Debunking 5 Major Ransomware Myths & Misconceptions
Driven by an increasing number of high-profile attacks, ransomware awareness has grown significantly over past two years. In 2021, ransomware attacks more than doubled, a trend that has carried on into 2022, with over half (58%) of UK businesses having fallen victim to an attack.
With the advent of GDPR, the potential of massive reputational damage and increasing sophistication of this virulent form of malware, organisations are feeling the pressure to do more to bolster their cyber resilience in the face of this threat.
But, despite rising awareness, several erroneous beliefs about how ransomware operates persist. Fuelled by portrayals of ransomware attacks in the media, people often think that ransomware is an insurmountable threat that, once launched, is unstoppable.
Believing myths about ransomware can leave you exposed to threat actors who will exploit any opportunity to infiltrate your network. So, to help demystify ransomware and help you better understand what measures you can take to mitigate your risk, we’ve debunked 5 of the most common misconceptions about ransomware attacks.
1. Expensive software is all you need to stay safe
The human element of cybersecurity cannot be ignored in favour of a software only approach. A threat specialist can provide context, decisions and remediation actions that software alone cannot. Today’s threat actors are highly sophisticated and behave more like professional criminals, software alone simply isn’t enough to protect you.
For organisations with valuable information and deep pockets, the attack is likely to be targeted and precise. If motivated enough, a threat actor will find a way to circumnavigate your software, therefore, around-the-clock threat monitoring and detection and ongoing vulnerability management should be an essential part of your first line of cyber defence.
Even after a malicious link has been clicked, with the right team supporting you on the ground the attacker’s journey can be derailed, contained and prevented from achieving its objective, thereby stopping or minimising the impact to your business.
David Calder, Chief Product Officer at Adarma explains, “It’s important to recognise that the journey from an initial foothold to a full ransomware compromise needs many steps – the ideal is to remove potential attack paths but, where this can’t be accomplished, monitoring and disrupting their use must be the fallback position.”
2. Ransomware is executed upon clicking a nefarious link
As has already been touched upon, a click isn’t always fatal. Contrary to what popular films would have you believe, threat actors don’t attack immediately upon gaining access to a network.
Ransomware attacks consist of many stages before the actual attack is launched. A click is not the only initial vector that can be used in a ransomware attack – compromised credentials, unpatched systems etc are also common and these initial vectors are separate from phishing.
There are opportunities at each phase to halt the attacker. However, the window to detect, contain and eliminate the attacker narrows the longer the attacker is inside your systems. Often, attackers begin with reconnaissance, looking to identify a vulnerability and the best way to exploit it. When this phase is completed, they will apply what they’ve learned and use it to shape their attack, perhaps crafting credible phishing emails or establishing beach heads.
By the time of the attack, the cyber intruder may have been lurking in your system for months, disabling firewalls and preventative, detective and recovery systems. In fact, the initial breach made months ago might have been performed by one group and then sold to another for payload execution much later.
Continuous vigilance, excellent threat intelligence, a team of fierce threat hunters and a strong cyber threat posture are key to ensuring that attackers are detected and ejected early on before they have the chance to launch their attack.
3. Financial losses are limited to the payment of the ransom
The financial impact of a ransomware attack does not end with the ransom, in fact it can be just the start of a company’s financial woes.
Between the cost of ransom, business interruption, remediation and rebuilding, a less prepared private organisation can easily go bankrupt because of a single ransomware attack. In addition to the immediate up-front costs, organisations can also face exposure to third-party claims, suffer irreparable reputational damage and face stiff fines from governing bodies such as the ICO.
Ideally, business leaders should discuss upfront whether to pay or not in advance of an attack to avoid the additional pressure of having to make such an important decision during a chaotic and stressful situation. Of course, depending on the circumstances they may have to change their position e.g. the cost of not paying the ransom is prohibitive.
However, having a decision-making framework in place and fully understanding the potential impact of a ransomware attack will enable businesses to make better decisions before, after and during an attack to minimise its financial impact.
4. My organisation isn’t a target for ransomware attacks
This belief stems from two common misconceptions about ransomware attacks; firstly, that criminals only target big organisations and secondly, that their data isn’t valuable enough to make them a target. Unfortunately, this simply isn’t true.
No business, large or small is immune to the threat of ransomware, so don’t let the size of your business determine your cybersecurity strategy. Cyber criminals don’t discriminate, if they see value in your data they will go after it no matter the size or industry of your business.
In fact, both the FBI and NCSC have noted in 2022 that they’ve seen cyber criminals are shifting away from big-game hunting towards targeting mid-sized businesses to avoid the public scrutiny that comes with going after big-name targets. Increased pressure from police agencies and high-profile arrests of cyber criminals is driving this shift.
5. Our ransomware protection is bullet-proof
This belief that any defence could be infallible is a dangerous misconception. Thinking you’ve got your cybersecurity box ticked can lead to a sense of misplaced confidence and complacency. Attackers never standstill and neither can you.
Adarma’s Ransomware Readiness Reportfound a worrying trend among UK businesses leaders that suggests that businesses are overconfident in their ability to respond to a ransomware attack. 96% of business leaders reported feeling confident in their organisation’s existing measures to deter or prevent a ransomware attack, while 95% are confident they have the correct measures in place to respond in the event of an attack, despite 22% not having a cyber incident response plan in place.
Cybersecurity is a continuous process that needs to be regularly reviewed and upgraded in response to an ever-evolving threat landscape. The fluid nature of ransomware means that it’s vital that your organisation keeps its finger on the pulse of your cybersecurity strategy and adopt a threat-led approach.
Your team should be utilising threat-led intelligence to anticipate the next way you will be targeted and take preventative measures accordingly. Manage your exposure and protect your business by staying informed of the latest security best practices and ensure you have the right people around you when it matters most.
Find out more
If you’d like to learn more about ransomware and how to enhance your cyber resilience, you can watch our webinar recording, where our experts David Calder, Chief Product Officer at Adarma and Bernard Montel, Security Strategist at Tenable unpick the journey of the ransomware attack and share practical techniques defenders can use to contain or extract an attack before, during and after the attempted breach.