As October’s annual Cybersecurity Awareness Month draws to a close with a hack on Tesco’s systems and a warning from GCHQ’s director over a doubling UK ransomware attacks, it’s clear that that 2022 cyber-wise will be just as difficult as 2021.

Although some believe that organizations are getting better at preparing for and responding to attacks, the evidence from some recent reports is thin on the ground.

ThycoticCentrify’s “2021 State of Ransomware” survey, based on responses from 300 US-based IT decision-makers, found that 64% of respondents had experienced a ransomware attack in the last 12 months, with 83% of victims saying they had no choice but to pay a ransom to their attackers to restore encrypted data. The suggestion in the report’s headline is that it is not a matter of if, but when a ransomware attack will happen, is sadly all too true.

Another report, from the US Treasury Department’s financial crimes enforcement network (FinCEN), noted a significant increase in the number of ransomware-related suspicious activity reports (SARs) from US financial institutions between January and June 2021. Over the six months, financial institutions submitted 635 SARs, against 458 similar reports in all of 2020.

A third report, from Corvus, a cyber insurance firm, showed the cost of ransom payments is rising as a share of the overall cost of a ransomware attack. The average ransom for 2021 is now over $142,000.

The fact that UK ransomware attacks have increased is really no surprise. Ransomware is a global problem: the security challenge of our age. And organizations are still falling victim to it.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Verdict.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Why ransomware isn’t going away

Various reasons have been suggested for ransomware’s continuing prevalence. One suggestion is that two-factor authentication needs to be fully implemented by organizations. Anything that requires a username and password for access should have two-factor authentication enabled.

Another reason is that ransomware attackers have never had it better in terms of freely available tooling. Attackers need phishing toolsets, obfuscation frameworks, initial access tools, command-and-control infrastructure, credential-abuse tools, and open-source ransomware payloads, and most of them can be found on GitHub.

Ransomware groups also seem to collaborate better than the infosecurity industry. ‘Work’ can be spread across multiple criminal groups, meaning it’s harder to attribute tactics, techniques and procedures to any single actor.

What is clear is that authorities should be offering better advice on how to prepare for ransomware attacks, which are themselves constantly evolving. High level talk of links between criminal and state actors is of little practical use to UK organizations facing sophisticated ransomware threats.

The double extortion threat

There should be much more discussion of the growing threat of ‘double extortion’. Up to 40% of cyberattacks now involve a form of double extortion. Instead of just encrypting files, double extortion ransomware exfiltrates the data first. This means that if the company refuses to pay up, information can be leaked online or sold to the highest bidder.

Dell has described it as a ‘multi-modal attack campaign’ that also involves an attack on the brand reputation of the victim through naming and shaming. It typically includes select disclosure of exfiltrated data as a means of proof of attack. Such auctioning of exfiltrated data on the dark web provides attackers with a secondary means of monetization of the original attack.

The bottom line is that back-ups can no longer be relied upon to save the day, ransomware attacks are continually evolving, and well-meant, but seemingly ineffective cybersecurity awareness months are not enough to counter them.