Treading A Safe Path - Navigating Hidden Ransomware Risks

Uploaded on 2024-07-03 in TECHNOLOGY--Resilience, FREE TO VIEW

Ransomware attacks have continued their inexorable rise over the past decade. While there’s debate about whether the number of attacks has gone up or down in recent months, statistical trends may seem less important than the day-to-day reality faced by many cyber security professionals - thousands of organisations are still falling prey to ransomware.

The figures remain shocking – 3 in every 5 organisations were hit by ransomware attacks in the past 12 months and 70% suffered data encryption. More worryingly, initial ransom demands have surged 20% over the past year.

Ransomware attacks continues to dominate headlines and C-suite anxieties due to the colossal scale of disruption caused. Those tasked with protecting their organisations walk a tricky tightrope, risking losses extending far beyond the ransom itself.

Paying Isn’t A Straightforward Path

Paying the ransom might seem like the quickest way to regain access to encrypted data and business continuity. Where critical, time-sensitive data is at stake, capitulating to the financial demands can appear a necessary evil to uphold commitments to customers and stakeholders. The cost of the ransom may appear negligible compared to the potential losses incurred from operational downtime or the expense of alternative data recovery methods, IR counsel and legal costs, credit monitoring, PR and crisis management. 

However, this apparently simple decision masks a range of more complex considerations that must be addressed before deciding to pay.

Paying the ransom doesn’t guarantee the safe return of data. The National Crime Agency’s operation against LockBit revealed that even when ransoms were paid, the group didn’t always do as promised. There are numerous cases where businesses didn’t regain access to their data or found it was corrupted or incomplete. Frequently decryptors are withheld despite ransom payment, or those provided prove to be faulty.

Paying a ransom can also mark an organisation as an easy target, leading to repeat attacks. Cybercriminals often share information about compliant victims, increasing the likelihood of future ransom demands from others utilising the same vulnerability or exploit. This creates a vicious cycle, making businesses more vulnerable each time they pay up.

Moreover, cybercriminals are now deploying high-pressure tactics in an effort to increase payments, with some groups now targeting the clients of firms it successfully attacks or reporting victims to their insurers and even to the US Securities and Exchange Commission. This intensifies the risk of severe reputational damage and additional penalties.

Navigating Regulatory Risks

In the face of mounting financial pressures, wider implications can get overlooked by victims. Overwhelmed by monetary demands and business continuity issues, many are ill-prepared to navigate the complex maze of long-term regulatory and moral considerations.

From a legal and ethical standpoint, paying a ransom can place organisations in murky waters. Funding criminal activities perpetuates the cycle of crime, so payment poses significant moral dilemmas by supporting the nefarious world of cyber extortion. Capitulation to ransom demands is in breach of a company policies designed to prevent this by forbidding payment.

Payment may also conflict with laws banning the funding of criminal activities. In October, the White House announced an alliance of 40 countries vowing never to pay ransoms. Ransom payment may expose individuals and any organisations involved in facilitating these payments to potential civil and criminal penalties. Victims are obliged to report ransomware incidents promptly to government and law enforcement agencies and cooperate fully with their investigations. 

Preparation Is Key

Among the myriad of measures cybersecurity professionals can implement, here are some of the most effective steps to boost resilience and reduce risk. 

Plan Ahead
A robust incident response strategy should include clear protocols for ransomware attacks. Formal incident response plans are rare – only 1 in 5 UK businesses have one in place and a number of leaders aren’t aware of their company’s stance on ransom payments. Develop a clear ransomware attack response plan and be clear on company policies and local laws concerning cybercrime. Conducting regular drills and policy reviews will ensure that the organisation is prepared for an actual incident. 

Restore & Recover
Maintaining proper backup and recovery practices is an effective way to increase resilience to ransomware attacks. Robust backups protect valuable data ensuring it is fully restorable, while best practice disaster recovery solutions with industry-leading Recovery Point Objective (RPO) and near real-time replication ensure rapid, full recovery of data and services. While backup and DR don’t prevent data exfiltration, being able to retrieve data and restore business operations can limit the impact of an attack.

Watch & Learn
While holistic visibility with continuous monitoring across the entire attack surface is essential, it’s also critical to make use of the information. Log monitoring is a crucial component, encompassing intrusion detection and NDR systems, EDR solutions, firewalls, IAM systems, email and cloud-hosted services. This increases the likelihood of detecting threats at an early stage and also allows organisations to exploit their cyber threat intelligence, informing strategies and future defences. 

Closing Gaps
Organisations can greatly reduce their cyber risk by implementing an effective patching programme to address known weaknesses. 60% of cyber incidents in the past 12 months exploited vulnerabilities identified at least 2 years previously. Keeping up to date with vulnerabilities, establishing a remediation plan, setting priorities and effectively managing patching long-term can be challenging. Managed patching services can be a cost-effective way to keep all your machines up to date with the latest security and core OS patches. 

Enforce Identity Controls 
Cyber criminals are adept at finding and leveraging user credentials to log into IT environments. Multi-factor authentication is an effective way to harden defences; but as attacks become more sophisticated, it’s essential for organisations to not just implement modern MFA, but also to enforce it — particularly proven password-less approaches.

Cloud Control
With 45% of breaches starting in victims’ public cloud, it’s important to be clear where security responsibilities lie. In general, a breach originating from your organisation’s vulnerability that disrupts your cloud data is your responsibility. Many firms discover the hard way that data and other resources aren’t automatically backed up by their cloud providers. Many cloud security incidents can be traced back to misconfigurations and weak access policies, highlighting the importance of IAM and cloud utilities.

Collaboration Is Key
There’s growing recognition that knowledge sharing is an important weapon in the war against cybercrime. While reporting ransomware incidents is often a legal requirement, working closely with law enforcement agencies can also help track and apprehend cybercriminals. Collaborating with industry peers can help businesses stay informed about the latest threats and mitigation strategies, while cybersecurity specialists and MSPs can further enhance an organisation’s security posture and incident response capabilities.

Forewarned Is Forearmed

There’s been a shift in the war against ransomware. Businesses and governments have adapted to increased cyber-risk by stepping up measures to defeat ransomware attackers - bolstering defences, upweighting international law enforcement operations and cutting out ransom payments. Ransomware groups have, in turn, become more aggressive. Faced with a growing refusal to pay, attackers are demanding higher payments, expanding their list of targets and also applying greater pressure on victims. 

This further underscores the importance of a proactive strategy on prevention, detection and recovery. Giving full consideration to the financial, legal and ethical considerations now can take uncertainty out of the equation, streamlining and de-risking fraught decision-making when a ransomware incident strikes.

Outsmarting ransomware groups is not just about refusing to pay; it’s about establishing a state of readiness that reduces risk and eliminates the need to make such decisions in the first place.

Rob Smith is CTO at Creative ITC

Image: fizkes

You Might Also Read:

The Ransomware Arms Race:

DIRECTORY OF SUPPLIERS - Ransomware Protection:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« London Hospitals Were Attacked By Russian Hackers
Cyber Threats To The British Elections »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CCL Solutions Group

CCL Solutions Group

CCL is one of Europe’s leading digital investigation specialists, supporting law enforcement, government and organisations across both public and private sectors.

Willis Towers Watson

Willis Towers Watson

Willis Towers Watson is a global risk management, insurance brokerage and advisory company. Services offered include Cyber Risks insurance.

VigiTrust

VigiTrust

VigiTrust is a security firm specializing in cloud based eLearning programs, security compliance portals and providing security assessments.

Cimcor

Cimcor

Cimcor’s flagship software product, CimTrak, helps organizations to monitor and protect a wide range of physical, network and virtual IT assets in real-time.

Silverskin Information Security

Silverskin Information Security

Silverskin is a cyber attack company that specializes in having knowledge of the attacker's mindset to identify vulnerabilities and build effective and persistent defences.

FTAPI Software

FTAPI Software

FTAPI SecuTransfer is a software solution for end-to-end encrypted data exchange of large and sensitive data with customers and partners.

Cansure

Cansure

Cansure is a leading insurance provider in Canada offering a broad range of property & casualty insurance solutions including Cyber & Data Breach insurance.

Metro Systems

Metro Systems

Metro Systems offer fully integrated IT solutions & services covering Digital Transformation, Digital Infrastructure, Cyber Security and Training.

PeopleSec

PeopleSec

PeopleSec specializes in the human element of cybersecurity with a comprehensive set of services designed to maximize your security by educating your workforce as a whole.

Turnkey Consulting

Turnkey Consulting

Turnkey Consulting is a leading provider of Integrated Risk Management (IRM), Identity Access Management (IAM), and Cyber and Application Security.

Cubro Network Visibility

Cubro Network Visibility

Cubro network visibility solutions remove network monitoring ‘blind spots’ to provide enhanced visibility and control of all data transiting a company’s network.

Intrepid Solutions & Services

Intrepid Solutions & Services

Intrepid Solutions and Services provides technology solutions and professional services to key components of the intelligence and national security communities.

Arcturus Security

Arcturus Security

Arcturus is a CREST-approved cyber security consultancy created by experts in the field.

Panther Labs

Panther Labs

Panther’s mission is to make security monitoring fast, flexible and scalable for all security teams.

Morpheus Enterprises

Morpheus Enterprises

Morpheus Enterprises offer managed security solutions designed to keep your web applications secure and your business running smoothly.

Actelis Networks

Actelis Networks

Actelis Networks is a market leader in cyber-hardened, rapid deployment networking solutions for wide-area IoT applications.