How to cope with cyber extortion from ransomware

In today’s digital landscape, we face an ongoing and increasingly serious problem – the ever-present threat of cyberattacks. Among these digital threats, ransomware, though not a new issue, has grown into a significant challenge for organizations around the world. In the wake of cyber incidents, such as this year’s MOVEit attacks, there is now a pressing need for more effective ways to deal with ransomware and extortion attempts to protect our digital systems and data.

According to Splunk’s 2023 CISO Report, 90% of cybersecurity leaders disclosed that their organizations fell victim to at least one disruptive cyberattack in the past year. Even more striking, 83% of organizations resorted to paying ransoms in the aftermath of a ransomware attack, whether directly, through cyber insurance, or via third-party negotiators. Notably, more than half of these ransom payments exceeded $100,000.

These figures underscore a harsh reality: when confronted with a ransomware attack, many organizations are willing to make substantial payments to regain access to their data and systems. Although 69% of CISOs acknowledge that paying a ransom might expose them to future legal ramifications, the immediate threat of ransomware forces their hand, according to the same CISO Report. What’s even worse is that some organizations find themselves unable to fully recover their capabilities even after paying the ransom. Even cyber insurance, a valuable resource, can fall short of providing full reimbursement.

This alarming trend has led organizations to understand the need for maintaining offline, regularly-tested, segregated backups. This tactic can serve as a crucial defence against the debilitating consequences of ransomware attacks. Boards and governing bodies are closely monitoring the threat of ransomware, with 78% of CISOs reporting creating their own dedicated board-level cybersecurity committees.

These threats and the adversaries behind them will only continue to advance. As such, we’ve seen cyber attacks undergo a dangerous shift into extortion territory as threat actors grow more sophisticated. These threats have come to be known as the act of extortion by cyber criminals where ransomware serves as a tool. It’s critical for organizations to understand how ransomware has evolved into extortion, as well as how to mitigate the continued advancement of these threats.

The advancement of these threats and the willingness of organizations to pay a ransom signals a pressing need for a profound shift in cybersecurity strategy. Organizations must transition from a reactive stance to a proactive one, characterized by the development of digital resilience – the ability to keep systems secure and reliable in the face of digital disruptions.

Organizations can do this by empowering their security teams to be proactive, working collaboratively to detect and predict issues, identify root causes, assess risk and remediate threats quickly, accurately and at scale. A proactive approach entails integrating security and IT safeguards into the engineering process from the outset.

Digitally resilient organizations not only address problems when they arise; they also prevent incidents from escalating into major crises. They recover swiftly from digital disruptions and adapt rapidly to seize new opportunities. This shift towards digital resilience is essential for reducing the impact of ransomware attacks and other cyber threats.

In the fight against extortion, ransomware and other cyber threats, the concept of 'time to contain' becomes a pivotal metric for digitally resilient businesses. The longer an attacker remains undetected within an organization’s network, the more damage they can inflict. The average dwell time for cyber attacks is a staggering 2.24 months, equivalent to about nine weeks. This prolonged period provides attackers with ample opportunity to steal sensitive data, disrupt operations or inflict other harm.

By lowering 'time to contain', organizations can more quickly challenge the attacker within the network. Organizations should strive to reduce 'time to contain' as part of their security strategy. To achieve this, they can leverage advanced security tools and practices that enable real-time threat detection and rapid incident response. The focus should be on early threat identification, swift containment and minimizing the attacker’s dwell time within the network. This approach, combined with proactive digital resilience measures, can significantly enhance an organization’s ability to withstand cyber threats, including ransomware.

The prevalence of extortion and ransomware attacks, and the alarming trend of organizations paying ransomware, underscore the urgent need for a proactive shift towards cyber resilience. In an increasingly digital world, the cost of being just reactive is too high, organizations must take proactive steps to protect their data and operations.

The path forward involves building digital resilience, ensuring that systems remain secure and reliable despite digital disruptions. It’s a challenging journey that requires coordination, investment in the right tools and a steadfast commitment to proactive cybersecurity practices. In the face of evolving cyber threats, such as ransomware, we must adapt and fortify our defences. Organizations must adopt a proactive approach to security that can ultimately help safeguard the digital foundations on which our modern world relies.