Ransomware is a type of illegal software that is used to block a businesses digital systems, preventing it from conducting business-as-usual. Hackers, or digital mafia, use these ransomware software to hold individuals and businesses to ransom. An independent global survey of IT and cyber security professionals found that over 80% of businesses were attacked by ransomware in 2021, and that over 60% of these businesses paid the ransom demanded. Double-extortion ransomware is another form of hacking and business ransoming that removes data from a businesses files. These files are then encrypted, and hackers ‘sell’ the files back to the business through a ransom. Businesses who refuse the ransom face the threat of the data being released. Reputation is increasingly at stake for businesses holding valuable and private data. According to Heimdal Security, only 65% of businesses actually recover their data after paying the ransom. Ransomware attacks are not only prevalent and evolving, but they are also on the increase.


Who Are the Hackers?

Analysis by the BBC showed that 74% of ransomware attacks profits in 2021 was linked to Russia-based hackers. In fact, in 2021 more than $400 million worth of crypto-currency were paid in ransom payments into Russia alone. But external ransomware threats are sadly not the only kind of threat facing businesses when it comes to security ransoms. Internal security attacks are becoming increasingly frequent, where those within an organisation hold a business to ransom through their infrastructure.


Collective Response

Now more than ever, there is a growing desire to protect against and combat ransomware attacks, by businesses and individuals. Infrastructure security is evolving, but not all businesses can evolve and invest in this more defensive manoeuvre to the same level. This leaves some businesses more exposed than others. When hacking is an easy and profitable source of income, it only serves to encourage more and greater targets. What is clear, is that for the collective good, knowledge sharing between businesses is key. Ransomware attacks and defence require a collective approach, for the communal good.



Identifying and Defending Against Cyber Threat

The Government provides basic advice on how to prevent cyber attacks by reducing overall exposure. This includes educating users on what to look for in a potential security hack and adopting malware and password protections. Their advice is that to prevent an attack in the earlier stages through the adoption of security softwares is a much better investment that having to face a full-blown ransomware hack. In the UK, the average ransom cost of such an attack is between £600,000 and £1,150,0000 for businesses.

The Financial Times suggests “that small, and seemingly innocuous holes or glitches in corporate IT networks and management policies can become the gateways to much bigger disasters”, Nicole Perlroth. For example, the failure to close an email account for a terminated employee was enough for a key US energy company to be afflicted by a cyber hack. Good ‘housekeeping’ and clear business policies and processes can help to prevent these holes that can allow malware and ransomware into a business. Three easy steps for businesses to take is to ensure two-factor authentication is used, passwords must regularly be changed, and employees are regularly educated on the latest email phishing scams to avoid clicking the links of. Cyberark reports that since COVID-19, malicious emails to businesses have increased by over 600%. The likelihood of an employee opening a door to such an attack inadvertently has never been higher, and these attacks are growing ever more sophisticated.


It Often Starts as You’d Expect

Phishing emails are one of the first signs of a ransomware attack. These suspicious emails often have attachments, and are something for businesses and employees to look out for. Network scanners and active directory networks are also potential channels for infiltration. Microsoft Process Explorer is often a way for hackers to steal login credentials, so can also be another sign for identifying and channel for defending against ransomware hacks. The removal of a security software can be another early sign of an impending attack – and to raise the alert. Hackers can also ‘test hack’ businesses before they launch a full scale attack. So businesses and employees should be educated to identify small breaches to the system in the anticipation of a potential full ransomware attack.

And sometimes, taking your eye off the ball due to an apparent ‘it isn’t broken, so don’t fix it’ mentality when using external systems such as a website platform like Adobe Commerce (previously Magento) is very risky. Too many took too long to move from an older grandfathered version and left themselves open to a large scale attack.

Cyberark also suggests reframing business emergency preparedness to ensure that cyber threats are treated as inevitable, rather than just a possibility. This can help to ensure that businesses invest in preventative measures and take cyber threats more seriously. High value targets for double extortion ransom attacks, such as the NHS, typically spend a very small percentage of their budget on such preventative measures. But with the costs of such high profile attacks costing as much as £40,000,000 in one ransom, the preventative security measures are increasingly vital.



Ransomware hacking is already rife, and becoming increasingly so. The means by which hackers are infiltrating businesses are becoming increasingly sophisticated and difficult to detect. But there are some small warning signs to look out for, and actions for businesses and employees to take that can prevent a glitch from becoming a full scale breach. The global economy is hugely impacted by such attacks, and as a business community it is important to educate and knowledge-share to forewarn and forearm against malicious cyber threats.