Ransomware attacks grew in frequency and sophistication in 2020

Ransomware attacks grew in frequency and sophistication in 2020  

26 per cent increase in ransomware attacks on UK businesses since 2018, reports new data from Databarracks

Successful ransomware attacks will continue to grow in 2021 due to increasingly sophisticated tactics. This is according to research* from Databarracks, revealing ransomware attacks have increased by 26% since 2018.

According to Peter Groucutt, managing director of Databarracks, new ransomware tactics deployed by criminals will result in more successful attacks on organisations:

“Ransomware is evolving. Cyber-criminals are deploying more sophisticated and innovative ways of extorting businesses and evidence shows this will escalate in 2021. Outright prevention of ransomware is impossible, but it’s important organisations learn from the new methods used by criminals in order to defend themselves.”

Examples of the ransomware tactics now being deployed by criminals include:

  • “Double Extortion attacks” where in addition to paralysing systems, criminals also threaten to release personal or sensitive data on the internet or to the press. This adds the pressure of a regulatory fines and reputation damage, if they refuse to pay the ransom.
  • Attackers are also waiting longer before encrypting data, to outlast backups. Cyber-criminals know that there is a much greater chance of payment if the victim doesn’t have a good backup to revert to. Attackers access systems and install ransomware but don’t execute immediately.
  • In attempts to put pressure on victims, ransomware gangs now cold-call victims directly, if they suspect the company might try to restore from backups and avoid paying ransom demands. This is an intimidation tactic designed to make the attacker seem omniscient and make the victim feel like any suggestion of recovery is futile.
  • Finally, ransomware is targeting backups directly. Without the ability to successfully restore systems organisations are left with no option other than to pay the ransom.

To mitigate against ransomware threats, Groucutt says: “More companies will pay ransom demands, as the sophistication of attacks increase. But paying a ransom does not guarantee you will get your data back. The only way to secure your data is to have reliable backups.”

Groucutt continues, “You must assume that you will suffer a successful attack. From that position, you have two objectives: to quickly detect and respond to limit its reach and to bring systems back online and have the business operational as quickly as possible. It’s critical your Incident Response Team or Crisis Management Team has the authority to make large-scale, operational decisions to take systems offline to limit the spread of infection. The business must then find when the ransomware installation occurred in order to restore clean data from before the infection. Once the most recent clean data is identified you can begin a typical recovery, restoring data and testing before bringing systems back online again.

Groucutt concludes by saying, “This response is contingent on having good backups so it’s vital that they are protected. Firstly, there must be an air gap between your production systems and your backups to prevent ransomware infecting both. Backups should be outside the network domain and you should keep copies in multiple locations or even separate clouds. You can also make your cloud storage immutable to prevent backups being changed by ransomware.”

*The research findings were obtained via Databarracks’ annual Data Health Check.

ENDS



About Databarracks

Databarracks is the UK's specialist business continuity and IT disaster recovery provider. From the launch of the UK's first managed online backup services over 15 years ago, to our leading Disaster Recovery as a Service, we've been making enterprise-class continuity, security and resilience accessible for organisations of all sizes.

For more information, please visit: www.databarracks.com  

Press contacts

Christian Stevens /Sean Hand, Spreckley Partners Ltd

Email: databarrackspr@spreckley.co.uk

Tel: +44 (0) 207 388 9988