The Rise of Human-Operated Ransomware Attacks

Ransomware is disruptive, expensive, and is becoming increasingly targeted through human-operation. But there are measures you can take to stop a ransomware attack in its tracks.

The term ‘ransomware’ refers to a type of malware that encrypts files and demands a ransom in return for the decryption key; alternatively, the hackers may threaten to leak sensitive information, which is known as ‘doxware’. Ultimately, the end goal is to profit from the disruption caused to an organisation or individual. We use the term organisation here rather than business because cybercriminals frequently attack non-profit organisations like the NHS, as well as private businesses like Sony. But you don’t need to be a well-known organisation to become a victim of ransomware – there are multiple types, with varying degrees of severity.

Ransomware can be costly experience. Last year, the cybersecurity company Coveware reported that the average cost of a ransomware attack was $80,000. This figure, for the final quarter of 2019, represents a huge 104% increase in average ransom payments on the previous quarter; this suggests that cybercriminals are becoming more sophisticated in their methods, targeting high profile organisations, and demanding higher ransoms. Indeed, the US-based Cybersecurity company FireEye a report this week 76% of ransomware attacks in the enterprise sector take place outside of working hours, with 49% taking place overnight during the week, and 27% over the weekend. Cybercriminals are choosing to strike at unsociable hours because it’s unlikely that businesses will have an IT staff member on site at these times. If a security alert was triggered by a ransomware attack, there would be nobody around to stop it in its tracks before the encryption process has been completed. These so-called ‘human-operated ransomware attacks’, as Microsoft calls them, pose a growing threat to businesses. Ransomware like Petya and WannaCry are auto-spreading, and spread from system to system randomly. Human-operated ransomware is deployed by cybercriminals who have done their research, and have extensive knowledge of common network security misconfigurations. FireEye estimate that human-operated ransomware attacks have increased by 860% since 2017.

To protect your business from human-operated ransomware attacks, there are several best practices that you can follow. You should carry out regular anti-phishing training for all of your employees, ensuring they are aware of the costs that one wrong move could incur. Regular backups should be made, even if it’s just critical data, and you should store them offsite so they can’t be targeted by cybercriminals too. Crucially, you should use enterprise-level email and host-based security products, with up-to-date protections that can detect the latest malware strains. You should also consider cyber insurance that will cover the costs in the event of a ransomware attack.