Companies Hit By Ransomware Often Targeted Again, Research Says And Expert Comments

By   ISBuzz Team
Writer , Information Security Buzz | Nov 09, 2022 11:07 am PST

It has been reported that more than a third of companies who paid a ransom to cybercriminals after being hit by a ransomware attack went on to be targeted for a second time, according to a new report. The Hiscox Cyber Readiness Report found that 36% of companies that made the ransom payment were hit again, while 41% who paid failed to recover all of their data. The head of the UK’s National Cyber Security Centre (NCSC), Lindy Cameron, said last year that ransomware attacks were the “most immediate danger” to the UK and urged companies to take more steps to protect themselves and their data. The NCSC urges firms not to pay ransoms as it not only helps fund further crime but offers no guarantee that criminals will return the stolen or locked data. The Hiscox report appeared to back up the NCSC’s warnings, with 43% of the businesses who paid a ransom saying they still had to rebuild their systems. While 29% said that despite making the payment their stolen data was still leaked. A further 26% said a ransomware attack had had a significant financial impact on their business.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Sam Curry
Sam Curry , Chief Security Officer
November 9, 2022 7:08 pm

Ransomware is a clear and present danger to all organisations, no one can pay their way out of the problem, and there isn’t enough cyber insurance to save an organisation from business operation disruptions and proprietary data loss. The findings in the Hiscox Cyber Report should be a wakeup call to all organisations to improve their security readiness, but until ransom payments are outlawed entirely, or organisations stop paying, the annual global ransomware economy will continue to exceed $3 billion. In Cybereason’s 2022 Ransomware: The True Cost to Business Study, 80 percent of organisations that paid a ransom were hit a second time, oftentimes within weeks of the first attack. Shockingly, 10 percent of organisations paid a ransom three times.“Ransomware is preventable and many companies offer endpoint detection & response technologies that will stop the scourge. Practicing these habits will certainly reduce risks further:

  • Practicing good security hygiene like implementing a security awareness programme for employees, assuring operating systems and other software are regularly updated and patched.
  • Conducting periodic table-top exercises and drills and including those beyond the security team like Legal, Human Resources, IT Support and all the way up to the Executive Suite is also key to running a smooth incident response.
  • Ensuring clear isolation practices are in place to stop any further ingress on the network or spreading of the ransomware to other devices. Teams should be proficient at things like disconnecting a host, locking down a compromised account, and blocking a malicious domain, etc. Testing these procedures with scheduled or unscheduled drills at least every quarter is recommended.
  • Evaluating lock-down of critical accounts when possible. The path attackers often take in propagating ransomware across a network is to escalate privileges to the admin domain-level and then deploy the ransomware. Teams should create highly secured, emergency-only accounts in the active directory that are only used when other operational accounts are temporarily disabled as a precaution or inaccessible during a ransomware attack.
Last edited 1 year ago by Sam Curry

Recent Posts

Would love your thoughts, please comment.x