Understanding, mitigating, and prevailing against increasing ransomware attacks.
Ransomware attacks have continued to plague businesses throughout 2023.
Royal Mail started the year with a cyber-attack that went viral. The attack was pervasive, affecting the company’s IT systems and operations. The disruption spread to many small businesses, which were unable to ship throughout the UK and overseas.
More recently, one of the world’s biggest libraries, the British Library, were targeted with another ransomware attack. Their online and onsite services were impacted, and their online catalogue is still inaccessible two months later. The malicious actors also stole internal data and leaked user data, proving the overall severity of the situation.
Even though we are aware of many ransomware attacks on public bodies, we rarely learn the full details of the attack. Those in the public eye are less able to hide an attack. But many private companies can. In the first six months of 2023, there were 1,815 undisclosed ransomware attacks.
We may not know the full scale of the issue, but there’s no doubt that this is a serious threat. So, we are taking it back to basics and delving into what ransomware is, the consequences of an attack are and how to protect your company from it.
What is ransomware?
Ransomware is a type of malware which prevents you from accessing your device and the data stored on it, usually by encrypting your files. This is typically sent by a malicious group or actor who will then try to extort money from the company they have attacked in exchange for the data or decryption. There are many claimed reasons why the criminals will threaten to leak company data, violating customer privacy, or legal regulations. This is done for financial gain, to humiliate a specific company, or for claimed altruistic reasons. Attackers most commonly access a company’s networks via phishing emails, or through an unpatched vulnerability on a company’s IT estate.
Ransomware is different from other cyber-attacks such as data breeches because it is more invasive within a network. Ransomware attacks encrypt company data, giving the hackers sole access. This means that systems are debilitated with no method of re-operating without appeasing the malicious actor. In contrast, data breaches lead to company data being stolen. This is humiliating for businesses, but it does not lead to downtime as daily operations can continue. For ransomware hackers, financial gain is the primary objective, whereas data breaches are designed to steal a company’s data (with no return).
Prevention against ransomware is more complex and demands a sophisticated, multilayered approach to cyber security. Ensuring proper protection via encryption, firewalls, and access controls is not solely for preventative purposes. These security measure anticipate, detect, and remediate ransomware threats before they can cause harm to your networks.
The rise of ransomware
Ransomware attacks are here to stay. More than 80% of UK organizations experienced a successful attack in 2021/2022. This has continued to increase in 2023, with recent attacks on companies ranging from the public sector to IT providers. Ransomware criminals are not picky, they target big and small organisations alike. Well-known companies such as British Airways, the BBC, and Boots, were all hit in the past year.
All the while attacks result in ransomware payments, they are going to continue to increase. Attackers don’t need to be especially technical and benefit from anonymity while they can hide behind their screens. They can also send out a high volume of ransomware emails, increasing the likelihood that someone will fall for the attack by mistakenly clicking a malicious link.
This has solidified the existence of ransomware groups such as LockBit, Conti, and Clop. All have taken responsibility for some of the biggest ransomware attacks within the last few years. Their targets have included government organisations, large technology companies, and manufacturing operators.
Consequences of ransomware
These attacks have knock on results, as such breaches affect the entire supply chain.
Ransomware has negative connotations for the reputation of the organisation which has been attacked. Compromised companies appear unsafe as their networks and data have been exposed as not secure.
Financial losses as a result of a ransomware attack can be devastating. It’s estimated that the average ransomware payment by UK organisations is £1.7 million. This is currently higher than the global average. Organisations are hit with the costs of system restoration, cybersecurity upgrades, and potential legal repercussions. That’s on top of any ransoms paid.
The operational fallout of ransomware attacks is substantial and can affect all sectors, with consequences ranging from halting manufacturing to compromising sensitive data and services.
Predicting the next big attack?
A report was released earlier this week from the joint committee on the national security strategy, revealing that the UK government is currently facing a high risk of a ‘catastrophic ransomware attack’. UK public services have been common targets for ransomware criminals due to the high-profile nature of such attacks. For example, the ransomware attack on the NHS in 2022 led to a system outage and reduced services. The recent report cites ‘poor planning’ and ‘lack of investment’ as reasons for the government’s current vulnerability, showing that these are critical aspects which all companies must consider to protect their infrastructure.
How to protect your company
As mentioned, ransomware protection is not easy. A multilayered cyber security portfolio is necessary to protect all aspects of your company. A more holistic approach will allow you to evolve alongside constant technological advancements, whilst remaining compliant with regulatory frameworks.
Previous solutions, such as VPNs are almost redundant against ransomware attackers. If your network has implemented a VPN solution, attackers can gain visibility into the entire network. Instead, Zero Trust Network Access (ZTNA) ensures that in the worst-case scenario that a hacker has infiltrated your system, they are prevented from accessing the entire network. By implementing specific and contextual access policies, access is only granted into specific areas. This ensures that the inflicted damage is minimised. In conjunction with other layers of defence, this is more effective.
Additionally, good cyber hygiene will reduce the likelihood of a successful attack. This includes comprehensive patch management and educating your employees on common ransomware techniques to help them identify red flags. This decreases the likelihood of people clicking links and reinforces the first line of defence.
If ransomware criminals can infiltrate an endpoint, they can encrypt it with ransomware and spread throughout your estate. An Endpoint Detection & Response (EDR) solution will identify the threat and allow you to isolate an affected endpoint before the issue spreads. Combine this with Network Detection & Response (NDR) and any threats on your network will be similarly identified and your security team alerted. Layering both together and ingesting all alerts into a Security Information & Event Management (SIEM) System will give you full visibility and allow your Security Operations Centre (SOC) to identify and respond to anomalies immediately.
By intertwining all of these, you will build a truly secure security infrastructure. This is what we at Red Helix specialise in. So, if you are unsure or overwhelmed by acronyms, get in touch. We’ll be happy to advise on the most crucial elements of this approach for you or provide you with comprehensive cybersecurity as a service, keeping you safe from ransomware.