The rising popularity of ransomware as the hack of choice and what to do about it

The idea of holding someone or something ransom dates way back. Like, I’m talking about when pirates captured Julius Caesar and held him ransom until someone paid to have him freed. That far back.

Fast forward to 2021 and ransom attacks are on the rise. They’ve not only continued to grow in popularity, but they’ve also grown in sophistication. Thanks to advances in technology, ransom attacks don’t require kidnapping. Instead, they’ve gone cyber. Enter the age of ransomware. In today’s ransom attacks, cybercriminals use malicious software to breach an organisation’s IT infrastructure, steal private data and demand large sums of money as ransom to prevent information from being leaked or sold.

According to Director of the UK spy agency GCHQ, Jeremy Fleming, ransomware attacks on UK organisations doubled in the past year. The first half of 2021 alone saw attacks across 63 countries within 18 industries, where manufacturing was the most affected. I would go so far as to name 2021 as the year of the ransomware attack.

For any organisation, ransomware is one of the biggest and most damaging cyber threats out there. It’s sneaky, fast, destructive and leaves organisations with lasting reputational damage and huge financial losses. According to an article I read in Forbes, the cost of picking up the pieces after a ransomware attack has doubled over the last year. In most cases, the overall cost of a ransom attack is about 10 times the ransom itself… which is sky-high when you consider the average ransom is estimated at £420,000. Ouch.

Why are ransomware attacks so popular?

It’s simple. Ransomware attacks are highly effective and generally have a high payout if a hacker or hacking group can pull it off. The development of Ransomware-as-a-Service (RaaS) has also made this type of attack far more accessible to hackers. Nowadays, cybercriminals don’t need to be geniuses at writing their own malware code to run a unique set of activities. RaaS means they pay to use the malware whenever they want to issue an attack. RaaS gives cybercriminals access to the ransomware code and operational infrastructure they need to launch and maintain a ransomware campaign. It’s literally that easy.

How does a RaaS attack affect organisations?

Now, before you quit your day job to pursue a career in cybercrime (it’s tempting, I know), let’s take a look at the repercussions of such an attack.

Stealing data, locking it away and demanding payment for its release can lead to widespread damage. We’ve seen this in attacks hitting supply chains that have affected key services like hospitals, attacks on governing bodies or global organisations like the Olympics. A recent cyber heist on London-based jeweller, Graff, saw private data like client lists, invoices, receipts and credit notes of many powerful, wealthy and famous people leaked to the public. While the information could prove to be embarrassing and reputationally damaging for some of the celebs involved (I’m talking about those that have bought gifts for secret lovers), targeting the uber-powerful could lead to detrimental results.

In this case, the Graff hackers had to issue a grovelling apology to the Saudi Crown Prince Mohammad bin Salman for leaking private information about the Middle Eastern royals. While I don’t believe this attack was politically motivated by the hacking group, it very well could have been. And it’s here where we could enter into a conversation about cyber warfare – but that’s a topic for another blog post!

Who’s behind them?

According to research from Cognyte’s Cyber Threat Intelligence Research Group, the top three ransomware groups were Conti, Avaddon and Revil, who were collectively responsible for 60% of the attacks performed in the first half of 2021. Each group is either suspected or is confirmed to be operating out of Russia and will typically ignore Russian users or those in countries with good relationships with Russia.

How can we protect against them?

Practicing good cyber hygiene is key to preventing successful hacks. This means regularly training and educating your staff on spotting potential threats and suspicious activity such as phishing scams, as well as ensuring your IT security infrastructure is as up to date as possible.

Just as RaaS has risen in popularity thanks to technological advancements, so will it continue to develop. We’ve got to be prepared for what’s coming next. By that, I mean the rising quantum threat. Experts from IBM and Google reckon scalable, commercially viable quantum computers are just around the corner. Just as this breakthrough technology will be available to those that want to use it for good, it will inevitably also fall into the hands of those who don’t. With quantum supremacy, hackers will be able to crack current encryptions in mere moments. Scary, I know.

Luckily, some quantum companies have developed effective solutions to not only protect you against the RaaS attacks of today but also protect you from the souped-up quantum versions that we’ll no doubt see in the future. One such company I came across is London-based Arqitltd. It has come up with a straightforward solution called QuantumCloud that uses symmetric key encryption to protect against threats and quantum decryption. So far, it’s the most viable solution I’ve seen on the market and it is currently used by a number of high-profile organisations, including the US and UK governments, Virgin Orbit, BT and Honeywell!

If you’re worried about RaaS attacks now and how they’ll get progressively worse in the future, then I suggest you check Arqitltd out.