Ransomware attacks: 'when' not 'if'

Are you properly prepared for the worst?
You may think your organisation is well prepared for a ransomware attack, but having some point solutions in place is not always the complete answer. Being properly prepared for the worst involves a more comprehensive strategy, and this series of articles from The MYREDFORT team aim to help.

The first article focuses on understanding more about recent attacks, how hackers are innovating, and laying the foundations for preparedness. As attacks become increasingly innovative, traditional defences are being left wanting. Recent attacks such as REviL have seen hackers manually controlling the operation instead of relying on viruses working on their own accord.

How are attackers breaking through the barriers?

Even organisations with credible cyber security solutions in place have been successfully targeted by sophisticated hackers. Remote desktop protocols (RDP) with configuration loopholes are a particular weakness, as are poor disciplines in identity and access management (IAM). Data and passwords stored on the dark web are also being used by criminals to gain access to devices or core infrastructure.

How is an attack coordinated?

As in any battle, conflict or even competitive sport, knowing your enemy is another vital step in winning the fight against ransomware attackers. Having gained access to a corporate network, hackers then seek out the valuable data and attempt to prevent access to endpoints, cloud applications and backups. The data is then wiped, encrypted and used for extortion purposes and even to publish data if the ransom payment is not made.

Worse still, it can take up to five days for an organisation to even realise the attack is in progress. From the first penetration of the system, hackers can embed the ransomware silently and have it take hold before IT teams are even aware of a problem. By using this approach, hackers can maximise the chances of success, and the chances of at least some of the ransom being paid.

Upping the ante with preparations

Sadly, the sophistication of ransom attacks now means it’s more a case of 'when' not 'if' that UK organisations will experience some kind of attack. Preparation for incidents should be well thought out, and solid plans implemented to prevent and detect attacks. Should the worst happen, it’s important to have contingency strategies in place to respond and recover your systems and/or data in the shortest time possible.

The key question will ultimately be will the ransom be paid? This will be an executive level business decision with input from security and legal experts. The balance will be based on the impact, severity and implications of doing so or not doing so, but the reality is that almost 50% of companies have paid out the ransom.

Find out more

👀 In the next in our series of articles (watch this space!), we’ll look at backup and recovery in the context of ransomware attacks.

More in Cyber Security
Manipulator or Listener
Manipulator or Listener

Navigating Emotional Intelligence in Cyber Security


Shadow AI
Shadow AI

What Is It and Why Does It Matter? 


Is Compliance Enough?
Is Compliance Enough?

Understanding the Gap Between Cybersecurity and Regulation


SMB cybersecurity tips
SMB cybersecurity tips

Monthly expert guidance from the South West Cyber Resilience Centre.


A CxO's guide to cyber security in action
A CxO's guide to cyber security in action

Keep your organisation safe, agile, growth-ready and prepared for whatever comes next.


Is it time to replace your SIEM?
Is it time to replace your SIEM?

Facing high data ingestion costs, on-prem only or lacking actionable insights?


What is next-gen firewall and why does it matter?
What is next-gen firewall and why does it matter?

The what, how and why of NGFWs for your organisation


Top 5 critical capabilities of a detection and response platform
Top 5 critical capabilities of a detection and response platform

Key things to consider when protecting your business


GenAI and the CISO
GenAI and the CISO

Security best practices, threat management, security operations, tooling and privacy


5 signs your Wi-Fi might be hacked and 7 ways to protect it!
5 signs your Wi-Fi might be hacked and 7 ways to protect it!

How to spot and prevent hacking attempts


Wrap up of CyberSync 2024 and a look ahead to next year
Wrap up of CyberSync 2024 and a look ahead to next year

8 sponsors | 4 expert speakers | 2 days, 200 security professionals | 2 evenings = 200+ channel partners


Identity theft alert!
Identity theft alert!

SWCRC's top tips to secure your organisation


Share this story

We're a community where IT security buyers can engage on their own terms.

We help you to better understand the security challenges associated with digital business and how to address them, so your company remains safe and secure.

Interested in what you see? Get in touch, and let's start a conversation Get in touch