The Digital Epidemic: Ransomware Demystified

During the past few weeks, Cyprus has fallen victim to a series of ransomware attacks with incidents involving universities such as the University of Cyprus and Open University and the government’s Department of Land Registry and Surveying. Similarly, many other local private organisations have suffered from similar ransomware attacks. Considering these instances of cybercrime, it is evident that Cyprus has fallen under the scope of global cyber criminals.

Obviously, ransomware continues to be the most common form of malware with its popularity stemming from the cyber criminal’s ability to extort hefty ransoms from their victims, while being exposed to a lower risk on their end.

What is ransomware?

Ransomware is an ever-evolving form of malware with the objective of encrypting the target’s files and leveraging the situation for their benefit by demanding a ransom for restoring access to the infected files.

Ransomware Modus Operandi

Ransomware works following three distinct phases: Infection, Encryption, and Ransom Demand. Regardless of the method used by the threat actor to infect their victim, the malware will proceed by encrypting the target’s files and sending a message to the victim with specific ransom demands. Often, payment is demanded in the form of cryptocurrencies so that it cannot be traced.

At the same time, cyber criminals have upped their tactics since many organisations have refused to comply with their attackers’ demands. They have strengthened their extortion methods by adding further layers, generally known as Double and Triple extortion.

Double Extortion: Here, the ransomware operator will locate data that might be valuable to the victim and exfiltrate a volume of data (particularly of the personal data) prior to the encryption. This then gives the criminal extra leverage against their victims by threatening to release the stolen information.

Triple Extortion:  This involves criminals threatening their victims with a distributed denial of service (DDoS) attack on their infrastructure if their ransom demands are not fulfilled. A DDoS attack will flood the victim’s network with traffic, making it inaccessible to legitimate users and effectively crippling their business operations. In other instances, triple extortion may come up by threatening the victim’s  clients, partners, affiliates, patients, associates, suppliers, and others with ransom demands so their data will not be leaked.

However, ransom payment is only one part of the story; the impact of ransomware on an organisation can be more catastrophic than just giving up some money. According to The State of the Ransomware report by Sophos, 90% of their respondents said that the major impact of a ransomware attack on their business was on their ability to operate. Having said that, a ransomware attack will not only cost the victim the ransom payment but might generate further implications for the business such as major disruptions of operations, reputational damage, and extended recovery costs.

What is the cost of ransomware?

Looking at the aftermath of successful ransomware attacks, costs to the victim may include recovery, downtime expenses, and damage to the reputation of the business.

Downtime Costs Based on Statista, the average downtime for a business that has been affected by a ransomware attack is three weeks. As soon as data is encrypted, business operations are effectively brought to a standstill, which makes generating income almost impossible and potentially bringing productivity to a complete stop.

Reputational Damage Experiencing a ransomware attack can greatly affect the perception of an organisation’s brand by users and customers. Ransomware, and particularly the exfiltration of data, is regarded as the most intrusive and sensitive cyber-attack. If clients find out that your organisation has been targeted by cybercriminals, they may decide to distance themselves from your company for an extended period of time.

Can ransomware impact be prevented?

Yes, in fact there are several things you can implement as a company to prevent ransomware attacks. Below are a few good tips:

Backups – Make regular backups of your data and establish a backup plan, keeping it updated and isolated from your network. A good approach is to apply the 3-2-1 rule of backup, i.e., three (3) copies of your data on two (2) different media with one (1) copy offline and off-site for disaster recovery.

Cyber Hygiene – Regularly, cyber criminals use phishing emails as a vessel to infect their victim with malware. Train your employees to recognise these social engineering tactics and act in ways to dispel the threat posed.

Track and Patch – Cyber criminals will also use the latest uncovered exploits as a starting point to their attack. Ensure your systems are up to date with the latest patches.

Be Well Prepared – Ransomware can bring catastrophic results to your organisation if you’re not prepared. Notwithstanding the multi-layered measures in place, it is important to have a well-rehearsed response plan to any such attack. This plan should enable the organisation to operate even if under attack.

Think ahead!

Organisations have no other choice but to enhance their cyber resilience as a long-term strategy against all sorts of cyberattacks, including ransomware.  This means the organisation will develop both hard and soft mechanisms and the necessary reflexes and capabilities towards anticipating, withstanding, recovering, and adapting to the evolving technical, operational, or threat environments. However, this is a dynamic process that is built and evolves over time. Most importantly, this is also a collective effort that involves technical experts, cybersecurity professionals, and business leaders.

How can QuadPrime help you?

QuadPrime, a member of MAP S.Platis Group, works with industry and society to address their most important challenges through leading-edge security consulting and building business relationships based on mutual trust.

We understand the cybercrime threat landscape and help organisations move their information security programmes forward, identifying threats and risks and developing comprehensive strategies to mitigate cybersecurity risk so that organisations focus on their business objectives.

We provide bespoke cybersecurity services and help you optimise your investments in security to:

  • Enhance risk and threat analysis and mitigation
  • Alleviate resource constraints through external cybersecurity resourcing
  • Establish an information security management system policies and procedures
  • Meet security assurance & compliance requirements
  • Provide comprehensive threat intelligence visibility
  • Build a more resilient state
Contact us for more information on how we may assist you.