You may think your organisation is well prepared for a ransomware attack, but having some point solutions in place is not always the complete answer. Being properly prepared for the worst involves a more comprehensive strategy, and this series of articles from The MYREDFORT team aim to help.
The first article focuses on understanding more about recent attacks, how hackers are innovating, and laying the foundations for preparedness. As attacks become increasingly innovative, traditional defences are being left wanting. Recent attacks such as REviL have seen hackers manually controlling the operation instead of relying on viruses working on their own accord.
How are attackers breaking through the barriers?
Even organisations with credible cyber security solutions in place have been successfully targeted by sophisticated hackers. Remote desktop protocols (RDP) with configuration loopholes are a particular weakness, as are poor disciplines in identity and access management (IAM). Data and passwords stored on the dark web are also being used by criminals to gain access to devices or core infrastructure.
How is an attack coordinated?
As in any battle, conflict or even competitive sport, knowing your enemy is another vital step in winning the fight against ransomware attackers. Having gained access to a corporate network, hackers then seek out the valuable data and attempt to prevent access to endpoints, cloud applications and backups. The data is then wiped, encrypted and used for extortion purposes and even to publish data if the ransom payment is not made.
Worse still, it can take up to five days for an organisation to even realise the attack is in progress. From the first penetration of the system, hackers can embed the ransomware silently and have it take hold before IT teams are even aware of a problem. By using this approach, hackers can maximise the chances of success, and the chances of at least some of the ransom being paid.
Upping the ante with preparations
Sadly, the sophistication of ransom attacks now means it’s more a case of 'when' not 'if' that UK organisations will experience some kind of attack. Preparation for incidents should be well thought out, and solid plans implemented to prevent and detect attacks. Should the worst happen, it’s important to have contingency strategies in place to respond and recover your systems and/or data in the shortest time possible.
The key question will ultimately be will the ransom be paid? This will be an executive level business decision with input from security and legal experts. The balance will be based on the impact, severity and implications of doing so or not doing so, but the reality is that almost 50% of companies have paid out the ransom.
Find out more
👀 In the next in our series of articles (watch this space!), we’ll look at backup and recovery in the context of ransomware attacks.
More in Cyber Security
Adversary trends and defender strategies derived from real-world telemetry.
How the North Pole is preparing for more AI mischief in 2026.
Is there a clear line between manipulation and influence, and should security leaders care?
Why we often overlook arguably the most important piece of the security puzzle.
Narrative control and the impact on trust, brand perception, and legal outcomes.
Improving your incident response in 2025.
Connect, discuss security trends, and gain insights that can help shape your approach to digital security.
A relaxed afternoon full of expert discussion, informal networking, and a look ahead at what’s possible.
How AI augments cybersecurity teams.
AI in security - hype cycle or real-time game changer?
Rethinking insider threats in the age of AI.
Unpatched: PR and cybersecurity.
Share this story