Despite the numerous interconnected elements now involved in effective digital transformation, the network remains the foundation of everything, ensuring any investment in new technologies delivers the best possible ROI, and that teams at all levels are empowered to deliver their very best, 24 / 7. As such, the digital transformation journey must always begin with a full network transformation.
Although the rise in money criminals have generated through ransomware has risen by what may appear to be a small percentage amount (approximately 2% from US $449.1 million to US $459.8 million), this is in spite of disruption caused to ransomware-as-a-service operations such as LockBit and ALPHV/BlackCat by law enforcement agencies.
The figures for the first half of 2024 include the US $75 million reportedly paid to the Dark Angels ransomware gang by an undisclosed Fortune 50 company, in what was believed to be the largest ever single ransom payment made since records began.
The ballooning size of maximum ransom payments represents a 96% year-on-year growth from 2023, and a 335% increase from the maximum payment made in 2022.
Chainalysis's research reveals that the median ransom payment made in response to the most severe ransomware has rocketed from just under US $200,000 in early 2023 to US $1.5 million by mid-June 2024.
The researchers believe that this 7.9x increase in the typical size of ransom payment (a nearly 1200x rise since the start of 2021) suggests that larger businesses and critical infrastructure providers considered more likely to agree to make higher payments due to their greater access to funds and the more significant impact of downtime.
Against this backdrop, the study claims that ransomware victims are giving in to extortion demands less often. As it explains:
Posts to ransomware leak sites as a measure of ransomware incidents have increased YoY by 10%, something we would expect to see if more victims were being compromised. However, total ransomware payment events as measured on-chain have declined YoY by 27.29%. Reading these two trends in tandem suggests that while attacks might be up so far this year, payment rates are down YoY. This is a positive sign for the ecosystem signalling that perhaps victims are better prepared, negating the need to pay.
In short, ensuring that your organisation had prepared to respond to a ransomware attack is essential.
Many organisations underestimate the importance of having a robust incident response plan. But knowing how to respond, especially in those critical first 48 hours after a cyber attack, can be critical.
Do you worry your company won't know how to recover after a cyber attack? Has your business just been hit by ransomware and you're wondering what to do?
There's still hope.
Don't make the mistake of believing that your organisation will never be targeted. The right approach is to take proactive measures in advance - as it's not a case of whether your business will suffer the likes of a ransomware attack but when.
Make sure to read Exponential-e's step-by-step guide on ransomware remediation.
What's happened?
Recorded Future has reports that the British Government is proposing sweeping change in its approach to ransomware attacks.
Do you know Dmitry Yuryevich Khoroshev?
If you do, there's a chance that you might well on the way to receiving a reward of up to $10 million.
Law enforcement agencies across the US, UK, and Australia have named Dmitry Yuryevich Khoroshev as the mastermind behind the notorious LockBit ransomware group, estimated to have extorted $500 million from companies worldwide.
To Test or Not to Test? - When it comes to IT disaster recovery and remediation processes, regular testing is not a 'nice to have' - it's absolutely essential!
This isn't hyperbole on my part. You just have to look at the news on any given day. We've all heard the horror stories of organisations in both the public and private sectors experiencing prolonged downtime during disasters due to inadequate preparation, lack of testing, and the unsuitability of their legacy remediation processes and systems.
The international hotel chain Omni Hotels & Resorts has confirmed that a cyberattack last month saw it shut down its systems, with hackers stealing personal information about its customers.
In the aftermath of the attack, hotel guests reported that they had been forced to check in on paper, that room keys didn't work, and all phone systems and Wi-Fi were offline.
On the 18th March 2024, the Information Commissioner's Office issued its updated guidance around the issuing of fines when organisations have been found liable for the integrity of their customers' or end users' data being compromised. It is already well-established now that failure to ensure critical data remains secure will result in costly fines, as we have seen repeatedly in multiple high-profile cases over the years.
In October 2023, the British Library suffered "one of the worst cyber incidents in British history," as described by Ciaran Martin, ex-CEO of the National Cyber Security Centre (NCSC).
The notorious Rhysida ransomware gang broke into one of the world's greatest research libraries, encrypting or destroying much of its data, and exfiltrating 600 GB of files, including personal information of British Library staff and users.
Any organisation that has tried to recover from a ransomware attack knows that it can be time-consuming and costly. Companies hit by an attack must choose between paying a ransom or recovering encrypted data from a backup.
Unfortunately, ransomware gangs are too aware that they can leverage significantly higher ransoms from their corporate victims if they have also compromise the company's backups. For this reason, we are seeing more and more cyber attacks targeting backups because they know that organisations desperately need them to recover if they want to avoid paying a ransom to cybercriminals.
The Finance sector has always been one of the most dynamic, rapidly evolving industries, and this shows no signs of changing any time soon. But while shifts in the landscape may well open new opportunities, they will also come with new challenges, and it is the organisations who are ready and able to face these head-on who will continue to thrive in the years ahead.
Ransomware is malware that encrypts an individual's files so that they no longer have access to them, and subsequently demand payment for the files to be released. Usually the payment is asked to be made in an untraceable cryptocurrency form, such as Bitcoin. The most common way ransomware ends up on an individual's computers is through email spam, which individuals will click on and open.
Unfortunately, the files cannot be decrypted without a mathematical key which is only known by the cyber attacker, and the reason why many individuals tend to pay up. However, many find that despite paying the ransom, their files remain encrypted.
When looking at which countries were affected by ransomware attacks the most, the UK was found to have the highest percentage out of Europe:
Figure 1: Cybercrime Tactics and Techniques: Ransomware Retrospective Report, Malwarebytes
Despite the NHS facing one of the worst ransomware attacks in May 2017 - the WannaCry ransomware attack - which cost the NHS £92m and caused more than 19,000 appointments to be cancelled (The Department of Health), this chart clearly highlights how organisations in the UK still need to invest more into their Cyber Security solutions to stay protected from ransomware attacks.
At Exponential-e, we help organisations that have been affected by ransomware attacks. Our Head of Cyber Consultancy, Mark Belgrove, discusses a real-life cyber attack in the video below, and shares how Exponential-ehelped mediate the situation.
Now more than ever, digital security is a team effort, with staff at all levels of an organisation having an active part to play in keeping critical business data safe. With the outbreak of COVID-19, and an unprecedented volume of staff working from home, robust security policies and systems are no longer enough - each and every member of staff must consider security as a fundamental part of their developing remote working routines.
But what can each of us personally do to ensure our organisations maintain their usual standards of security for the duration of this crisis, without letting such measures detract from our day-to-day work? Here are a few starting points…
Be prepared
If you're new to remote working, don't go in blind. Take the time to re-familiarise yourself with your company's security policies (particularly any new ones for home workers) and be sure to attend any training sessions that are on offer (as many organisations are rolling out remote training sessions for home workers, there are no excuses!). This will make the transition far smoother and allow you to stay focused on your work.
Secure your router
At Exponential-e, we always say that 'your Cloud is only as good as your network'. In the same way, your remote working solution is only as good as your router. As above, make sure its password is secure (especially if you've never changed its pre-set password!) and take any recommended security measures, both from your network provider and your IT team.
Check your passwords
This is a familiar refrain in the world of data security, but it always bears repeating. Familiarise yourself with current best practice regarding password creation (there are plenty of useful resources available online for this) and avoid reusing passwords. While memorising multiple passwords for each platform you use for work is certainly inconvenient, there are many excellent password manager tools available. Ask your IT team which one they would recommend, as your company may already require employees to use a specific one.
Enable updates
We all know how irritating requests to install updates on our personal devices can be, but in our current climate, it's more important than ever. More than just keeping your own devices secure, a single instance of malware could bring down your entire company network, so don't take any chances. Ensure you install all recommended updates, or – better yet – enable automatic updates. This will ensure your devices are always protected against the latest security threats.
Ask!
As we've already mentioned several times in this post, if you are unsure about anything when it comes to data security, don't guess… ask the right person! In particular, your IT team will be more than happy to advise you about security best practice when home working, or alternatively, consider Exponential-e's Cyber Security Advisory service, which was created to provide a 'one stop shop' for any security-related concerns you may have.
In the meantime, download our Working from Home Checklist, which breaks down all the key elements of secure remote working.
In recent weeks, companies across the UK have found themselves transitioning to a remote workforce with little to no choice, despite the approach previously being treated as solely for limited or specific circumstances. There's no doubt that the rapid implementation of a whole new way of working presents considerable challenges, but as the Exponential-e teams who've partnered with organisations across a range of sectors to do so have demonstrated, it is very much achievable, provided you start with the right solutions in place.
In particular, consider the following…
A secure VPN
Virtual Private Networks have long been the benchmark solution for remote working, but with the spread of COVID-19, we are seeing companies moving from maintaining a few VPN licenses for specific instances to deploying them for their whole workforce. However, there's a good reason for this – if implemented correctly, it maximises security by encrypting all data you send through your company network. While you may require a cloud-based solution for specific applications, a quality VPN is an intelligent foundation for your day-to-day work.
A password manager
It's no secret that reusing passwords across different platforms presents a great risk of cyber criminals accessing corporate systems through guesswork. Nonetheless, it's still tempting for employees to do so due to the difficulty in keeping track of large numbers of unique passwords, especially when they need to be regularly updated, in line with internal security protocols. Fortunately, a password manager tool which integrates with your web browser makes it easy to keep your passwords secure, while still ensuring they are available when you need them. Ask your IT team if they recommend a specific one.
Automated backups
External backups are a key part of any effective business continuity and disaster recovery strategy, which should still be the case when you're working from home rather than the office. Your company is likely to have a system in place for this, particularly if you have already adopted a cloud-based strategy, so ensure you follow all guidelines when you begin remote working.
The right WFH solution
One of the biggest obstacles to remote working in the past has been the need to maintain continuity with existing business processes and systems, ensuring work can be conducted as normal, without compromising either security or efficiency. Fortunately, there are several ways of doing this, but it's important to be conscious of security when using such solutions, and always use the one recommended by your IT team. A proven, trusted platform like Exponential-e's Working from Home solution is ideal, allowing teams to continue using your company's preferred tools as normal, regardless of where they are logging on from. This will ensure a smooth transition to remote working for the entire workforce.
Two-factor or multi-factor authentication
Related to the above, two-factor or multi-factor authentication provides an extra level of peace of mind, by creating an extra obstacle for cyber criminals, even if one of your passwords is compromised. As password theft measures have become increasingly sophisticated over the years, this is no longer a 'nice to have' measure - it should be a standard part of your remote working systems and wider security policies.
Effective anti-virus protection
Viruses continue to evolve on a near-daily basis, and which means a robust anti-virus solution should still be your first line of defence and may even give you time to secure your infrastructure in the event of a password being compromised. Make sure an industry-standard solution is installed on all your devices and enable automatic updates.
Passwords are often more associated with individual and consumer cyber security, but they are an essential part of an organisation's overall security posture. For example, you wouldn't leave the windows open overnight as this would allow easy access into the building for thieves. In the same way, a weak password offers cyber attackers easy access to your corporate infrastructure, after which they can use these credentials to escalate permissions until they granted themselves administration privileges, at which point the risk of financial and reputational damage becomes truly serious!
The finance sector is required to have one of the most sophisticated cyber security postures in the world, with bureaus, banks, finance companies and insurers working closely with their technology partners to ensure sensitive financial data is managed, stored and transferred, with a stringent range of international security standards that must be adhered to at all times. However, cyber criminals have demonstrated repeatedly that they are constantly working to breach even the most sophisticated security ecosystems, devising new ways to exploit both technological vulnerabilities and human error.
In a heightened cyber threat landscape - where ransomware attacks are increasing in frequency and sophistication - and having weathered the challenges of COVID-19 and the resulting move to hybrid working, the Finance sector is still continually challenged to demonstrate to its customers that critical services will remain available no matter what, and that sensitive financial data will remain fully secure at all times.
