This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| less than a minute read

Threats from the evolution of ransomware

As reported by the UK's National Cyber Security Centre (NCSC), the threat posed by ransomware is evolving.

Within security, we frequently talk about the CIA triad - confidentiality, integrity and availability - and until recently many businesses failed to consider the impact to availability of being locked out of their own data.  A gap that ransomware exploited by encrypting your files with military-grade algorithms and then demanding payment.

Previously organisations prepared for these attacks, simply ignored the ransom demand while restoring from backups.  However, attackers are now threatening to post stolen information online - exposing organisations to regulatory fines, loss of IP, reputational damage and more.

These attacks are becoming more sophisticated with attackers spending weeks or more inside corporate networks before finally deploying ransomware, timed to achieve the greatest impact.

The NCSC has practical advice on protecting your organisation from the next attack and mitigating the impact.  With limited budgets and resources, the approach should be risk-based - targeting your most vulnerable systems - while showing a return on investment for the board.

Ransomware today looks quite different. Not in terms of the impact (which continues to have devastating operational ramifications for victims), but rather the techniques employed. This blog goes beyond the NCSC ransomware guidance, to provide some insight into the trends we’ve seen whilst helping organisations to respond to ransomware attacks. More specifically, it looks at how ransomware has evolved on two fronts, in terms of: hybrid business models for monetisation increasingly sophisticated (and targeted) methods of deployment.

Tags

cybersecurity, digital, technology

Related Insights