Ransomware attack prevention – how to build in resilience

May 18th '22

What do ‘Wentworth Golf and Country Club’, the ‘UK Research and Innovation (UKRI)’, ‘Serco’ and ‘Acer’ have in common?


They were all ransomware victims in the last year! Apparently included was the ransom note addressed to Serco the attackers claimed: “We’ve been surfing inside your network for about three weeks and copied more than 1TB of your data.”


  • What is Ransomware?

Ransomware comes in several types and varieties, including crypto, lockers, extortionate, and ransomware as a service (RaaS), and they are not all the same.


Crypto ransomware encrypts files, scrambling the contents and making them unreadable. A decryption key is necessary to restore the files to a readable format. Cybercriminals then issue ransom demands, promising to decrypt data or release the decryption key once demands are met.


Locker ransomware doesn’t encrypt files but completely locks the victim out of their system or device. Cybercriminals then demand a ransom to unlock the device. Generally speaking, it’s possible to recover from or avoid an attempted crypto attack if a good backup is available. But a locker ransomware attack is harder and more expensive to recover from. Even with backed-up data, the device must be replaced entirely.


The basic objective of a ransomware attack is to extort money. But organisations can refuse to pay, especially when they have a good backup and recovery system in place. Unsurprisingly, attackers have begun using a new technique in recent years called double extortion, in which data is both encrypted and extracted. If the company refuses to pay, hackers threaten to leak the information online or sell it to the highest bidder.


And it gets a whole lot worse. As devastating as double extortionate ransomware sounds, security experts are warning of a bigger threat: triple extortionate ransomware. Attackers demand money from affected third parties, in addition to extracting data and demanding ransom from the initial target.


  • Ransomware Attack – What To Do – Restore and Recovery

Could your business run without it’s governance in place, reporting data for regulators or tax authorities? If yes, how long for?


The average downtime after a ransomware attack is 21 days. If you pay the ransom, it might take several additional days to receive the decryption key and reverse the encryption. Paying the ransom is not really an answer as around 13% of companies do, but they often don’t get the unlock code and have to rebuild their files from the ground up. On average, organisations that paid the ransom and got the unlock keys, only 65% managed to get their encrypted data restored. For another 29%, more than half of their stolen data remains encrypted. This means it’s extremely unlikely you’ll get all of your data back, even if you pay.


Be aware that some ransomware variants identify and destroy backups on the compromised network. If backups have been destroyed or encrypted, the recovery process can become more complicated. But even if backups are usable, recovery could still be a lengthy process, depending on the type of backup and recovery system you have in place.


Whether you pay the ransom or attempt to recover data yourself, plan for the entire recovery process taking several days. Plan as well for some degree of financial loss, whether it comes in the form of ransom payments, incident response costs, or lost revenue due to downtime.


  • What Happens If You Don’t Pay the Ransom?

You may look to leverage backups that reside on secondary storage, but they aren’t readily accessible. This slows time to recovery. Additionally, they must run forensic analysis to find the attack origins to ensure they don’t restore a corrupted backup.


  • The risks you run are:

Risk of reintroducing malware from backups. Backups have to be cleaned before recovery, or you risk reintroducing malware back into the system as part of the recovery.


Costly downtime: Right away, it’s looking like recovery point objectives (RPOs) and recovery time objectives (RTOs) won’t be met. IT resources are diverted as purpose-built data-protection infrastructure gets over-stressed by the weight of the attack.


Missed SLAs: With networks and critical apps out of commission, SLAs are missed. This isn’t just an IT problem, it’s a business problem—resulting in lost customer confidence and lost revenue.


Contact us


If you need any assistance, in strictest confidence,

call us today on

020 8087 2377 

or email.


Contact us


About us

LS Consultancy are experts in Marketing and Compliance, and work with a range of firms to assist with improving their advertising, documents, processes and systems to help mitigate risk.


We provide a cost-effective and timely bespoke copy advice and copy development services to make sure all your advertising and campaigns are compliant, clear and suitable for their purpose.


Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.


Contact us today for a chat or send us an email to find out how we can support you in meeting your current and future challenges with confidence.


Explore our full range today.


Contact us


Call Us Today on 020 8087 2377 or send us an email.


FREE downloadable content for Marketing, Compliance, Sales teams, small and medium-sized enterprises. Click here.


We’re looking for guest writers with business know-how and experience to create outstanding articles to feature on our website. Sound like you? Then find out more…