Monday, 29 August 2022
Like many types of cybercrime, ransomware is a steadily growing threat. In this bog we look at the current state of the threat – and what to do about it.
Like many types of cybercrime, ransomware is a steadily growing threat. The Grant McGregor team looks at the current state of the threat – and what to do about it.
More than two-thirds of organisations questioned as part of the 2022 Proofpoint survey reported that they had suffered at least one ransomware infection last year. That’s not just organisations that were targeted by ransomware.
Sixty-eight percent of organisations were infected.
That’s a staggering proportion. And the number is rising steadily (the number of affected organisations rose from 66 percent in the previous year).
Ransomware isn’t a one-off event
What’s more, these events aren’t isolated attacks. Of the sixty-eight percent of affected organisations, two thirds of them experienced more than three separate infections. Worse, 15 percent of them dealt with more than 10 separate infections!
What’s going wrong here? We’d have to suggest that the 15 percent of organisations that suffered ten or more separate ransomware infections are long overdue an investment in staff cybersecurity awareness training.
Too many organisations pay the ransom – especially in the UK!
Ransomware is on the rise because it is profitable for the cyber criminals. Unfortunately, here in the UK, some 82 percent of organisations that are affected by ransomware will pay the ransom. That’s 41 percent higher than the global average of 58 percent.
Worse, paying the ransom is no guarantee that you will get back your data or control of your systems. Of the 58 percent of organisations globally that tried to negotiate with their attackers, only 54 percent regained access to their data and systems after the first payment.
Nearly a third opted to pay additional ransom demands until they eventually regained access. Ten percent refused to pay the additional demands and walked away having paid the first demand but still not having regained access to their data or systems. The remaining four percent never regained access to their systems and data despite paying additional demands.
Little wonder that government agencies always advise against paying the ransom(1)! Perhaps most importantly, refusing to pay ensures that you don’t reward the hackers’ malicious behaviour or encourage further attacks.
What can you do to protect your organisation?
The National Cyber Security Centre (NCSC)’s advice on this topic states, “Since there's no way to completely protect your organisation against malware infection, you should adopt a 'defence-in-depth' approach. This means using layers of defence with several mitigations at each layer. You'll have more opportunities to detect malware, and then stop it before it causes real harm to your organisation. You should assume that some malware will infiltrate your organisation, so you can take steps to limit the impact and speed up your response.”
In detail this defence in depth strategy means:
• Ensuring you have good backups in place (and testing them regularly)
• Use mail filtering to prevent the likelihood of malware and malicious links reaching users
• Implement enterprise-wide anti-malware and anti-virus solutions
• Adopt safe browsing lists to prevent access to known malicious sites
• Implement multi-factor authentication
• Ensure your single sign-on access policies are adequate
• Patch all known vulnerabilities immediately
• Implement a policy of least privilege to minimise the systems and data to which individual users have access (including removing users, devices and permissions that are no longer required)
• Allow users to only install trusted applications
• Invest in staff cyber security awareness training
• Ensure all staff know how to respond to an incident and encourage an incident reporting culture.
In this way, you can build the resilience required to minimise the impact of an attack.
What now?
If you are concerned that your organisation doesn’t have the necessary processes and policies in place to mitigate the impact of a ransomware attack, please reach out to our team. We are always happy to help or offer advice. You can reach us on: 0808 164 4142
Cyber Essentials remains the best way to protect your people and your business. Find out how (and much more) in our free guide:
Further reading
You can read additional insights into cyber security topics on our blog, including:
• New NCSC Research Shows Small Businesses Have Most to Gain from Cyber Essentials Scheme
• Are your devices managed and secured to meet today’s evolving threats?
• What Does the War in Ukraine Mean for Your Cyber Security? (including practical actions to take now).
Sources:
1. https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
