Associate feature: The state of ransomware - how to future-proof your cyber security

With the explosion of Artificial Intelligence into every aspect of our lives, as well as the professionalization of cyber-crime and the fast-paced evolution of technology, the world of ransomware is changing.

But what does that mean and how will it impact small- and medium-sized companies both right now and in the future?

Shift towards data extortion

Ransomware trends suggest a shift toward data extortion as organizations enhance their defences against traditional encryption-based attacks. Attackers are pivoting from encrypting data to focusing on data theft and extortion as primary revenue streams.

"Whenever you can deny someone something they need, you have power over them." Tom Van de Wiele

Rise of Cybercrime-as-a-Service (CaaS)

The emergence of CaaS is another significant trend in ransomware. CaaS provides a marketplace where aspiring ransomware operators can buy ransomware kits, malware, and access credentials, lowering the barrier to entry for cybercriminals. This ecosystem fosters the proliferation of ransomware attacks across various industries, making it easier for less experienced attackers to participate in the cybercrime landscape.

Operational resilience as a countermeasure

To mitigate the impact of ransomware, organizations must prioritize operational resilience. This involves comprehensive threat modelling, exposure management, and maintaining a solid recovery plan. Protecting high-risk areas, particularly legacy systems with limited recovery options, is crucial. Organizations should invest in robust backup solutions and regularly test recovery procedures to ensure swift restoration of critical functions following an attack.

How to future-proof your cyber security

Despite constant progress and evolution in the cyber security landscape, ransomware remains one of the most daunting threats facing organizations. At its core, ransomware persists because it is profitable. Cybercriminals will continue to launch ransomware attacks as long as they can expect to make significant financial returns. Advances in areas like cloud infrastructure, SaaS, and mobile technology are convenient, but they also expose new vulnerabilities ransomware attackers are exploiting.

Security Challenges

Many people believed that the shift to working in the cloud would mean automatic data security, but that is not the reality. Cloud platforms provide standardized environments, immutable backups, and enhanced tracking of API actions, which support incident response. However, they also introduce significant security challenges. Because cloud systems are accessible from anywhere, they are attractive targets for ransomware attackers, who can exploit open access points. If an attacker obtains credentials, they can potentially infiltrate networks as easily as an authorized user. Once inside, attackers leverage deep integrations within the cloud, such as compromised API keys, to escalate privileges and move laterally. This easy access and privilege escalation complicates real-time visibility and response for security teams. A key challenge in cloud security is reliance on third-party vendors, such as Microsoft or Google, for critical infrastructure. Unlike on-premises setups, cloud environments don’t always provide detailed logs or controls, making forensic investigations more difficult. Even with improved logging, retrieving and analysing data often requires specialized third-party tools.

Practical tips for combatting the ransomware threat:

1. Shift from reactive to proactive security controls

Investing in high-profile security products is only part of the solution; organizations must also leverage these tools proactively. This includes dedicating time for threat modelling, identifying potential adversaries, and using data to uncover vulnerabilities. Turning on logging features—often disabled to reduce noise—can yield valuable insights when monitored effectively, for example. A proactive security posture should be informed by intelligence-led risk analysis, rather than relying on assumptions about safety.

2. Embrace data-driven security perspectives

Some organizations equate a lack of incidents with strong security, but analysing unsuccessful attack attempts will reveal the reality, and provide crucial information about the types of threats targeting your organization. For instance, if attackers start using internal names or proprietary information in phishing attempts, it may indicate a more sophisticated, targeted campaign that requires immediate attention.

3. Look beyond your organization

It's easy to concentrate on internal security, but organizations must also consider the broader software ecosystem. For example, many companies rely on open-source software maintained by a limited number of developers, which can be a vulnerability. Attackers may target these developers to gain access to larger organizations that utilize their code.

There’s no size too small for attackers – I’ve seen everything from small charities to large corporations fall victim to ransomware. - Rob Anderson

4. Prioritize continuous threat intelligence

Active engagement in threat intelligence is essential for effective exposure management and early detection of emerging threats. By monitoring potential attack vectors and staying informed about the tactics employed by threat actors, organizations can adapt their defences accordingly. Regular threat modelling exercises are vital, enabling organizations to not only react to incidents, but also anticipate future attacks and bolster their defences against evolving ransomware tactics.

Hear more from our experts on this topics by watching the webinar here.

WithSecure™, formerly F-Secure Business, is cyber security’s reliable partner. IT service providers, MSSPs and businesses – along with financial institutions, manufacturers, and thousands of the world’s most advanced communications and technology providers – trust us for outcome-based cyber security that protects and enables their operations.

This article is sponsored by WithSecure.

www.withsecure.com