Since tensions between Russia and Ukraine worsened recently, the National Cyber Security Council (NCSC) quickly warned UK businesses to ramp up their cybersecurity for fear the conflict could spill beyond national borders. This advice follows past warnings from the head of the NCSC that, of all potential threats, ransomware poses the “most immediate danger” to UK businesses in cyberspace.

Over the last 12 months, critical national infrastructure (CNI), healthcare providers, the public sector and enterprises have all fallen victim to a litany of attacks in the UK and globally. To date, much of the discourse around ransomware has centered on how to retrieve any data being held to ransom and the thorny question of whether to pay or not.

As ransomware attacks increase in severity, however, and their implications for national security become ever more serious, the conversation needs to focus more on the early part of the attack chain. Rather than responding after the fact, security efforts should be dedicated to identifying vulnerabilities that could be exploited, spotting the early signs of a ransomware attack, and employing preventative measures. Indeed, this is a sentiment echoed by the head of the NCSC, who warned that not enough organizations were prepared for the threat of ransomware.

Increasingly Urgent Need
Two incidents, both of which occurred in May 2021, highlight the potentially catastrophic implications of a ransomware attack. On May 7, an attack on Colonial Pipeline’s IT systems forced the oil pipeline operator to proactively halt its operations, a move that impacted the delivery of oil to vast swathes of the US.

A week later, in a ransomware attack on Ireland’s publicly funded healthcare system, the Health Service Executive, criminals threatened to publish the network’s data unless they were paid a ransom of $19,999,000. The HSE was forced to shut down its entire IT system, with some hospitals resorting to keeping records on paper – a move described as like “being back to the 1970s."

Two serious and separate attacks on CNI within a week of each other demonstrated the growing frequency and sheer scale of ransomware attacks in today’s world. Colonial Pipeline and the Irish healthcare system were not chosen at random. Both attacks demonstrate that criminal groups are choosing targets that will have the most significant impact on governments and the public, allowing them to apply the most leverage, regardless of any collateral damage.

It’s an increasingly alarming pattern of criminal behavior that demonstrates the urgent need to protect not only CNI but also enterprises and disrupt global ransomware activity. A proactive approach to ransomware is needed, one that removes the option of paying the ransom, which only serves to encourage and fund the criminal organizations behind the attack.

https://www.infosecurity-magazine.com/opinions/how-to-beat-ransomware/