Treading A Safe Path - Navigating Hidden Ransomware Risks

Uploaded on 2024-07-03 in TECHNOLOGY--Resilience, FREE TO VIEW

Ransomware attacks have continued their inexorable rise over the past decade. While there’s debate about whether the number of attacks has gone up or down in recent months, statistical trends may seem less important than the day-to-day reality faced by many cyber security professionals - thousands of organisations are still falling prey to ransomware.

The figures remain shocking – 3 in every 5 organisations were hit by ransomware attacks in the past 12 months and 70% suffered data encryption. More worryingly, initial ransom demands have surged 20% over the past year.

Ransomware attacks continues to dominate headlines and C-suite anxieties due to the colossal scale of disruption caused. Those tasked with protecting their organisations walk a tricky tightrope, risking losses extending far beyond the ransom itself.

Paying Isn’t A Straightforward Path

Paying the ransom might seem like the quickest way to regain access to encrypted data and business continuity. Where critical, time-sensitive data is at stake, capitulating to the financial demands can appear a necessary evil to uphold commitments to customers and stakeholders. The cost of the ransom may appear negligible compared to the potential losses incurred from operational downtime or the expense of alternative data recovery methods, IR counsel and legal costs, credit monitoring, PR and crisis management. 

However, this apparently simple decision masks a range of more complex considerations that must be addressed before deciding to pay.

Paying the ransom doesn’t guarantee the safe return of data. The National Crime Agency’s operation against LockBit revealed that even when ransoms were paid, the group didn’t always do as promised. There are numerous cases where businesses didn’t regain access to their data or found it was corrupted or incomplete. Frequently decryptors are withheld despite ransom payment, or those provided prove to be faulty.

Paying a ransom can also mark an organisation as an easy target, leading to repeat attacks. Cybercriminals often share information about compliant victims, increasing the likelihood of future ransom demands from others utilising the same vulnerability or exploit. This creates a vicious cycle, making businesses more vulnerable each time they pay up.

Moreover, cybercriminals are now deploying high-pressure tactics in an effort to increase payments, with some groups now targeting the clients of firms it successfully attacks or reporting victims to their insurers and even to the US Securities and Exchange Commission. This intensifies the risk of severe reputational damage and additional penalties.

Navigating Regulatory Risks

In the face of mounting financial pressures, wider implications can get overlooked by victims. Overwhelmed by monetary demands and business continuity issues, many are ill-prepared to navigate the complex maze of long-term regulatory and moral considerations.

From a legal and ethical standpoint, paying a ransom can place organisations in murky waters. Funding criminal activities perpetuates the cycle of crime, so payment poses significant moral dilemmas by supporting the nefarious world of cyber extortion. Capitulation to ransom demands is in breach of a company policies designed to prevent this by forbidding payment.

Payment may also conflict with laws banning the funding of criminal activities. In October, the White House announced an alliance of 40 countries vowing never to pay ransoms. Ransom payment may expose individuals and any organisations involved in facilitating these payments to potential civil and criminal penalties. Victims are obliged to report ransomware incidents promptly to government and law enforcement agencies and cooperate fully with their investigations. 

Preparation Is Key

Among the myriad of measures cybersecurity professionals can implement, here are some of the most effective steps to boost resilience and reduce risk. 

Plan Ahead
A robust incident response strategy should include clear protocols for ransomware attacks. Formal incident response plans are rare – only 1 in 5 UK businesses have one in place and a number of leaders aren’t aware of their company’s stance on ransom payments. Develop a clear ransomware attack response plan and be clear on company policies and local laws concerning cybercrime. Conducting regular drills and policy reviews will ensure that the organisation is prepared for an actual incident. 

Restore & Recover
Maintaining proper backup and recovery practices is an effective way to increase resilience to ransomware attacks. Robust backups protect valuable data ensuring it is fully restorable, while best practice disaster recovery solutions with industry-leading Recovery Point Objective (RPO) and near real-time replication ensure rapid, full recovery of data and services. While backup and DR don’t prevent data exfiltration, being able to retrieve data and restore business operations can limit the impact of an attack.

Watch & Learn
While holistic visibility with continuous monitoring across the entire attack surface is essential, it’s also critical to make use of the information. Log monitoring is a crucial component, encompassing intrusion detection and NDR systems, EDR solutions, firewalls, IAM systems, email and cloud-hosted services. This increases the likelihood of detecting threats at an early stage and also allows organisations to exploit their cyber threat intelligence, informing strategies and future defences. 

Closing Gaps
Organisations can greatly reduce their cyber risk by implementing an effective patching programme to address known weaknesses. 60% of cyber incidents in the past 12 months exploited vulnerabilities identified at least 2 years previously. Keeping up to date with vulnerabilities, establishing a remediation plan, setting priorities and effectively managing patching long-term can be challenging. Managed patching services can be a cost-effective way to keep all your machines up to date with the latest security and core OS patches. 

Enforce Identity Controls 
Cyber criminals are adept at finding and leveraging user credentials to log into IT environments. Multi-factor authentication is an effective way to harden defences; but as attacks become more sophisticated, it’s essential for organisations to not just implement modern MFA, but also to enforce it — particularly proven password-less approaches.

Cloud Control
With 45% of breaches starting in victims’ public cloud, it’s important to be clear where security responsibilities lie. In general, a breach originating from your organisation’s vulnerability that disrupts your cloud data is your responsibility. Many firms discover the hard way that data and other resources aren’t automatically backed up by their cloud providers. Many cloud security incidents can be traced back to misconfigurations and weak access policies, highlighting the importance of IAM and cloud utilities.

Collaboration Is Key
There’s growing recognition that knowledge sharing is an important weapon in the war against cybercrime. While reporting ransomware incidents is often a legal requirement, working closely with law enforcement agencies can also help track and apprehend cybercriminals. Collaborating with industry peers can help businesses stay informed about the latest threats and mitigation strategies, while cybersecurity specialists and MSPs can further enhance an organisation’s security posture and incident response capabilities.

Forewarned Is Forearmed

There’s been a shift in the war against ransomware. Businesses and governments have adapted to increased cyber-risk by stepping up measures to defeat ransomware attackers - bolstering defences, upweighting international law enforcement operations and cutting out ransom payments. Ransomware groups have, in turn, become more aggressive. Faced with a growing refusal to pay, attackers are demanding higher payments, expanding their list of targets and also applying greater pressure on victims. 

This further underscores the importance of a proactive strategy on prevention, detection and recovery. Giving full consideration to the financial, legal and ethical considerations now can take uncertainty out of the equation, streamlining and de-risking fraught decision-making when a ransomware incident strikes.

Outsmarting ransomware groups is not just about refusing to pay; it’s about establishing a state of readiness that reduces risk and eliminates the need to make such decisions in the first place.

Rob Smith is CTO at Creative ITC

Image: fizkes

You Might Also Read:

The Ransomware Arms Race:

DIRECTORY OF SUPPLIERS - Ransomware Protection:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« London Hospitals Were Attacked By Russian Hackers
Cyber Threats To The British Elections »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Lakeside Software

Lakeside Software

Lakeside Software is how organizations with large, complex IT environments can finally get visibility across their entire digital estates and see how to do more with less.

Netskope

Netskope

Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data.

Texplained

Texplained

Texplained specializes in security audits of microchips to identify vulnerabilities and protect against invasive cyber attacks.

Exida

Exida

Exida is a leading product certification and knowledge company specializing in industrial automation system safety, security, and availability.

Sintef Digital

Sintef Digital

Sintef Digital carries out research in Information and Communication Technology for industry and the public sector.

Awake Security

Awake Security

Awake Security offer a security solution built on an AI platform that acts like the human brain to sense, detect, and respond to threats you may not even know exist.

Swiss Accreditation Service (SAS)

Swiss Accreditation Service (SAS)

SAS is the national accreditation body for Switzerland. The directory of members provides details of organisations offering certification services for ISO 27001.

ACROS Security

ACROS Security

ACROS Security is a leading provider of security research, real penetration testing and code review for customers with the highest security requirements.

Rizikon Assurance

Rizikon Assurance

Rizikon Assurance is an Online System that improves Third-Party Assurance and Risk Management, through efficiency, automation and better visibility.

Adyta

Adyta

Adyta specializes in cybersecurity solutions adapted to the needs of sovereign institutions, business groups and other organizations that handle information and sensitive or classified data.

Calypso AI

Calypso AI

Calypso AI build software products that solve complex AI risks for national security and highly-regulated industries.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

Graylog

Graylog

Graylog provides answers to your team’s security, application, and IT infrastructure questions by enabling you to combine, enrich, correlate, query, and visualize all your log data in one place.

Buchanan & Edwards

Buchanan & Edwards

Buchanan & Edwards delivers forward-focused technology solutions that help our clients transform the way they perform their missions.

BaXian Group

BaXian Group

BaXian AG is an international consulting company specializing in IT security, data analytics, risk management and compliance.

Creative Destruction Lab (CDL)

Creative Destruction Lab (CDL)

Creative Destruction Lab is a nonprofit organization that delivers an objectives-based program for massively scalable, seed-stage, science- and technology-based companies.