The Chief Executive of the National Cyber Security Centre, Lindy Cameron, has issued a stark warning that it is ransomware that now poses the biggest threat to cybersecurity around the world. While addressing the Royal United Services Institute in London on Monday 14th June 2021, the senior official explained that the threat posed by organised cyber criminals is now greater than that posed by hostile states engaged in digital espionage. While state-sponsored espionage remains a concern, Cameron highlights that most of businesses, private citizens, and suppliers of critical services are now vulnerable to the efforts of criminals through ransomware.
This is because, during the Coronavirus pandemic of 2020, reported incidents of ransomware attacks reached 305 million – an increase of over 60 per cent on previous years. While many of those attacks were small in nature, some of the targets included the US Colonial pipeline and a Brazilian meat processing company – both of which make critical contributions to supply chains. The high profile status of those infrastructure targets clearly make them vulnerable to actions from hostile states, but Lindy Cameron used her speech to highlight the subtle difference between a country purposefully launching a cyber attack on another, and a country providing safe harbour for gangs of cyber criminals whose objective is to do the same.
What is ransomware?
Ransomware uses malware tools to effectively lock users out of their own system before making a financial demand for the restoration of access. For example, the University of California San Francisco (UCSF) finally paid their attackers a reported $1.14 million in June 2020 after the institution was locked out of part of its network for a month. The attack on the US Colonial Pipeline in May 2021 resulted the company paying out $4.4 million, after disruption to the oil supply chain caused a fuel shortage. Ransom payments are usually demanded in the form of cryptocurrency – such as bitcoin – which is entirely digital and uncontrolled by banking institutions.
The most common ransomware delivery method is through Phishing. This is the strategy that involves criminals sending an email to the target that has either a link within it, or an attachment that looks like a trusted document. When the recipient clicks the link, or opens the attachment, the malware immediately begins to infect the device or system and the attack is launched. Files and network areas are encrypted, only the criminal has the decryption key, and the target is asked to pay for their system to be unlocked.
There have also been some instances in which cybercriminals have posed as officials from law enforcement agencies and have used this cover to seize control of systems, networks or devices on the grounds of suspected illegal activity – such as pirated material or indecent images that contravene the law. In these cases, the ransom demand is presented as a financial penalty, or fine. This strategy has the potential to reduce the likelihood of the target reporting the attack to the authorities, which means that the number of actual ransomware attacks occurring may be notably higher than official statistics suggest.
Some types of ransomware attacks involve malware that actually transfers data from the target to the criminal, as part of the system hijack. As well as blocking access to vital operational information, this also increases the risk of fraud and the theft of Intellectual Property. For companies and organisations, this compounds the long-term impact of ransomware attacks on business function, commercial prospects, and market-share acquisition. For private individuals, this risks potentially catastrophic invasions of privacy, the dissemination of confidential information, and identity theft.
A causative factor in the dramatic increase in ransomware attacks reported to the authorities, as referenced in Lindy Cameron’s speech on 14th June 2021, is likely to be the increase in people working from home during the Coronavirus pandemic. Businesses and organisations have had to find ways to accommodate personnel working remotely, placing sudden stress on the digital infrastructure of each enterprise. Under normal circumstances, the cybersecurity of a business may have been maintained in a way that was specific to the majority of staff working on-site within well-defined parameters. However, higher levels of remote working during lockdown periods increased the number of points of digital vulnerability for many businesses as staff tried to adjust to the ‘new normal.’ This situation, combined with an ever-evolving and developing range of ransomware tools, has led to a new cybersecurity landscape in which criminals have seized their chance to profit from a global crisis.
Business defence against ransomware attacks
There are a number of measures that can be implemented to enhance your defence against the increased threat of ransomware.
- Training – Even when staff are working remotely, it is not only possible but also necessary to ensure that training on the subject of cybersecurity continues. Such training should be designed to take into account the most up-to-date threats using the most cutting edge technology. This is what cybercriminals are focusing on and the best defence is to take this pro-active approach.
- Update policies and procedures – Your business has had to develop a new way of working throughout the Coronavirus pandemic, and new range of business continuity and resilience strategies. This means you need to update all policies and procedures to reflect both the lessons learned during that process of adaptation, and also the system changes that have occurred as a result. Your new policies and procedures should be centred around pandemic protocols and be focused specifically on cybercrime.
- Implement or update your Incident Response Plan – Every business should have some form of Incident Response Plan within their IT department but, in the face of an exponential increase in global ransomware attacks, your Incident Response Plan should be updated accordingly, to ensure the immediate identification of cyberattacks, and a robust, effective response to minimise disruption of service and shorten recovery timescales.
How can Private Investigation help deal with ransomware attacks?
The field of private investigation is one that, by necessity, continually evolves in line with technology. Professional, reputable private investigation firms understand that, in order to provide the best and most cost-effective service to clients, they must be able to utilise the same cutting edge tools that criminals deploy in the course of their malicious and damaging actions. This includes the issue of cybercrime, with private investigators ensuring that they stay ahead of the game by immersing themselves in newly developing strategies and methods.
This means that private investigators, such as OpSec Solutions, can help deal with ransomware attacks in terms of both defence and response – before and after the fact.
- Electronic surveillance – As the owner of your digital devices, networks and systems, you can consent to private investigators deploying state-of-the-art technology to monitor video and audio recordings, corporate phone calls, and computer activity. This enables you to check whether your system is being subjected to attempts at Phishing, and also provides assurance against instances of criminals posing as law enforcement, shutting down your device or system while claiming the presence of illegal activity. The monitoring of digital activity within these specific parameters is entirely legal and ethical, precisely because consent is provided by the owner.
- Counter surveillance – If a situation arises in which you suspect an attack is already underway, private investigators can deploy state-of-the-art technology to identify the malicious action, hack or breach. This is important, because newly developed malware can be insidious and not immediately obvious. A digital infection can be quietly taking hold without your knowledge, only making itself known when it is too late to take remedial action. Once the attack is made clear, it is also vital to uncover the source in order to both fix the problem and prevent future incidents. If your system, network, or device has suffered an attack, then the point at which the malware gained entry is a tangible vulnerability that requires attention. This may be specific staff training, or an upgrade to cybersecurity systems, or both. The point is that, post-attack, your operation cannot be fortified unless the source of the attack is identified.
The OpSec Solutions team is comprised of operatives drawn from military, police, and corporate backgrounds, bringing with them a wealth of expertise in the areas of security and investigation. With full accreditations from the Institute of Professional Investigators, the UK Professional Investigators Network, the Information Commissioner’s Office, and the Association of British Investigators, OpSec Solutions follows the strict code of ethics set out by the ABI. This includes the requirement to operate entirely within the law, with full accountability, and with the utmost discretion.
These elements of conduct are of particular importance when it comes to the prevention of and recovery from ransomware attacks, which achieve their goals by threatening the long-term financial wellbeing of your operation, along with your most vital resource – your data. With OpSec Solutions, you can be assured that the operational integrity of your system will be the highest priority, and the team will help to ensure that the risk and impact of the current rise in ransomware instances are mitigated and managed for the future success of your business. Contact OpSec Solutions today to learn more about how the team can help.