The number of ransomware actors has grown steadily throughout 2020. Human-operated ransomware is in the skilled hands of adaptable criminals who are driven by the staggering profits derived from high-profile attacks that breach their targets’ network and deploy ransomware to encrypted data, before attempting to extort organisations into paying ransoms. These attacks have significant regulatory and reputational implications and can run daily business operations aground.
Profitable mass-scale techniques
In many cases, ransomware attackers use simple, automated and mass-scale techniques to access a target’s networks by distributing banking trojans via phishing emails and compromise privileged accounts and systems, using a combination of legitimate administration and security testing tools. Popularity of affiliate programmes lowers the barrier to entry for newcomers who spread through organisations’ IT environments and profitably deploy ransomware at scale.
Unpatched legacy IT creates vulnerability
Ransomware at scale is possible as most organisations have unpatched legacy IT, widespread IT and Active Directory hygiene issues, out-of-support operating systems, and flagging detection capabilities. Organisations’ legacy operating systems are mostly incompatible with modern security tools and lack the security features to fend off attacks. Vulnerabilities often remain unpatched and allow simple tools to gain access in internal corporate networks.
Detect your vulnerabilities
When it comes to ransomware attacks, there are no quick-fixes, as retrofitting modern cyber security controls on IT infrastructure can be costly and challenging, as it means that IT be modernised before it can become securable. Organisations who are yet to grasp and reduce their vulnerability should take steps now, and bring their security teams up to speed with a threat-focused testing approach.
Remediate and mobilise an effective response
Our practice shows that recovering efforts after an attack are far more strenuous than mobilising an effective response beforehand:
- develop and exercise a clear incident response and crisis plan,
- understand where critical data is, and the regulatory requirements attached to this,
- ensure that offline backups have been created and validated for all critical systems,
- build or retain the technical expertise to investigate and respond to the attack.