Have you paid the price? Beware of ransomware

Published 27 August 2021

Ransomware is recognised by many as one of the top current threats in cybersecurity. Of particular note is the August 2021 report by Accenture which ranked ransomware as third in its global incident response analysis and commented that ransomware and other extortion operations were likely to remain a top threat to businesses globally.

This report is of particular note not least because it has been reported that this analysis followed just days after Accenture itself fell victim to a ransomware attack by a threat actor called LockBit. LockBit allegedly demanded $50m to prevent the release of Accenture’s encrypted files on the dark web. Whilst in this case Accenture has commented that the cyber incident had no impact on its operations or on its clients’ systems, the threat of ransomware remains a crippling possibility for many.

Ransomware is a malicious software designed to prevent user access to a computer system until a ransom payment is made. Falling victim to a ransomware attack could lead to a vast range of negative consequences. For instance, when six schools on the Isle of Wight recently faced a ransomware attack, teachers and pupils were left unable to access key systems, potentially meaning that the schools would have to delay the start of the new school year in September.

Ransomware attacks do not only mean the inability to perform standard business operations since the encryption of data during a ransomware attack is commonly combined with data exfiltration. This heightens the severity of the attack as threat actors do not only demand a ransom in order for the encrypted data to be restored, they can also threaten to expose any personal data stored on the systems to the public unless the sum is paid.

The combination of ransomware tactics with data exfiltration is of particular severity for all organisations but especially those who hold data which is classified as special category data. This includes data such as information revealing a person’s racial or ethnic origin, sexual orientation and health – all categories of data potentially held by health organisations. Hence the concerns about the increasing target of health organisations by ransomware attacks.

The 2021 X-Force Threat Intelligence Index noted that cyber-attacks on healthcare more than doubled in 2020, with ransomware accounting for 28% of all incidents. The ransomware attack on Ireland’s health service depicted the serious and long lasting effects of such attacks. We remind readers that on 14 May 2021, Ireland’s health service suffered a ransomware cyber attack which caused all of its IT systems nationwide to be shut down. It meant that hospitals had to resort to manual means of recording data and that health care providers could not do things such as access electronically stored health records. A number of clinics either temporarily shut down or limited services to emergency care only.

Other common implications of a ransomware attack are the loss of profit, additional financial losses incurred to restore systems, harm to a businesses’ reputation and client relations and greater scrutiny on a businesses’ management and security of data. Organisations that refrain from paying the ransom and have to restore systems from scratch may never see a return of archived data, especially if their backups were also infected by malware or encrypted during the attack.

Notwithstanding the threat of ransomware attacks on their own, threat actors such as LockBit are now also increasingly trying to recruit corporate insiders to help them breach networks. This development means organisations are now internally and externally vulnerable to ransomware attacks. The insider is often promised millions of dollars in return for their help in breaching and encrypting their organisation’s files.
Ultimately, in order to protect against the threat of ransomware – whether delivered through an intermediary or an insider – organisers need to have protective measures in place to ensure their networks are resilient and will detect any malware in the early stages of a cyber attack.