Don’t Forget About Ransomware

Ransomware is set to remain one of the greatest threats facing enterprises today, with attacks having increased 13% over the last year.

In 2022 alone, notable brands such as Nvidia, Toyota and Indian airline SpiceJet have all become victims of ransomware attacks, with many other breaches against organisations of all shapes and sizes now occurring on a daily basis.

Indeed, ransomware is clearly a major challenge that’s here to stay – one that will continue to pose a serious threat across all industries. With the ransomware-as-a-service (RaaS) economy, and attackers leveraging new techniques like data exfiltration and double extortion, organisations and even governments are more vulnerable to paying out ransoms than ever. 

The situation has been further exacerbated by geopolitical tensions stemming from the Russian invasion of Ukraine, adding fuel to what is an international cyber war that has incentivised state-sponsored cybercriminals to invest in developing the next generation of threats.

In the UK, we’ve seen the National Cyber Security Centre (NCSC) request that all organisations bolster their cyber defences, and since this time we’ve seen a significant uptick in cyber activity occurring globally. Indeed, many of these efforts have been targeted towards Ukraine, with sustained intent from Russia to destroy or disrupt Ukrainian government and military systems. However, the tensions are also spilling over into other countries.

In May 2022, the NCSC suggested that Russia was behind a cyber-attack on a leading global communications company in Ukraine that affected windfarms and internet users in central Europe. And as recently as October 2022, Russian-speaking hackers claimed responsibility for an attack that directly targeted websites for more than a dozen US airports.

Within the current climate, organisations must prepare themselves. Implementing strategies to protect against, respond to and recover from ransomware must be a priority – indeed, it is a case of ‘when’ not ‘if’ an attack occurs.

Ransomware techniques continue to advance

No longer are cyber attackers simply lone actors operating out of their shed. While these threat actors no doubt exist, the advancement of ransomware attacks is being led by highly organised criminal syndicates and nation-state-backed cyber threat groups.

Take Lazarus Group as an example. With some suspected ties to North Korea, this cybercrime organisation was responsible for a major attack against Sony Pictures in 2014, as well as the WannaCry attack that crippled the UK’s National Health Service in 2017.

Evil Group is another similarly sophisticated threat entity. The Russian group typically targets European and American institutions, its Dridex banking Trojan previously being used to steal login details from numerous banks and other financial institutions in 40 countries that led to the theft of roughly $100 million.

It is highly organised syndicates such as these that are driving continual advancement in cybercriminal techniques, constantly seeking new ways in which to infiltrate their intended targets.

From exploit kits to malicious email attachments and links to distributed denial-of-service (DDoS) attacks, there are many different forms of ransomware being leveraged by threat groups around the world today.

Indeed, this makes it all the more important for organisations to develop and implement a comprehensive cybersecurity strategy that covers all bases, capable of mitigating the variety of potential ransomware techniques. Yet, unfortunately, we continue to see many enterprises that lack any form of incident plan required to respond effectively to attacks.

A surprising number of businesses, including some larger organisations, simply don’t know what procedures that they should be following in the event of a cyberattack and this can lead to several problems.

Many victims will instinctively react by switching off infected computers. However, this can be a massive hindrance to those teams that need to forensically analyse impacted devices in order to successfully investigate and remediate attacks. Instead, organisations should be following straightforward steps such as unplugging the network cable while leaving the computer on, ensuring it can be scanned. Yet many simply don’t know what to do in these scenarios.

This lack of strategy cannot continue. Where security is concerned, the threats are too potent to go without a plan.

Understand security and invest wisely

So, how exactly should firms be looking to prepare themselves?

Investing wisely is vital to any security strategy. Indeed, despite the importance of protecting against ransomware, many businesses still aren't willing to spend money on cybersecurity because they view it as an additional cost, leaving budgets tight or inadequate.

In such scenarios, every pound counts, and while it can be tempting to be drawn into acquiring shiny new tools and technologies, the most for buck will come when investments are made logically and in an informed manner.

Here, it is sensible to spend money on risk assessments. Typically taking around 7-11 days depending on the size of the company, they can help to highlight weak spots and enable organisations to make informed decisions about how to allocate the rest of its security budget.

At Integrity360, we recently worked with one enterprise that sold via catalogues both in store and online. Its e-commerce sales were healthy, but a risk assessment quickly revealed that the company had spent very little on protecting its website.

In upgrading the security infrastructure, we blocked malicious traffic coming to the site, resulting in the firm’s genuine customers benefitting from a faster and more responsive web experience. Further, the customers didn’t need to purchase additional servers to bear the load of traffic that wasn’t translating into sales.

All too often, security is seen as an obstacle in the way of doing business. However, this is a prime example of how security can in fact be a business enabler.

Improve education, training and awareness policies

Equally, when it comes to security, knowledge and awareness of potential risks and threats is critical in identifying and mitigating any threats.

For this reason, keeping abreast of current affairs is critical. In doing so, organisations can ensure they are aware of any rampant attack methods and ransomware techniques that are plaguing organisations either in a specific region or industry that may be likely to affect them.

It’s not just about improving awareness at the security level, however. Indeed, this knowledge needs to trickle down throughout the entire organisation.

It is important to understand that the vast majority of cyberattacks don’t involve incredibly complicated mechanisms. Often, all it takes for a network or system to be compromised is the manipulation of an employee who either accidentally (or willingly) hands over their account details to a malicious actor.

It is for this reason that phishing remains the most popular form of cyberattack. In fact, according to the Cyber Security Breaches Survey 2022 published earlier this year, 83% of UK businesses have been targeted by phishing scams.

This is a huge number and one that isn’t showing any signs of diminishing. For threat actors, it is simple, easy, and proven to work, often opening the door for them to begin the workings of a malicious ransomware attack.

With both phishing and ransomware incidents gathering momentum, businesses of all shapes and sizes must work to implement effective training plans to enhance employee awareness of potential threats. By pushing the issue to the fore and promoting better training policies, organisations can go a long way to reducing their vulnerabilities to threats such as ransomware.

In doing so, workforces can become more of a help than a hindrance as an effective front line of defence capable of keeping many types of cyberattacks, including ransomware, at bay.

Patrick Wragg, Cyber Threat Response Manager, Integrity360