Ransomware: Why now is the time for businesses to act

by | Aug 12, 2021

Soon after Covid-19 emerged, an eleven-fold surge in ransomware attacks began. Between April and May 2020, there were 20,000 to 30,000 daily attacks in the US alone.

There is no sign of this trend slackening. On 2nd July 2021, hackers infiltrated US IT firm Kaseya in what is already being called “the biggest ransomware attack on record.” The attackers seized troves of data, demanding a $70m ransom. The attack has affected hundreds – if not thousands – of businesses globally.

While ransomware has been around since the late 1980s, the recent emergence of privacy infrastructure and the growing prominence of cryptocurrencies are fuelling the fire. The combination of the two enable attackers to carry out major attacks while maintaining their anonymity. This presents a lucrative opportunity for malicious groups around the world.

Data and monetary losses are the main damage that ransomware attacks can inflict, but those impacts rarely tell the full story. Attacks of this kind often result in significant reputational damage, reduced competitive advantage, customer mistrust and increased stress for those tasked with picking up the pieces.

To implement a truly effective solution in this new age of cybersecurity, organisations need to understand that there is no one-time fix. Robust, modern IT security requires a proactive as-a-service model, and one that will evolve to deal with new threats as they emerge, as our partners Zero Networks and Darktrace have pioneered.

Hybrid working risks
To understand the factors that are driving ransomware, it is important to cover hybrid working. While flexible working offers multiple benefits, security risks have increased significantly through devices being lost in transit, improper data storage and vulnerable home networks. The threat landscaped has significantly broadened with the growing emphasis on home and hybrid working environments, which has resulted in workforces being far more exposed to ransomware.

Training and increased awareness can tackle this problem, but it cannot be solely relied upon. Security solutions must also rise to these new and complex challenges, and it is important for IT managers and security specialists to adopt a comprehensive security-as-a-service approach. This includes training and physical security, as well as application management, device hardening and remote protection. 

A threat to national security, and a public health and safety concern
Enhancing security to accommodate hybrid working is an important factor to highlight, but there are wider ransomware concerns growing around the world. Microsoft, Amazon, the FBI and the UK’s National Crime Agency have joined the Ransomware Task Force (RTF) to offer recommendations to governments, in light of the increasing severity of attacks.

The RTF points out that ransomware has now become both a national security threat and a public health and safety concern. This viewpoint relates to a significant uptick in attacks on institutions like hospitals and schools, with people being unable to access critical services in the worst cases.

The NHS learned lessons from the 2017 WannaCry zero-day attack which exploited vulnerabilities in its systems. A more recent example is the ransomware attack on Hackney Borough Council in October 2020, which led to support being disrupted for 300,000 residents and is expected to cost over £10 million.

In 2020, the National Cyber Security Centre reported that it had to tackle and process over three times as many ransomware incidents last year as it did it 2019, further emphasising the urgent need for widespread action across the world.

Proactive defence is the best form of protection
When it comes to ransomware, proactive defence strategies are crucial for preventing attacks, and building cyber resilience against them. One way to achieve this is through zero trust networks, where devices are not trusted by default. Instead, these networks use a single, strong source of user identity, strong user and machine authentication, authorisation and access control policies.

Another way is through AI and machine learning. Darktrace’s Self-Learning AI is the only technology in the world that can provide an Autonomous Response to fight ransomware in real time – without disrupting normal business operations.

It is modelled on the human immune system and works by learning the normal ‘patterns of life’ for the organisation – including its users, devices and servers – allowing it to identify and neutralise ransomware attacks within seconds, as they deviate from this norm.

In their recent whitepaper, Darktrace examines a real-world ransomware attack on an energy supplier that was detected in real-time by their technology.

Security-as-a-service is the future
The world needs to take decisive action against ransomware, and the most simple, effective way for businesses of all sizes is to do this is by adopting a centrally managed solution.

A dynamic end-to-end approach is crucial for protecting data in the complex, mobile modern world, including the protection of movable digital assets out on the road, through to continuous monitoring to lower general risk.

Security-as-a-service provides confidence and peace of mind, enabling organisations to channel precious energy into what matters most.

If you would like to learn more how security-as-a-service can protect your business, please contact us.