How to Protect Your Organisation from Cyber Extortion
Category: News
Published: 20th February 2025
What is Ransomware?
Ransomware attacks work by gaining access to an organisations network, establishing control and leaving encryption software behind. The malware can then be activated to lock devices and encrypt data across the networks.
Usually, you will then receive an on-screen notification from the criminals outlining the ransom demands and how to make payment. They will most likely demand a payment in the form of bitcoin, in exchange for decryption keys.
This payment can range but in a survey by Infosec magazine, the average UK payment was £870,000 with the largest being somewhere between £10-£20 million.
Paying the Ransom
Experts and law enforcement agencies don’t suggest paying the ransom unless it is a last resort.
Here’s why:
No Guarantee of Decryption: Paying does not ensure you will receive the encryption key or that your files will be restored.
Encouraging Criminal Activity: Paying a ransom funds criminal operations, enabling further attacks.
Increased Target Risk: Organisations that pay are more likely to be targeted again, as criminals see them as profitable victims.
In January 2025, the UK Home Office launched a consultation on three key proposals to tackle ransomware attacks and prevent criminal groups from profiting. These proposals focus on banning ransom payments, introducing reporting requirements, and enhancing government oversight of ransomware incidents. It may not be long before the option of paying the ransom is removed entirely.
The Rise of Double Extortion Attacks
Unfortunately an increasing number of companies are experiencing double extortion, where an attacker first exfiltrates or removes sensitive data from a victim organisation before executing their ransomware payload. This gives the cyber criminals additional leverage as they can threaten to expose sensitive data to the public or release it on the dark web.
Additionally, with quantum computing on the horizon even if your files are encrypted, malicious actors may take them with the knowledge that eventually they will be able to be decrypted.
Ransomware-as-a-Service
Ransomware is no longer limited to highly skilled hackers. Ransomware-as-a-Service (RaaS) allows cyber criminals to purchase or rent ransomware tools, making attacks more frequent and sophisticated. These groups are well-funded, motivated, and pose a major threat to businesses of all sizes.
Why Traditional Security Measures Fall Short
Traditional security measures are often inadequate in detecting and preventing ransomware. This is because the malicious actors have learnt how to work around traditional security measures.
For example:
Virtual Private Networks (VPNs): Increasingly used to obscure data exfiltration activities, making it difficult for traditional security measures to detect and prevent data breaches.
Network encryption: This encrypted traffic conceals malicious activities, allowing attackers to bypass detection and exfiltrate data without raising alarms.
Complex and difficult to manage: Traditional Data Loss Prevention (DLP) solutions can be complex and difficult to manage, requiring specialised teams to own the tools and programs, leading to inefficiencies and potential gaps in protection.
Time to value: DLP and Insider Threat solutions often have long deployment times and require extensive customisation and tuning before they become effective, delaying their value and leaving organisations vulnerable during the implementation period.
People and processes will fail: From social engineering campaigns to access sold by rogue insiders, it’s best to assume that compromise is inevitable.
Products will be bypassed and evaded: Attackers have evolved beyond building malware to evade security detection, they go after the security products themselves to bypass and unhook them.
How to Protect your Organisation from Ransomware
To protect your organisation against ransomware, security training & awareness is essential combined with an integrated and managed technology stack. However, in a worst-case scenario if the ransomware manages to bypass your security, there are solutions.
We can provide, via our partners, an intelligent agent that captures the encryption event, shuttles the keys into a secure enclave and, after the malicious process is blocked, automatically decrypts any impacted files on the endpoint. This eliminates any need for your organisation to even consider paying a ransom.
This anti-ransomware platform is easy to deploy, does not conflict with existing endpoint security solutions, and provides several unique levels of protection against ransomware attacks.
