03 February 2025
Ransomware is a phase that many people have heard of over the past 15 years, but many people do not know what it is, how these types of attacks have grown, and how businesses could be affected. Many people still think of ransomware as a simple "lock and hold" type of attack, where data encryption is the primary motivation for businesses to pay cyber criminals to return access to their data. However, cyber criminals are adapting!
As businesses increasingly use more comprehensive backup strategies to prevent disruptions, attackers are shifting their focus away from simple encryption attacks towards data theft and extortion. Let's take a look at how Ransomware attacks have evolved.
What is Ransomware?
Ransomware in its traditional sense is malicious software/malware designed to block access to a computer system or data until a ransom is paid. In its earliest form, ransomware attacks were simple yet devastating, such as the WannaCry attack on the NHS in 2017 which cost them a total of £92 million through services lost during the attack and total IT and regulatory costs in the aftermath.
Traditionally, cyber criminals would spread malware across and encrypt all of the data on a business’s network, rendering it completely inaccessible until a payment was made for access to the decryption key. These types of attacks were traditionally delivered via phishing emails or malicious downloads from unverified sites, infecting a single endpoint before spreading across networks, and locking critical files, databases, and applications along the way.
Once a business had been fully infected by the malware and the ransom attack launched (often with some form of popup when attempting to access encrypted files and data) cyber criminals would usually demand payment in the form of cryptocurrency, taking advantage of the anonymous nature and the difficulty to trace transactions. This “lock and ransom” approach created an immediate threat for organisations that depended on continuous access to their systems and data.
Businesses targeted in these traditional forms of ransomware attacks without robust and secure backup strategies are particularly vulnerable, as recovering locked data requires either paying the ransom or facing potentially significant downtime and massive data loss. However, as backup solutions have improved and newer security methods such as immutable (or ‘read-only’) backups were implemented, so did businesses’ ability to recover from these forms of attacks. This is why as a business we recommend that businesses implement comprehensive 321 backup strategies, paired with immutable backups as part of a wider zero trust environment. This combination of backup and security now means that even if businesses did suffer one of these “lock and ransom” based attacks, they could recover from this with minimum data loss and downtime.
The Shift to Data Theft & Extortion in Modern Data Ransom Attacks
Due to this shift in protection against traditional ransom attacks, cyber criminals understand that encryption alone no longer exerts the leverage it once did. As such, cyber criminals have adapted their attack methods, adopting a double extortion model, where data theft is used as a secondary threat. Now, instead of solely blocking access, attackers steal sensitive data before encrypting it and then demand a ransom to avoid public release of that data.
In this model, even if a company can recover from an encryption attack using backups, the threat of data exposure remains and could also result in legal and regulatory costs if the businesses is seen to not have been adequately protecting sensitive customer data.
Cyber criminals often post samples of stolen data on the dark web as proof of these kinds of data ransom attacks, increasing the pressure on companies to pay the ransom, and this has proven to be a highly effective method to leverage the attack. Organisations face not only operational disruption but also potential legal, reputational, and competitive damage if competitors get a hold of this data to use to their own advantage. Often cyber criminals may even target competitors for a double hit by offering to sell this data directly to them.
As such ransoming businesses for the “deletion” of data has become a common attack vector by cyber criminals as part of these data theft attacks. But the question remains... would you trust a cyber criminal to delete your data if you pay? Or are they still likely to leak this data or sell it to your direct competitors?
Why Should Businesses Be Concerned?
Data Exposure Risks: Beyond the immediate financial loss as the result of disruptions to business operations, the leak of sensitive business data can also have more severe consequences. For example, customer and employee data exposure can lead to legal penalties under GDPR in the UK and EU. Whereas intellectual property theft can compromise a business’ competitive advantage, and lead to reputational fallout and erode trust.
Reputational Damage: As mentioned above, data theft can significantly damage a company’s reputation, even if it manages to keep systems running through backup restoration after a ransomware attack. Loss of trust among clients and stakeholders is difficult to quantify but can be a long-term burden on a brand, impacting existing customer retention, partnership opportunities, and business growth among prospective clients.
Legal and Regulatory Issues: In the face of a data breach, businesses are often required by law to disclose the incident to affected customers and relevant authorities, resulting in fines and legal actions. Regulators in the UK, including the Information Commissioner's Office (ICO), have become increasingly strict about data protection and breach disclosures, and penalties for non-compliance can be severe. The ICO states that businesses who experience data breaches must notify supervisory authorities (ICO) within 72 hours of becoming aware of the breach.
Misconceptions About Modern Ransomware Attacks
Backups Alone Are Not Enough: Many businesses believe that a comprehensive backup strategy alone is the ultimate defence against ransomware, as they can recover their business data. While backups are essential, they don’t protect against data theft and the subsequent blackmail, and extended legal, regulatory & reputational costs, associated with data leaks. This is why businesses must have comprehensive cyber security strategies paired with their backups, to be able to combat evolving cyber threats.
Payment Does Not Guarantee Security: Another misconception is that paying the ransom guarantees data retrieval or deletion. But it is of utmost importance to consider that paying cyber criminals is risky and (regardless of what they say) does not guarantee compliance on their part with any promises they make. Studies from cyber security experts indicate that paying a ransom does not reduce the likelihood of future attacks or data misuse. Many attackers simply return for a second demand, knowing the company is likely to comply again.
Encryption is No Longer the Sole Threat: While encryption was once the main weapon, cyber criminals now focus on data exfiltration and leakage as primary methods of extortion. A 2023 report from the UK National Cyber Security Centre (NCSC) confirms that "double extortion" attacks have become more frequent, affecting organisations across all industries, especially those that hold significant sensitive data such as solicitors, accountants, charities, real estate and more.
How Businesses Can Protect Themselves Against Modern Ransomware Attacks
Comprehensive Cyber Security Solutions: At a minimum, annual cyber security audits are essential to ensure that businesses are following best practices with regard to the safeguarding of their business data. We are constantly assessing our client’s level of cyber protection to ensure that they meet our minimum guidelines. In 2023 only 31% of UK businesses undertook a cyber security health check, and in that same period, cyber attacks on UK businesses more than tripled from 2.39 million in 2022, to 7.78 million in 2023. If your business has not taken a cyber health check in the past 12 months, fill out the form below to get in touch for your free assessment.
Invest in Cyber Security Training: Employees are the weakest link in your cyber defence strategy. Regular training on recognising phishing emails, avoiding suspicious links & downloads, and following secure data practices can reduce the chances of a ransomware attack.
Implement Strong Access Controls and Data Encryption: Protecting sensitive data with advanced encryption can limit the usefulness of stolen information to attackers. Additionally, applying strict access controls by using the rule of least privileged access, privileged access managed, and using additional account verification methods such as multi-factor authentication, can help prevent unauthorised access.
Develop a Disaster Recovery and Incident Response Plan: An effective incident response plan can help businesses respond swiftly to any form of cyber attack or hardware failure. This plan should include communication strategies, contact points within law enforcement & regulatory bodies, and cyber security specialists, and steps for containment and recovery.
Cyber Insurance: While not a preventative measure, cyber insurance can provide financial protection if a ransomware, or any other form of cyber attack occurs, covering some (but likely not all) costs related to breach response, data recovery, and potential legal & regulatory repercussions in the fallout of an attack.
How can we help protect your business?
With this shift in ransom threats, understanding these modern methods is crucial for businesses to put the processes and solutions in place to protect their assets, reputation, and customers. Ensuring that your business has a comprehensive cyber security strategy in place, along with employee education, and a robust incident response strategy, are essential steps for countering this shift in the modern threat landscape.
Fill out the form below to take your FREE Cyber Health Check and understand if you are protected from the latest threats.
    Help Desk