Ransomware is an ever-growing cyber threat that can completely devastate an organisation – and shows no signs of halting in 2023.
Last year, the US National Cyber Security Centre (NCSC) warned that ransomware was the biggest cybersecurity threat facing the world, describing the attacks as “unrelenting”. CEO of the NCSC Lindy Cameron warned that ransomware attacks strike “hard and fast” and that the so-called “ransomware as a service” model means the technology to carry out attacks lowers the bar for entry into cybercrime.
Ransomware is a type of malware that can affect anyone, but has become a significant threat to global businesses over recent years. There are multiple forms of ransomware. The traditional model simply encrypts files on a system after gaining access, demanding a ransom in return for the decryption key; this ransom is often requested in Bitcoin. Another model which is becoming increasingly common is cybercriminals saving a copy of the data that has been encrypted, and threatening to release it unless the ransom is paid. The ransom might be in the millions, but for large corporations the loss of revenue caused by a leak of confidential and private data could be even worse. Costs may include legal fees, IT network modifications, and lost productivity during downtime.
The majority of ransomware gains access to a system through user-initiated actions, such as clicking on a malicious link in a phishing email, or on a pop-up via a compromised website. While many ransomware infections are indiscriminate, it is becoming increasingly common for cybercriminals to specifically target a victim. The FBI refers to this kind of ransomware attack as extortion, due to the typically higher ransom and threat to leak sensitive data.
Late last year, the Guardian website was compromised in what was believed to have been a ransomware attack. The attack affected certain parts of the publisher’s technology infrastructure, with staff told to work remotely, however online publishing was largely unaffected.
To mitigate the risks of ransomware in 2023, there are some best practices that businesses as well as individual home users can utilise. The most important is having an up-to-date backup to restore from in the event of ransomware infection. For home users his could be a single copy of your data backed up weekly or monthly onto an external hard drive, but for businesses, multiple iterations of the backup should be saved, and routinely tested for data integrity; there should be a backup stored off-site, too. Ensuring you have an up-to-date antivirus package is also important, with regular system and network scans performed. Businesses should also teach employees best practices with regard to clicking on links, perhaps with warnings when an email is received from an external recipient.