneva, and Seoul.

RealCISO

RealCISO

RealCISO is a CISO grade cloud platform to help companies understand, manage, and mitigate their cyber risk.

Terralogic

Terralogic

Terralogic is a software and IT services company, an expert in IoT, Cloud, DevOps, App development and Cybersecurity.

Realsec

Realsec

RealSec is an international company and is a developer of encryption and digital signature systems and Blockchain for the Banking and Methods of Payment sectors, Government and Defense and Multisector

Data#3 Limited (DTL)

Data#3 Limited (DTL)

Data#3 Limited (DTL) is a leading Australian IT services and solutions provider.

Fulcrum IT Partners

Fulcrum IT Partners

Fulcrum IT Partners is the parent company of an expanding portfolio of established IT solution companies around the world with proven expertise in cyber security, cloud, and managed services.

Armata Cyber Security

Armata Cyber Security

Armata exists to bring Cyber Security to all people – from home users and SMBs to large enterprises. We believe all users have the right to an affordable yet effective Cyber Security solution.

DOT Europe

DOT Europe

DOT Europe is a consensus based organisation which brings a diverse membership together to agree on their collective stance on EU tech policy.