Treading A Safe Path - Navigating Hidden Ransomware Risks

Uploaded on 2024-07-03 in TECHNOLOGY--Resilience, FREE TO VIEW

Ransomware attacks have continued their inexorable rise over the past decade. While there’s debate about whether the number of attacks has gone up or down in recent months, statistical trends may seem less important than the day-to-day reality faced by many cyber security professionals - thousands of organisations are still falling prey to ransomware.

The figures remain shocking – 3 in every 5 organisations were hit by ransomware attacks in the past 12 months and 70% suffered data encryption. More worryingly, initial ransom demands have surged 20% over the past year.

Ransomware attacks continues to dominate headlines and C-suite anxieties due to the colossal scale of disruption caused. Those tasked with protecting their organisations walk a tricky tightrope, risking losses extending far beyond the ransom itself.

Paying Isn’t A Straightforward Path

Paying the ransom might seem like the quickest way to regain access to encrypted data and business continuity. Where critical, time-sensitive data is at stake, capitulating to the financial demands can appear a necessary evil to uphold commitments to customers and stakeholders. The cost of the ransom may appear negligible compared to the potential losses incurred from operational downtime or the expense of alternative data recovery methods, IR counsel and legal costs, credit monitoring, PR and crisis management. 

However, this apparently simple decision masks a range of more complex considerations that must be addressed before deciding to pay.

Paying the ransom doesn’t guarantee the safe return of data. The National Crime Agency’s operation against LockBit revealed that even when ransoms were paid, the group didn’t always do as promised. There are numerous cases where businesses didn’t regain access to their data or found it was corrupted or incomplete. Frequently decryptors are withheld despite ransom payment, or those provided prove to be faulty.

Paying a ransom can also mark an organisation as an easy target, leading to repeat attacks. Cybercriminals often share information about compliant victims, increasing the likelihood of future ransom demands from others utilising the same vulnerability or exploit. This creates a vicious cycle, making businesses more vulnerable each time they pay up.

Moreover, cybercriminals are now deploying high-pressure tactics in an effort to increase payments, with some groups now targeting the clients of firms it successfully attacks or reporting victims to their insurers and even to the US Securities and Exchange Commission. This intensifies the risk of severe reputational damage and additional penalties.

Navigating Regulatory Risks

In the face of mounting financial pressures, wider implications can get overlooked by victims. Overwhelmed by monetary demands and business continuity issues, many are ill-prepared to navigate the complex maze of long-term regulatory and moral considerations.

From a legal and ethical standpoint, paying a ransom can place organisations in murky waters. Funding criminal activities perpetuates the cycle of crime, so payment poses significant moral dilemmas by supporting the nefarious world of cyber extortion. Capitulation to ransom demands is in breach of a company policies designed to prevent this by forbidding payment.

Payment may also conflict with laws banning the funding of criminal activities. In October, the White House announced an alliance of 40 countries vowing never to pay ransoms. Ransom payment may expose individuals and any organisations involved in facilitating these payments to potential civil and criminal penalties. Victims are obliged to report ransomware incidents promptly to government and law enforcement agencies and cooperate fully with their investigations. 

Preparation Is Key

Among the myriad of measures cybersecurity professionals can implement, here are some of the most effective steps to boost resilience and reduce risk. 

Plan Ahead
A robust incident response strategy should include clear protocols for ransomware attacks. Formal incident response plans are rare – only 1 in 5 UK businesses have one in place and a number of leaders aren’t aware of their company’s stance on ransom payments. Develop a clear ransomware attack response plan and be clear on company policies and local laws concerning cybercrime. Conducting regular drills and policy reviews will ensure that the organisation is prepared for an actual incident. 

Restore & Recover
Maintaining proper backup and recovery practices is an effective way to increase resilience to ransomware attacks. Robust backups protect valuable data ensuring it is fully restorable, while best practice disaster recovery solutions with industry-leading Recovery Point Objective (RPO) and near real-time replication ensure rapid, full recovery of data and services. While backup and DR don’t prevent data exfiltration, being able to retrieve data and restore business operations can limit the impact of an attack.

Watch & Learn
While holistic visibility with continuous monitoring across the entire attack surface is essential, it’s also critical to make use of the information. Log monitoring is a crucial component, encompassing intrusion detection and NDR systems, EDR solutions, firewalls, IAM systems, email and cloud-hosted services. This increases the likelihood of detecting threats at an early stage and also allows organisations to exploit their cyber threat intelligence, informing strategies and future defences. 

Closing Gaps
Organisations can greatly reduce their cyber risk by implementing an effective patching programme to address known weaknesses. 60% of cyber incidents in the past 12 months exploited vulnerabilities identified at least 2 years previously. Keeping up to date with vulnerabilities, establishing a remediation plan, setting priorities and effectively managing patching long-term can be challenging. Managed patching services can be a cost-effective way to keep all your machines up to date with the latest security and core OS patches. 

Enforce Identity Controls 
Cyber criminals are adept at finding and leveraging user credentials to log into IT environments. Multi-factor authentication is an effective way to harden defences; but as attacks become more sophisticated, it’s essential for organisations to not just implement modern MFA, but also to enforce it — particularly proven password-less approaches.

Cloud Control
With 45% of breaches starting in victims’ public cloud, it’s important to be clear where security responsibilities lie. In general, a breach originating from your organisation’s vulnerability that disrupts your cloud data is your responsibility. Many firms discover the hard way that data and other resources aren’t automatically backed up by their cloud providers. Many cloud security incidents can be traced back to misconfigurations and weak access policies, highlighting the importance of IAM and cloud utilities.

Collaboration Is Key
There’s growing recognition that knowledge sharing is an important weapon in the war against cybercrime. While reporting ransomware incidents is often a legal requirement, working closely with law enforcement agencies can also help track and apprehend cybercriminals. Collaborating with industry peers can help businesses stay informed about the latest threats and mitigation strategies, while cybersecurity specialists and MSPs can further enhance an organisation’s security posture and incident response capabilities.

Forewarned Is Forearmed

There’s been a shift in the war against ransomware. Businesses and governments have adapted to increased cyber-risk by stepping up measures to defeat ransomware attackers - bolstering defences, upweighting international law enforcement operations and cutting out ransom payments. Ransomware groups have, in turn, become more aggressive. Faced with a growing refusal to pay, attackers are demanding higher payments, expanding their list of targets and also applying greater pressure on victims. 

This further underscores the importance of a proactive strategy on prevention, detection and recovery. Giving full consideration to the financial, legal and ethical considerations now can take uncertainty out of the equation, streamlining and de-risking fraught decision-making when a ransomware incident strikes.

Outsmarting ransomware groups is not just about refusing to pay; it’s about establishing a state of readiness that reduces risk and eliminates the need to make such decisions in the first place.

Rob Smith is CTO at Creative ITC

Image: fizkes

You Might Also Read:

The Ransomware Arms Race:

DIRECTORY OF SUPPLIERS - Ransomware Protection:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« London Hospitals Were Attacked By Russian Hackers
Cyber Threats To The British Elections »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Pondurance

Pondurance

Pondurance is an IT Security and Compliance company providing services in Cyber Security, Continuity, Compliance and Threat Management.

HDI

HDI

HDI is the worldwide professional association and certification body for the technical service and support industry.

FireMon

FireMon

FireMon is the only agile network security policy platform for firewalls and cloud security groups providing the fastest way to streamline network security policy management.

GrammaTech

GrammaTech

GrammaTech is a leading developer of software-assurance tools and advanced cyber-security solutions.

National Response Centre for Cyber Crime (NR3C)

National Response Centre for Cyber Crime (NR3C)

National Response Centre for Cyber Crime (NR3C) is a law enforcement agency in Pakistan dedicated to fighting cyber crime.

ASU Online - Information Technology Program

ASU Online - Information Technology Program

The Information Technology program at ASU Online provides you with the expertise to design, select, implement and administer computer-based information solutions.

Azeti Networks

Azeti Networks

Azeti Networks is a global provider of IoT technology to a variety of verticals including telecomms, oil/gas, manufacturing, finance and healthcare.

ThreatMark

ThreatMark

ThreatMark provides fraud detection solutions for digital banking and payments.

Boldon James

Boldon James

Boldon James are market leaders in data classification and secure messaging software.

Aricoma

Aricoma

Aricoma are Architects of Digital. We aim to become a major player in end-to-end IT services and digital transformation in Europe.

Combined Selection Group (CSG)

Combined Selection Group (CSG)

CSG are Global Talent Experts, we operate across 7 specialist sectors, including Information Technology and Cybersecurity, and take a pro-active approach to executive search and headhunting.

Research Institute in Verified Trustworthy Software Systems (VeTSS)

Research Institute in Verified Trustworthy Software Systems (VeTSS)

The main purpose of VeTSS is to support program analysis, testing and verification, to achieve guarantees of software correctness, safety, and security.

ACSG Corp

ACSG Corp

ACSG Corp is a Critical Infrastructure Protection Company with a multi-disciplinary focus on building analytics software for various industry sectors.

Fortiedge

Fortiedge

Fortiedge is an IT Security solution provider specializing in Cyber Security practices and solutions for our clients.

PlexTrac

PlexTrac

PlexTrac is a cybersecurity reporting and workflow management platform that supercharges security programs, making them more effective, efficient, and proactive.

Unit 42

Unit 42

Unit 42 brings together world-renowned threat researchers, incident responders and security consultants to create an intelligence-driven, response-ready organization.