Ransomware is everywhere, infecting organisations across all sectors, and its proliferation is seemingly out of control.
Cyber criminals have adopted ransomware as their default attack strategy, in part because it can be planted on organisations’ systems easily and cause catastrophic damage.
Ransomware attacks typically begin with an employee opening an infected attachment or being tricked into handing over their login credentials. Once the attackers have access to the organisations system, all hell breaks loose.
The bad guys hold the organisation’s devices and its data hostage, preventing employees from doing their jobs until a ransom demand has been paid.
If your organisation isn’t prepared for an attack, the disruption can be devastating and you may feel as though you have no other option than to negotiate. Doing so might seem advisable, but there’s no guarantee that the criminals will stick to their promise once they’ve been paid.
Additionally, paying a ransom once marks you as a soft target for future attacks, which could result in escalating costs.
The ransom crisis is particularly bad in the UK. A SonicWall report found that UK-based organisations faced the second-highest number of ransomware attacks in the world in the first half of 2021.
According to SonicWall, ransomware attacks increased by 234% across Europe in that time, while CyberEdge’s 2022 Cyberthreat Defense Report found that 80% of UK organisations had been successfully targeted in the past year.
How has the situation got so out of control, and what must organisations do to combat the threat?
According to Sophos’s State of Ransomware 2021 report, organisations spend on average $1.85 million (about £1.5 million) respond to a ransomware attack. This doesn’t include the cost of a ransom payment, which can exceed £100,000 for small organisations.
These are sums that very few organisations have at their disposal, and it demonstrates the futility of paying ransomware attackers. You might be able to pay the attackers to restore your systems, but this is only the beginning of your problems.
You must also deal with the consequences of business disruption, implement measures to restore your reputation, handle your data breach notification requirements and conduct forensic investigation.
Plus, depending on the nature of the breach, you may still be liable for fines or other enforcement actions under the GDPR (General Data Protection Regulation).
Ultimately, paying crooks an extortionate sum does very little to help, and your money would be better spent preparing for the long-term damage that has already been done.
This is a lesson that few organisations have taken on board. Those that have accepted the likelihood of a ransomware attack occurring are relying on other means, such as cyber insurance.
Although cyber insurance is an effective way of mitigating the financial damage of a data breach, it won’t protect you from the logistical issues. Policies are not intended to replace data protection practices but to prevent a bad situation from getting worse.
The French insurance firm AXA grew so frustrated at organisations for using cyber insurance to pay ransomware demands that it is now prohibiting clients from doing so.
AXA said it was suspending the option in response to concerns raised by French justice and cyber security officials during a government discussion about the rising threat of ransomware.
“The word to get out today is that, regarding ransomware, we don’t pay and we won’t pay,” cyber crime prosecutor Johanna Brousse said at the hearing.
Addressing ransomware from within
NBC reported last year that attacks were so prolific that organisations were overwhelmed and unable to seek assistance from third parties.
“We’re getting calls from organizations almost every single day,” said Charles Carmakal, the chief technology officer at the cybersecurity giant Mandiant. “We’re barely able to keep up.”
“I feel bad, but we turn down a lot of organizations because we don’t have the capacity to help them,” he added.
Similarly, Jake Williams, the chief technology officer at the cybersecurity company BreachQuest, said his organisation saw a drastic increase in the demand for ransomware support.
“We’re having to be selective on some of the cases we’re taking,” Williams said, adding that BreachQuest was required to hire subcontractors to manage the influx of work.
With cyber security professionals barely able to keep up with the threat, it’s no surprise that ransomware continues to thrive.
To adequately handle the threat, organisations must take responsibility for their defences. This means having experts in the building who know how your business operates and the threats you face.
An essential first step is to conduct a risk assessment. This is a foundational activity for any organisation looking to improve its security and risk posture.
With Vigilant Software’s software package vsRisk™, you can create repeatable, consistent assessments year after year. Its simple design includes an asset library that assigns organisational roles to each asset group, applying relevant potential threats and risks by default.
Meanwhile, its integrated risk, vulnerability and threat databases eliminate the need to compile a list of risks, and the built-in control sets help you comply with multiple frameworks.
We’re currently offering a free 30-day trial of vsRisk. Simply add the number of licenses you require to your basket and proceed to the checkout.
A version of this article was originally published on 11 July 2016.