Ransomware surges in, and the data floods out

Paul will discuss how criminals are deploying ransomware and what business leaders need to know when it comes to protecting themselves against data leakage.
Paul Prudhomme, Head of Threat Intelligence Advisory, IntSights, raises awareness around the evolution of ransomware and current threats to business data. He discusses how criminals are deploying ransomware and what business leaders need to know when it comes to protecting themselves against data leakage.

Organisations today face an endless number of cyber threats, but ransomware remains one of the most feared. Ransomware has evolved from being a single-track extortion trick to a complex, multi-layer campaign. There are now far more risks to an organisation than simply losing a lump sum of money. Today, if ransomware takes hold, businesses could face brand damage, non-compliance penalties, lawsuit exposure and loss of sensitive data or intellectual property.

Unfortunately, many businesses are struggling to stay on top of ransomware defences and are left vulnerable to the militia of threats waiting to strike. Looking at the history of this particular cyber threat, we can better understand its direction and how it is likely to evolve further. Armed with this knowledge, organisations have a much better chance of defending against the relentless ransomware attempts launched by adversaries.

An increase in activity

Ransomware has left countless businesses bereft after they have fallen victim to ruthless hackers. The threats to organisations have increased as Ransomware-as-a-Service (RaaS) has gained popularity on the dark web, providing all criminals, no matter their skillset or expertise, with the opportunities to initiate their own ransomware attacks. Those with developed skillsets have moved beyond basic forms of ransomware attacks and now carry out campaigns with multiple forms of extortion. In fact, more than 30 ransomware groups operate according to a double extortion model, where attacks involve encrypted systems as well as a threat about stolen data.

In the past three years, we’ve also seen ransomware payments themselves increase dramatically. In 2018, the average ransom was less than $10,000; in Q3 2020, they had reached an overwhelming average demand of almost $250,000. Of course, different companies have different views on whether ransoms should be paid, but only when forced into that unthinkable position can individuals truly comprehend what is at stake.

The latest evolution

The group responsible for the latest directional shift goes by the name BABUK. This group recently published several press statements announcing that they will no longer encrypt networks as part of their attacks on businesses. There are a few implications from this change in focus:

  • Backups become obsolete.
  • Businesses will no longer be aware of their network is infected, even if it is up and running.
  • The previously respected ethical barriers have been torn down.

It is still important for businesses to maintain backups and ensure they stay detached from the network, but they will not protect companies from ransomware-related damage. ThisIn addition, this approach does not involve encrypting networks, so hackers could still breach the system and leave data-stealing malware without the business being aware. Finally, there was always an unwritten rule that critical infrastructure and healthcare organisations were exempt from ransomware targets – given their responsibility for human life. Now, however, these ethics no longer apply, with medical and educational institutions becoming some of the most targeted industries across the past year.

What the future of ransomware looks like

When considering the future of ransomware, we’re looking at three primary developments. The first being the transition of ransomware for mobile devices. Pretty much every working individual comes with at least one mobile device, making it a prime target for hackers. These small tools are packed full of data in the form of messages, pictures, saved passwords and contact details. As a result, we’re likely to see a surge in ransomware attempts on these devices, either through encryption or potentially just straight to extortion.

The Internet of Things (IoT) is one of the biggest growing markets in the technology industry today, and so, by default, it becomes another big target for hackers. Losing control of internet-connected devices poses greater threats beyond data theft; it could become physically dangerous. Many devices are now connected to the internet, including medical equipment, domestic appliances, and construction tools. Without the necessary forms of protection, these seemingly harmless devices could easily become threatening.

And finally, there is no cap on how high ransom demands could reach. As long as there are victims who are prepared to pay, hackers will continue to push the financial limits. Authorities have been advising individuals and companies not to pay ransoms as there is no guarantee that criminals will not look to exploit you again further down the line. Once you’ve shown that you’re prepared to pay, they’ll keep you in their sights.

Forms of protection

Whilst it’s impossible to predict and defend against every attack on a company’s data, there is plenty that businesses can do to make it as hard as possible for criminals to hack their way in. Firstly, given that phishing campaigns are a commonly used method of planting ransomware, it is vital that companies hold awareness training programmes for employees in order to stop these intruders at the door. This, when combined with advanced firewalls and email protection solutions, helps strengthen the first line of defence.

It’s also important to patch known vulnerabilities and keep software updated. This may seem obvious, but there are still many businesses lacking in basic cyber hygiene. Additionally, deploying a strict closed ports policy, or tight credentials change policy, is a further way companies can prevent data leakage through ransomware. It only takes one weak entrance to the network to grant hackers free reign.


Unfortunately, regardless of what solutions are developed in the years to come, the threat of ransomware is not going to go away. Through RaaS, this form of attack has become accessible to every level of hacker without the need for specialised skillsets. As we’ve seen, the ransomware landscape can take a complete 180-degree turn in a matter of years, so it is vital that organisations across the board stay vigilant and maintain their awareness of the threats on their company data.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

An image of ransomware, Cyber Security, Ransomware surges in, and the data floods out

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

The critical role of data integrity in generative AI

Anjan Kundavaram • 23rd November 2023

The quest to harness the full potential of generative AI relies on finding trustworthy data to achieve outstanding results for diverse use cases. With the continued growth and transformative impact of generative AI, business leaders need to ensure that the data being fed into it has integrity.

Navigating a CTO-as-a-Service arrangement

Cyril Samovskiy • 21st November 2023

Attracting a top-tier Chief Technology Officer (CTO) can be challenging at the best of times, but for tech startups – who often have limited resources, a yet-to-be-proven product-market fit, and financial instability – it can be even more so. Add tech’s ongoing talent shortage to the mix, and it’s easy to see why CTO-aaS is...

The Importance of SBOM and CVE in Medical

Diego Buffa • 18th November 2023

This article explores the critical landscape of medical device cybersecurity, focusing on the IMDRF’s “Principles and Practices for Medical Device Cybersecurity.” It advocates for a holistic approach throughout the product life cycle, with particular emphasis on the vital role of the Software Bill of Materials (SBOM). The article addresses the FDA’s stringent postmarket vulnerability reporting...

AI powered fused spurs unveiled by measurable.energy

Diana Kamkina • 15th November 2023

measurable.energy, experts in eliminating wasted energy, are proud to announce the launch of their latest innovation – fused spurs. This highly anticipated addition to their product line is set to transform the landscape of energy management in construction and commercial buildings.

Technology for a Sustainable Tomorrow

Mark Robison • 09th November 2023

We currently face the critical challenge of reducing carbon emissions in an effort to reach net zero targets. This is the challenge of our lifetime and for many more generations to come. Fortunately, this challenge has ushered in a new era of innovation, where technology plays a leading role in creating a sustainable future.

Preparing UK Businesses for the Coming PSTN Switch Off

Chris Wade • 01st November 2023

The PSTN Switch Off will require a robust framework of action as all business sectors will be impacted. In order to stay ahead of this significant change, businesses must start considering new, digital alternatives such as VoIP based communication technology.

Dark Fibre’s Role in Supercharging Edge Data Centers

Sean Lowry • 18th October 2023

In response to Proximity Data Centre’s e-book, Glide’s CTO, Sean Lowry explores the impact of low latency on gaming, the Metaverse, and AI. He explains how dark fibre and Glide’s “Fibre Cities” are primed to support the evolving needs of edge data centres and seamless connectivity.

Smart Labels and the intersection of technology and logistics

Sam Colley • 13th October 2023

The delicate fabric of the ever-evolving technological landscape is being rewoven with the introduction of game-changing elements like smart labels, which are bringing the logistics industry to the forefront of innovation. These technological wonders are not only transforming the landscape of logistics, but they are also unlocking a multitude of options where precision, discretion, and...