Anti-Ransomware Day: How to Build a Strong Defence

Falling on the seventh anniversary of the Wannacry ransomware attack, which affected more than 60 NHS trusts in the UK, Anti-Ransomware Day stands as a harsh reminder of the damage that cybercriminals can and will inflict.

Following a ransomware attack, there is an average downtime of 22 days before businesses can resume operations. The average cost of downtime can frequently amount to fifty times more than the ransom demand, and this is when significant reputational and financial damage can occur. 

Reflecting on the financial damages, Darren Thomson, Field CTO EMEAI at Commvault, said: “Last year ransomware payments surpassed the $1 billion mark, the highest number ever observed, and the threat is only expected to continue to rise with growing adoption of AI.”

Remember, it’s a matter of ‘when’, not ‘if’ your organisation will suffer a cyberattack. So, how can you prevent this from happening to you?

A constantly evolving threat

A 2024 data threat report revealed a rise in ransomware attacks as compliance failings leave businesses vulnerable to breaches. There was a 27% increase in companies that fell victim to a ransomware attack last year, with 8% of those paying the ransom.

Chris Denbigh-White, CSO at Next DLP, says: “Initially, ransomware attacks were straightforward, employing a single-stage approach: encrypting data and demanding payment for its release. However, more recently, ransomware gangs have escalated their tactics further by engaging in multifaceted attacks involving encrypting and exfiltrating data and leveraging this information to coerce victims into compliance. This advanced attack level extends to disclosing the breach to victims’ customers and regulatory bodies if ransom demands are not met, thus extending the ultimatum to ‘pay us or we will release your data AND report you!’”

“The risk of ransomware is growing, driven by greater accessibility of ransomware to relatively unsophisticated threat actors,” adds Martin Simpson, Principal at Node4 Security Practise. “Ransomware as a service” has democratised malware removing the need for deep technical skills to execute an attack. A more worrying trend is the deployment of ransomware within a hybrid attack profile where several attack vectors combine to create maximum disruption to an organisation.”

Detection and prevention

It is well known that ransomware does not discriminate. Having preventative measures and a recovery plan in place is the most secure thing you can do for the safety of your data. With that in mind, we asked the experts for their recommendations on how to strengthen resilience against ransomware attacks: 

1. Take a collaborative approach. Jason Keirstead, Vice President of Collective Defense at Cyware,argues that “by adopting a collective cyber defence strategy, organisations can collaborate internally within teams, and externally across industries to share valuable insight and defend against cyber threats including ransomware.

“One helpful tool is what’s known as a Cyber Fusion Centre – a model that unites all security functions, including threat intelligence, security automation, threat response, security orchestration, and incident response, in one cohesive whole, allowing real-time collaboration and the easy exchange of knowledge.” 

2. Implement anomaly detection. “Anomaly detection and early warning systems are essential,” explains Commvault’s Darren Thomson. “Knowing as soon as something out of the ordinary is happening within your systems enables security teams to isolate the environment and stop malware in its tracks before it has the opportunity to encrypt, steal or remove access to critical datasets and systems.”

3. Take proactive measures. Drawing on his own experience, Moshe Weis, CISO, Aqua Security, outlines:: “In response to this evolving threat landscape, we recommend prioritising the adoption of proactive measures and robust defence strategies tailored to cloud-native environments. This includes deploying advanced endpoint protection solutions integrated with Secure Access Service Edge (SASE) capabilities, implementing micro-segmentation and network segmentation to limit the lateral movement of ransomware, ensuring regular data backups stored securely in cloud repositories, and conducting comprehensive employee training and awareness programs.

“By implementing these proactive measures and leveraging innovative security solutions, organisations can strengthen their resilience against ransomware attacks, mitigate risks, and safeguard critical assets in today’s digital landscape.”

4. Invest in attack surface management tools. “Attack surfaces have grown beyond what traditional security practices can effectively manage – in fact, on average, 43% of assets on an attack surface are unknown to organisations,” says Nick Palmer, Solutions Engineer at Censys. “This is crucial because you cannot protect what you cannot see. Businesses must, therefore, invest in attack surface management tools, which can continuously monitor an organisation’s digital footprint and identify potential risks. This visibility allows organisations to take action and protect themselves – proactively reducing their risk of a ransomware attack.”

5. Prioritise data protection. “No business is immune to attack and this makes resilience equally as vital as threat detection and prevention,” explains Andy Swift, Technical Director of Offensive Security at Six Degrees“Organisations must ensure they have enhanced data protection through authenticated data access, data encryption, and solid data backup solutions. And this requirement should extend through their suppliers and partners – using zero trust practices, least privilege access, and boundary controls all the way down the supply chain.”

The future of ransomware

In a recent roundup of Q1 2024 ransomware attacks, a tech research company noted a “significant decrease” in confirmed attacks; specifically, attacks more than halved from 336 to 142 in the past year.

Laurie Mercer, Security Architect at HackerOne, acknowledges this by saying: “While it’s predicted there will be a continued rise of ransomware throughout the year, Q1 has also witnessed a record low of demands being paid, dropping to only 28%. This decrease could be the result of many things – from a global rise in advanced protective measures to mounting legal pressure, or even due to the fact that cybercriminals repeatedly breach promises once the ransom has been paid.

He concludes: “With a record low of ransomware payments witnessed, does this highlight a possibility that organisations are now prepared for an enforced payment ban? Enforcing a ransomware payment ban is like banning smoking – you know it’s good for society in the long run but in the short term, it is difficult to stop getting a quick fix. UK organisations should be better prepared than most to enforce a ransomware payment ban due to their lead in the field of cybersecurity and cyber security services like insurance products.”