Consider the impact an attack like this could have on, for instance, a travel agency – not only could they
            be locked out of their own booking system, but they could face further consequences if the client details
            they have on file, including passports and driver’s licenses, are leaked.

            Further complicating matters is the uncertainty about how long a cybercriminal might have been in your
            system. It’s one thing to back up your files every seven days, for instance, but if they’ve had access to
            your system for months, that’s redundant – and makes recovery close to impossible.




            The perfect storm

            There are any number of factors that have led to the surge in ransomware over the past 12 months, from
            the increasing ease of its use to the changes in the workplace caused by COVID-19 and the frequency
            of ransom payments.

            The  aforementioned  report  by  RUSI  and  BAE  Systems  points  to  how  easy  it  has  become  for
            cybercriminals to acquire and Utilize ransomware, exemplified by the rise of ransomware-as-a-service.
            Even low-skilled cybercriminals can now pay a fee to nefarious operations like REvil for pre-packaged
            ransomware that they can use. Shady operators can even employ the services of ‘initial access brokers’,
            who sell access to pre-compromised corporate networks.

            It’s  long  been  known  that  ransomware  attacks  exploit  human  weaknesses  as  well  as  technical
            vulnerabilities, and the boom in remote working caused by COVID-19 has presented cybercriminals with
            plenty  of  both.  The  FBI  attributed  the  sharp  spike  in  cyber-crime  in  2020  to  ill-secured  virtual  work
            environments and a reliance on email and makeshift IT infrastructures.

            It’s a free-for-all that led to a dramatic increase in risk, as businesses caught flat-footed by the pandemic
            lost track of which devices were being used by their employees, and had no control over the security of
            their Wi-Fi connections. With employees operating across different networks in multiple locations, using
            the same devices for work and personal purposes without the benefit of their  organization’s security
            perimeter, the attack surface for cybercriminals grew exponentially.

            Once an attacker compromises an employee at home, it’s just a matter of waiting for them to connect to
            the corporate network. From there, they may as well be plugged into a computer inside the office.

            Often, organizations will feel they have no choice but to pay the ransom – and the more organizations
            that give in, the more that ransomware is  normalized and incentivized. And while taking out a cyber
            insurance policy might seem like the responsible thing to do, it further encourages payment, turning
            ransomware into just another standard operating cost.

            It should be noted, too, that the rise of ransomware is inextricably linked to the rise of cryptocurrencies
            like Bitcoin – a secure, essentially untraceable method of making and receiving payments favored by
            cybercriminals for its anonymity.

            I’ve seen organizations faced with the difficult choice of whether or not to pay the ransom firsthand. While
            there is momentum behind a  push to make ransom payment illegal, it’s entirely understandable that






                                                                                                              63