The Next Wave Of Ransomware


Ransomware as a trend will continue to affect businesses across the world – with attack types and tactics from cybercriminals evolving all the time. As attacks get more sophisticated, so do the consequences of falling victim to ransomware and the complexity of the clean-up.

The stakes are therefore higher than ever for businesses to protect against ransomware attacks. Organisations need to understand the emerging trends that we will see gather speed and prepare their defences for the ransomware onslaught.

Make your business insurable

The tension between insurers and businesses affected by ransomware is mounting. In EMEA, global insurance giant AXA has already announced that it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals. Furthermore, the Dutch government has considered banning insurers from covering the cost of ransom payments made by businesses operating in the Netherlands. With insurers overwhelmed and frustrated by ransomware claims, underwriters will tighten up their policies to ensure clients meet predetermined conditions, such as investing in appropriate cybersecurity and employee training before paying out.

Watch out for triple extortion

This technique designed to make businesses pay more and pay faster involves extending the attack to the victim’s customers and partners. Traditionally, ransomware attacks involve cybercriminals locking down and encrypting systems and demanding a ransom payment to regain access. In 2019 ransomware strains such as DoppelPaymer gave cybercriminals the ability to lock down systems and exfiltrate data simultaneously. Not only can attackers demand ransom money for regranting access to key IT systems, but they can also threaten to publish exfiltrated data online if the victim doesn’t pay up. Triple extortion involves a third element – directing the attack beyond its initial target, using multi-layered extortion techniques to harm the victim’s customers and partners.

Minimise the threat within

Various studies suggest that over 60 per cent of data breaches and cybersecurity incidents are caused by insider threats. Disgruntled employees understand the power they have in terms of opening the doors to the outside. Equally, perfectly satisfied employees who do not grasp the importance of practising good digital hygiene can be equally dangerous. Digital hygiene is the first line of defence for an organisation. Using two-factor authentication and restricting file access to only those who need it are ways of limiting the amount of damage a single user can do if security is compromised intentionally or unintentionally. Furthermore, training and education are vital to ensuring employees are confident in identifying and reporting potential attacks.

Beware of the slow burn

Advanced Persistent Threat (APT) attacks involve unauthorised users gaining access to a system or network and remaining there for an extended period without being detected – waiting for the right opportunity to steal valuable data. Cyber-attackers are clever about choosing the right time to strike and maximising their chances of getting an easy payday by compromising a company when they are at their most vulnerable or when the stakes are highest. For example, an attacker may be ready to take your systems down and exfiltrate data but know that your company is due to IPO in a few months. Therefore, it makes sense to wait it out and take you down when you need the operational and reputational damage least and will be most willing to payout to end the attack.

Enforce the law

Law enforcers are trying to bridge the imbalance between risk and reward for cybercriminals. Cybercriminals can make huge sums of money with little or no threat of prosecution. This will and has to change. However, given the borderless nature of cybercrime, governments must agree on an international legal framework for punishing cybercrime. Until then, legal action will mainly be directed toward the victims rather than the criminals. Many governments are debating whether to make ransomware payments illegal, so businesses resist the temptation to pay ransoms – cutting off cybercriminals’ income supply. Moreover, cryptocurrencies like Bitcoin, commonly viewed as a hacker’s dream, actually have the potential to help law enforcers bring criminals to justice. Digital ledgers like Blockchain make it easier to ‘follow the money’ as records cannot be altered or deleted. Therefore, once criminals turn their cryptocurrency into ‘real money’, the digital ledger can theoretically unmask them.

Protect your data

Everything from the advancing threat landscape to changes in how the legal and insurance sectors view ransomware payouts puts the onus on data protection and cybersecurity. Organisations must consult with their technology partners about deploying Modern Data Protection solutions to detect, mitigate and remediate ransomware attacks. Data must be backed up and recoverable across physical, virtual, cloud, SaaS and Kubernetes so that businesses can remediate and recover quickly rather than being forced into paying the ransom in the event of a ransom.

As well as implementing Modern Data Protection solutions, businesses must prioritise improving digital hygiene levels across their entire employee base. Employee education and awareness training can help to create a more digitally secure culture across the organisation. A ‘human firewall’ combined with the right technology can help organisations prepare themselves for the ransomware attacks that will inevitably come their way this year and beyond.

If you liked reading this, you might like our other stories
One Year Later: Lessons From The Colonial Pipeline Ransomware Attack
What You Need To Know About BlackCat Ransomware as a Service