RANSOMWARE - THE CRITICAL CYBER THREAT TO GLOBAL BUSINESSES IN 2021

Ransomware extortion has rapidly become the key cyber threat to organisations globally. Organisations’ increasing reliance on digital services and interconnected business, IT and operational systems has led to rising profitability of cybercrime and ever more advanced cybercriminal tactics. In the past year, the COVID-19 pandemic has heightened such threats. This has encouraged advanced cybercriminal groups to deviate from traditional cybercrime and fraud in favour of ransomware extortion and is also driving less technically capable cybercriminals to adopt such methods.

The financial impact of ransomware on business can be crippling; some estimates place the total annual cost of attacks globally, including ransom payments and remediation costs, at approximately USD 170 billion. The average cost of a ransomware attack in the UK in 2019, was £800,000. Operational downtime, out-of-hours and stretched resources, ransom payments, third party support and system rebuilds all make such incidents costly to remediate.

Encrypting, stealing, and threatening to leak data is no longer the only extortion method used by ransomware groups. Over the past five months, we have observed an increase in ransomware and other cybercriminal groups using alternative extortion techniques to coerce victims to pay. These range from extortive and disruptive distributed denial of service (DDoS) attacks, to extortive data-wiping attacks, to claims to have planted backdoors in software products, to auctioning or selling stolen data to the highest bidder. Ransomware groups can apply all of these techniques without the need to encrypt victims’ data.

The re-emergence of these alternative techniques demonstrates that cybercriminals are becoming increasingly aggressive in their extortive attacks. In 2021, we expect ransomware groups to continue exploring new and increasingly disruptive methods of extortion. This will almost certainly include the use of emerging technologies, such as deepfakes, which will further enable less skilled cybercriminals to extort businesses, executives, and individuals.

For cybercriminals, there remains a constant trade-off between profits and security against law enforcement and rival groups. For organisations, mitigation measures – built on proactive, threat-led cyber security solutions and well-rehearsed and realistic ransomware crisis scenarios – can prevent increasingly capable ransomware groups from forcing your business into a situation where a ransom payment is an enticing option.

To protect your organizations and assets from ransomware, apply the following nine tips:

1. ​Back up your company's data regularly. If something goes wrong, you should be able to quickly and easily revert to a recent backup. This won't protect you from being the target of an attack. But if you're ever attacked, the fallout won't be nearly as devastating.
   
2. Keep software updated. Ransomware attackers sometimes find an entry point within software by exploiting any vulnerabilities. Fortunately, some developers actively search for new vulnerabilities and patch them.
   
3. Use better threat detection. Most ransomware attacks can be detected and resolved before it's too late. To maximize your chances of protection, have an automated threat detection system in place.
   
4. Adopt multi-factor authentication which forces users to verify their identities in multiple ways before they're granted access to a system. If an employee's password is ever leaked to a criminal, the attacker won't be able to gain easy access to your systems.
   
5. Use the principle of least privilege. Employees should never have more access to data than they truly need. Segmenting your organization and restricting access can provide a kind of quarantine effect, minimizing the impact of a potential attack and limiting the vectors of access.
   
6. Scan and monitor emails and file activity. Emails are the default choice of cybercriminals running phishing schemes. Scan and monitor emails on an ongoing basis, and consider deploying an automated email security solution to block malicious emails from reaching users. Also, consider scanning and monitoring file activity.
   
7. Improve employee training. Most ransomware attacks are the byproduct of bad employee habits or pure ignorance. Someone may voluntarily give out their password or download an unfamiliar file. With better employee training, the chances of this happening are much lower.
   
8. Don't pay the ransom. If your organization happens to be the victim of a ransomware attack, don't pay the ransom. It might seem tempting to get out of this bad situation as quickly as possible. But even after paying the ransom, there's no guarantee the attacker will be true to their word.
   
9. Use anti-ransomware solutions. To achieve its objective, ransomware must perform certain anomalous actions, such as opening and encrypting large numbers of files. Protecting against ransomware that “slips through the cracks” requires a specialized security solution. Anti-ransomware solutions monitor programs running on a computer for suspicious behaviour commonly exhibited by ransomware. If these behaviours are detected, the program can stop any encryption before further damage is done.