Trusted advisors to support with strategy and transformation
Understand and improve the capability of your SOC
Secure, structured, and value-led migration services
Your roadmap to increase performance and value of your SIEM
Optimised security operations, engineered for you
Define, measure and improve your security posture
Gain visibility of exposure and reduce risk of exploitation
Stress-test your organisation’s cyber response capability
Advance your cyber threat intelligence capabilities
We safeguard operations, IP and human safety
We defend customer trust and keep your systems resilient
We build resilience in high-stakes environments
We help you stay secure, compliant and ahead of threats
We protect customer data and safeguard your reputation
We help reduce cyber risk and stay compliant
Discover the latest threat intelligence
Strengthening cyber defences with MDR, EDR and CTI
Complex SIEM migration and service transition
24/7 threat detection and response on Microsoft
Ransomware incident response and SOC transformation
Optimised SIEM platform and MITRE ATT&CK coverage
Cloud migration and SOC transformation
Securing 300+ applications with custom SIEM and SOC services
Maturing security operations with a comprehensive MSOC
Migration and optimisation of multiple Splunk deployments
Award-winning threat-led managed SOC services
Integrated SOC and OT Security for enhanced visibility
Your partner for effective cyber threat management
Enabling a safer and more sustainable digital future
Working in partnership to make the world a safer place
Become a Cyber Defender
Discover all the latest insights
Read all the latest news from our experts
Listen to our Cyber Insiders podcast and read the magazine
Connect with our experts
Maximise the value of your security investments
Critical steps to minimise the impact of a cyber incident
Staying adaptable and agile in the face of change
Threat Advisory: Israel-Iran Conflict Rising Hacktivism and UK Exposure
We safeguard operations, IP and human safety
We defend customer trust and keep your systems resilient
We build resilience in high-stakes environments
We help you stay secure, compliant and ahead of threats
We protect customer data and safeguard your reputation
We help reduce cyber risk and stay compliant
Discover the latest threat intelligence
Strengthening cyber defences with MDR, EDR and CTI
Complex SIEM migration and service transition
24/7 threat detection and response on Microsoft
Ransomware incident response and SOC transformation
Optimised SIEM platform and MITRE ATT&CK coverage
Cloud migration and SOC transformation
Securing 300+ applications with custom SIEM and SOC services
Maturing security operations with a comprehensive MSOC
Migration and optimisation of multiple Splunk deployments
Award-winning threat-led managed SOC services
Integrated SOC and OT Security for enhanced visibility
Your partner for effective cyber threat management
Enabling a safer and more sustainable digital future
Working in partnership to make the world a safer place
Become a Cyber Defender
Discover all the latest insights
Read all the latest news from our experts
Listen to our Cyber Insiders podcast and read the magazine
Connect with our experts
Maximise the value of your security investments
Critical steps to minimise the impact of a cyber incident
Staying adaptable and agile in the face of change
On May 12th, 2017, a group of hackers launched the now infamous WannaCry ransomware attack infecting over 200,000 computers across 150 countries. Considered one of the most damaging cyber attacks to date, WannaCry is arguably the one that has had the most profound impact on the cybersecurity world by bringing the role of cyber resilience and accountability to the forefront of people’s minds.
The disruption and fallout of WannaCry also highlighted the seriousness of the consequences for getting it wrong, particularly where it poses a risk to life in the real world. Following the attack, heightened scrutiny and new data protection regulations, meant if negligence can be shown, companies could face hefty GDPR fines (4% of global revenue) or legal action.
While cyber extortion is the most typical goal of ransomware groups, in the case of WannaCry the mission was to cause maximum destruction and damage. The self-propagating malware, which has been attributed to North Korean computer programmers, rapidly spread across the globe infecting and destroying data on hundreds of thousands of computers.
In the UK, more than 80 hospital trusts and 8% of GP practises were majorly disrupted by the attack, which led to an estimated 19,000 appointments being cancelled across a one-week period.[1] The attack caused the NHS an estimated total of £92 million through services lost during the attack and IT costs in the aftermath.[2]
The attack was eventually stopped by a 22-year-old hacker, Marcus Hutchins, who discovered and triggered a kill switch that neutralised the global threat. However, this wasn’t the end of the line for WannaCry and the malware remains active to this day.
While the WannaCry attack might seem like ‘old news’, there has been a resurgence of the ransomware. From January 2021 to March 2021 WannaCry ransomware attack rose 53%.[3] In this new variant the previously identified kill switch has been removed. Organisations that haven’t patched the EternalBlue issue are still at risk of being attacked. So, what did we learn from WannaCry?
Keeping systems up to date should be a priority. Following the attack, it was revealed that hundreds of thousands of computers had been running Windows XP unpatched, it was this safety misstep that allowed WannaCry to infect systems. Organisations must ensure effective management of their technology infrastructure, systems and services, including the adequate patching of devices and systems, ensure sufficient network security and replace unsupported software. Organisations cannot be complacent when it comes to cybersecurity.
Patching alone isn’t enough to stop malicious and increasingly sophisticated threat actors. Cyber criminals are using advanced techniques to hide from threat hunters and defenders so that they can exploit emerging vulnerabilities for which patches don’t yet exist. Organisations need to adopt a proactive approach to cybersecurity, or cyber resilience, to ensure that essential functions and operations can continue even a cyber criminal has penetrated defences and compromised digital assets.
When ransomware worms its way past your defences damage is measured by the time taken to detect, investigate, contain and resolve the threat. The longer your exposure, the greater the incident impact. It’s more efficient to stop a ransomware attack before it has a chance to do any damage. Having 24×7 managed detection and response can help reduce the time taken to detect and deal with threats by up to 80% over traditional MSSP. In addition, organisations can augment expert monitoring with an automated threat detection system.
To prevent ransomware disrupting business operations, it’s vital that organisations regularly back up company data. If a cyber incident occurs, the organisation will be able to quickly fall back on a recent backup version. Although this won’t protect you from attack, it will help minimise the fallout and lessen the impact. It also means the organisation won’t have to pay the ransom to retrieve their data and can avoid the task of restoring systems back to a previous version.
Often, ransomware attacks are the result of poor employee cyber awareness or bad habits. For example, employees may use easily guessable passwords or the same password for multiple accounts. Organisations can mitigate this risk by providing employee training and running regular attack simulations/ digital health check-ups to see if their employees are practicing good cyber hygiene. Employees need to know what they can take to reduce the likelihood of a ransomware attack succeeding.
Of course, accidents can and do happen, but this risk can be reduced through ongoing training and measures in place to prevent slip ups e.g. multi-factor authentication, the principle of least privilege, the scanning and monitoring of emails and files for suspicious activity.
To find out more about Adarma and how our cyber security services can help prepare and protect your organisation against ransomware attacks, please Contact us.
Stay up-to-date with the latest threat insights from Adarma by following us on Twitter and LinkedIn.
[1] https://www.nationalhealthexecutive.com/Search/wannacry
[2] https://www.nationalhealthexecutive.com/articles/wannacry-cyber-attack-cost-nhs-ps92m-after-19000-appointments-were-cancelled
[3] https://www.netsec.news/wannacry-ransomware-attacks-up-53-since-january-2021/
An error has occurred, please try again later.An error has occurred, please try again later.