VIEW: On the ransomware epidemic

There are numerous and clear warnings that cyber attacks are on the rise, and that attackers are launching precision strikes against firms thought likely to pay ransoms and offering weak defences.

The cyber risk landscape has become much more dangerous throughout the pandemic, with ransomware attacks hitting headlines regularly. Waves of new attacks have made for different and disturbing findings.

Companies have embraced digital transformation and employees have switched to remote working in the past year, presenting opportunities for cyber criminals to exploit weaknesses in defences. Ransomware in particular has become an epidemic of its own.

In June, the The REVil criminal gang demanded a US$70m ransom, paid in cryptocurrency Bitcoin, in return for unlocking the files of thousands of businesses caught up in the same attack. The gang meanwhile negotiated with individual firms for smaller ransom payments. In May, DarkSide, another group of cyber criminals, managed to shut down almost half of the oil supply to America’s east coast for five days, by attacking Colonial Pipeline. Authorities managed to recover the majority of a US$4.4m ransom paid in Bitcoin after that attack.

The UK authorities have released new guidance on cyber security for large and medium-sized firms. The update, The 10 Steps to Cyber Security, is a collection of advice from the National Cyber Security Centre that supports chief information security officers and other security professionals to keep their company safe by breaking down the task of protecting an organisation into ten components. It is being unveiled during CYBERUK, a virtual gathering of thought leaders from the cyber security community and hosted by the NCSC.

The 10 Steps to Cyber Security, which were first published in 2012 and are now used by a majority of the FTSE350, have been updated to capture challenges posed by the growth of cloud services, the shift to large-scale home working, and the rise and changing nature of ransomware attacks.

The NCSC also released ransomware and malware-specific guidance in February 2020. This guidance is aimed at helping private and public sector organisations deal with the effects of malware. Following its guidance, the NCSC said, should reduce the likelihood of becoming infected; the spread of malware throughout your organisation; and the impact of the infection.

If an organisation has already been infected with malware, including ransomware, the NCSC has a list of urgent steps to take. Smaller organisations should refer to the NCSC’s Small Business Guide, and larger organisations should refer to the NCSC’s Mobile Device Guidance.

A ‘defence in depth’ approach is a good way of keeping out ransomware attackers, and limiting the effects of any breach in security which does still occur. Risk management has plenty of tools in the armoury to help here.

Getting the right IT advice and IT security technology in place are more important than ever. Back-ups of essential data are important, like any conventional business continuity plan, although hackers’ focus on publishing sensitive information means backing it up is not necessarily a useful response to such a threat.

Where the risk management professionals can also help is in the non-technology aspects to increasing security. Risks arising through employees’ actions or inactions have risen in particular during the pandemic. Staff working from home, using their own laptops, or using their company machines for personal use are a major source of risk.

This makes it all the more crucial that the right governance, controls policies and procedures are in place; and that risk awareness is built up among employees through training and educational efforts about how to keep themselves and the company safer from attack.

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.