The Growing Risk of Ransomware
17th May 2022
Ransomware is malware that employs encryption to hold a victim’s information at ransom.
Your businesses critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access to those assets.
Data breaches can have a devastating impact on finances, future ambitions and reputation, plus you could end up loosing thousands of pounds in damage.
When Leigham Martin, Group Head of Infrastructure and Security at tech-firm Connectus, was asked the following, he said:
Why are ransomware actors turning to the double extortion ransomware attacks?
The simple fact of the matter is that businesses and industries are getting better at protecting themselves and system vendors are also getting better at adopting the secure first model. This, in turn, has forced cyber criminals to adapt their techniques to avoid detection and maximise profit. For ransomware actors the game has now changed, the traditional ransomware campaigns of the infamous WannaCry ad NotPetya are less effective now because organisations are getting better at securing themselves. With today’s double extortion ransomware campaigns, rather than encrypting files and deleting them without payment (of which companies can recover from backups) cyber criminals are instead turning to exfiltrating company data first. This means that if the victim company refuses to pay then the cyber criminals will leak the data online or sell it to the highest bidder. This opens a whole new world of damages to the victim company including receiving fines from the information commissioner’s office for the associated data breaches.
Why does double extortion ransomware pose a threat to businesses?
Double extortion ransomware allows cyber criminals to not just demand ransom for encrypted data but also allows them to continue the attack by threatening to release the data into the public domain should the ransom not be paid. Even if the ransom is paid, how can a business ever know for sure that the data that’s been stolen has properly been deleted from the attacker’s side after the ransom has been met? They can’t.
Double extortion ransomware criminals threaten to publicly “name and shame” the business if they don’t pay up and this, sadly, seems to be a growing tactic within the cybercriminal underworld. Criminals will leak the company data because of non-payment which then allows other cyber criminals to use any sensitive information that has been leaked to gain further access into a company’s infrastructure, commit fraud or attempt further breaches.
The threat to businesses from double extortion ransomware is rapidly growing and the fallout from all of this is hugely damaging to a business’s reputation, to its infrastructure and to its ability to operate. In some cases, there are businesses that have had to cease trading because they have been unable to overcome the damage that has been done from a ransomware attack leaving their employees without jobs.
How can organisations protect themselves from double extortion ransomware?
Over the next couple of years double extortion ransomware is expected to grow even more. Therefore, to prevent businesses from being a victim to double extortion ransomware, it’s important that businesses take the initiative in securing their assets and by having fundamental protection mechanisms in place. By doing so you can reduce the risk of double extortion ransomware to your business substantially. It is the responsibility of any responsible business to have a plan in place should they ever be affected by a cyber-attack; most businesses don’t have a plan and are then ultimately unable to recover from an attack. Some even end up going into administration because they haven’t been able to deal with the impact that a cyber-attack has had on the business.
Utilising technology such as two-factor authentication and ensuring that devices are patched and up to date can help to mitigate risks and lower exposure, conducting regular vulnerability assessments and penetration testing can help organisations manage their risk exposure as well as remediation plans.
Centrally managing devices, regular backups, enforcing multi-factor authentication, VPN’s, patch management, mail filtering, firewalling and endpoint security are all efficient ways of protecting an organisation from potential malware and ransomware attacks without breaking the bank.