Human-operated ransomware attacks are now one of the top priority cyber threats faced by most organisations. In this type of attack, cyber criminals gain access to internal corporate networks and deploy ransomware to encrypt data – often to devastating effect – before attempting to extort organisations into paying seven or eight-figure ransoms to recover access and restore systems. Attackers also steal and threaten to leak sensitive data, to provide additional leverage when extorting their victims.
Check out our guide to navigating today’s top cyber threats.
These attacks represent a more challenging threat than previous well-known ransomware attacks, such as NotPetya and WannaCry. This results from skilled and adaptable financially-motivated people behind the attacks, who can identify and overcome defences, as well as evolve their tactics to maximise their chances of getting organisations to successfully pay out. This is unlike previous high profile attacks which relied on wormlike functionality to spread ransomware.
Given these attackers have now started stealing and threatening to leak sensitive data, the majority of improvement efforts should be focused on preventing these attacks. Focusing solely on backup and recovery strategies is no longer a viable option, as these do not prevent the attacker from stealing data in the first place, or help with the resulting regulatory implications. Even when backup and recovery strategies are in place,for large organisations an enterprise-wide recovery from backups can take weeks and in some cases be practically unfeasible.
Organisations who have not already taken steps to understand and reduce their vulnerability to these attacks should act now. This is especially important as organisations across a wide-range of sectors have recently been affected, and the frequency of these attacks is highly likely to continue to rise over the coming months. The improvements required to reduce the risk of these attacks are not anything surprising to cyber security teams, likely already forming part of organisations’ existing improvement plans. However, the escalation in the threat should cause organisations to re-prioritise ongoing and planned activities, as well as consider what actions they can take to immediately reduce their vulnerability to these attacks.