Ransomware: what lies beyond the headlines
Ransomware: it’s more than just a buzzword or a headline. It’s an ongoing battle in the complex realm of cybersecurity, leaving behind scars that provide valuable lessons for the future. The battle lines are drawn and redrawn as attackers become more sophisticated and defence strategies evolve in response.
According to our recent Cyber Resilience Report, the threat is all too real. Only 33% of organisations believe they have the capability to fend off a ransomware attack. In the past year, 17% have found themselves at the mercy of such an attack. The human and financial toll of these incidents is not to be underestimated. The average ransom payment has dropped from £144,000 in 2022 to £90,000 in 2023. This, however, should not be cause for celebration. Instead, it suggests an increase in smaller-scale, but more frequent attacks.
Facing the puppeteers behind the curtain
Ransomware tactics are continually evolving. We’ve seen a notable shift from automated to human-operated attacks. In the new era of human-operated ransomware attacks , it’s a disturbingly different game.
Unlike automated attacks, which rely on broad-brush methods in the hope of catching out the unprepared, human-operated attacks are meticulously planned and executed. They are often the result of a careful selection process, with attackers identifying potential victims based on their perceived vulnerability and the potential payoff. This shift is a prime example of the precision, patience, and perseverance displayed by modern cybercriminals.
Attackers often start their incursion with an initial compromise through common vectors like email phishing, exploiting software vulnerabilities, or credential stuffing. Once inside the network, they manoeuvre laterally, escalate their privileges, and identify their targets. It’s a process that can take weeks or even months, as they move stealthily to avoid detection.
They tend to deploy the ransomware payload only after they’ve achieved their objectives, such as exfiltrating valuable data or causing significant internal disruption. It’s a final act of destruction, often launched when they’ve been detected and eviction is imminent. In other cases, the ransomware is deployed as a smokescreen, diverting attention from the actual objective of data exfiltration.
This new wave of ransomware is not just about encrypting data; it’s about causing maximum disruption. With this shift, attackers are increasingly threatening to leak sensitive information, adding an extra layer of coercion.
The silent aftermath: business disruption and its cascading effects
Beyond the immediate financial implications, a ransomware attack often causes extensive business disruption. On average, operations come to a halt for 20 days following an attack. These operational disruptions can have ripple effects throughout the entire organisation and even extend to its customer base.
Interestingly, our survey highlights some of these lesser-known, but equally damaging consequences. Approximately 27% of the businesses surveyed experienced significant staff changes post-attack – employees either leaving, changing roles, or new ones joining. This figure marks an increase from 20% in 2022. The human impact extends to customer service and support staff too, with 25% of organisations reporting that these incidents have affected their customer-facing teams, up from 16.5% in 2022.
A holistic defence against ransomware
In the face of these alarming trends, a one-size-fits-all solution simply isn’t adequate. Businesses require a comprehensive, proactive strategy that evolves in lockstep with the threat landscape. This is where Censornet steps in.
At Censornet, we’ve built a robust platform that provides a holistic approach to security, covering all bases from email and web to cloud applications and multi-factor authentication. But we don’t just provide a service; we strive to be a trusted partner in your cybersecurity journey. Our approach is based on proactive communication and education about potential threats, so you’re always one step ahead.
Empowering SMEs against ransomware
Reflecting on the survey’s findings, it’s clear that businesses have work to do. More than half (51%) of organisations felt their cybersecurity needed further development to be future-proof, up from 40.5% in 2022. Meanwhile, 63% have reduced their number of security vendors, showing a trend towards a consolidated approach to cybersecurity.
As reliance on legacy technology drops from 65% in 2022 to 50.5% in 2023, it’s evident that businesses are moving to the cloud. However, complete visibility into cloud applications is declining, suggesting a growing blind spot that needs to be addressed.
At Censornet, we’re committed to helping organisations navigate these challenges. We aim to empower businesses to become resilient against the ever-present threat of ransomware.
Discover our comprehensive, integrated approach to cybersecurity. Join us today, and let’s work together to create a safer digital world.