The number of ransomware attacks has been on a significant upward trajectory in the last half a decade, and in 2021 alone criminal activity of this nature rose by a staggering 93%

The primary motivation for hackers to commit these kinds of attacks is monetary gain; they work to create a breach, then force organisations into paying them off before they leak significant amounts of data.

The problems are being exacerbated by the reductive conclusion decision-makers come to when put under pressure. Namely that:

Cost of Payout < Cost of taking systems offline

In other words, you’re going to lose less money by paying off hackers than actually fighting them. This has caused a major problem for enterprises, since:

Payouts = Greater incentive for hackers

For every organisation that pays ransom, there is a hacker that is spurred on to launch another attack. Take travel giant CWT, for example, who paid a $4.5m ransom to cyber criminals in 2020 – huge amounts of money are being sacrificed to appease cyber criminals. Large payouts such as these have resulted in hackers improving their in-routes, skills, and strategies to help them generate even greater gains than before.

Although all organisations can (and do) fall victim to cyber attacks, it is businesses that are currently most at risk. Unfortunately most businesses are not committing enough investment to their cyber strategies, and are mistaken in their ideas that paying up is an easier route to resolution. The darker side of this is well demonstrated by the Travelex case from last year where the company was forced into administration after a $6m payout to hackers caused the firm to cut over a thousand jobs.

The shortcomings of business ICT infrastructure becomes even clearer when contrasted with the public sector; more organisations have the cyber maturity to take up the necessary security measures to prevent attacks in the first instant and respond well after the fact, all while avoiding negotiating with criminals.

Triple Extortion and Growing Cyber Sophistication

Triple extortion is the latest installment of ransomware tactics used by cyber criminals to cause more damage to your business. Phase one is the data breach, phase two is the encryption of that data, and phase three [triple extortion] is the manipulation of this data to wreak havoc on your business, for example through conducting a Distributed-Denial-of-Service (DDoS) attack. This is especially dangerous because not only is your data leaked, but the additional DDoS attacks can have severe impacts on your operations, costing you money and potentially have long-lasting implications. This third ‘layer’ of modern ransomware attacks creates added pressure on IT teams and on the business side too, since the stakes are so much higher. Every minute costs money when an organisation is under this type of attack; think of hospitals, where systems going offline can literally cost lives.

Ransomware attacks have been around for long enough that hackers have had time to perfect their approach. The human element of any cyber attack is what makes this possible, since there is always a person or group of people who are sitting behind a computer with a mind of their own. We’re seeing individuals increasingly fall victim to social engineering scams and malicious websites that are designed to trick you into opening up your company’s servers, and there will always be somebody who acts as the weak link in your cyber strategy and doesn’t clock on quick enough.

C-Suite to the rescue?

It is the responsibility of C-level execs to respond to the growing threat of ransomware. They need to stop paying out, and train their staff to better identify and handle threats. Top-down leadership is absolutely necessary to reforming cyber strategies in enterprise and break the vicious cycle of ransomware.

It’s not all about spending money either. Even with all the money and the best prevention software in the world, humans can make small mistakes that lead to much bigger issues. But it’s not just employees at the lower end of a company that have an impact. Once an attack happens, it is down to somebody to decide how to respond – making the choice to pay, and on how/whether to communicate with hackers is highly influential in the consequences that will be dealt.

The most important thing that companies can do is to tackle the problem in reverse. First learn how to attack, and you will better understand how to defend. You also need to test out your procedures; too many businesses leave cyber attacks firmly in the ‘theoretical’ priority group, and they are remiss not to implore their IT teams to learn how to respond in real-time and run training exercises that put their systems under threat.


About the Author

Aare Reintam is COO CybExer Technologies. CybExer Technologies is a NATO-awarded Estonian cybersecurity company. We have wide- ranging experience in providing and maintaining highly sophisticated cyber security training platforms with a special focus on cyber capability development. Our platforms are the key to our successful delivery of a plethora of cybersecurity trainings and exercises aimed at ordinary users, technical responders and the very top of strategic leadership.

Featured image: ©Song_about_summer