{"id":21730,"date":"2024-10-07T12:41:29","date_gmt":"2024-10-07T11:41:29","guid":{"rendered":"https:\/\/interface.media\/?p=21730"},"modified":"2024-10-07T12:41:36","modified_gmt":"2024-10-07T11:41:36","slug":"ransomware-in-2024-prioritising-tried-and-tested-recovery","status":"publish","type":"post","link":"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/","title":{"rendered":"Ransomware in 2024: Prioritising tried and tested recovery"},"content":{"rendered":"\n<p>When did ransomware truly ramp up? Historically, many victims didn&#8217;t document successful attacks. This makes it hard to say with any certainty when this now widespread technique kicked into the mainstream arsenal of threat actors.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-the-rise-of-ransomware-nbsp\"><strong><em>The rise of ransomware&nbsp;<\/em><\/strong><\/h3>\n\n\n\n<p>With that said, I feel as though a shift started in the late 2010s \u2013 and reports from others have corroborated my hunch.<\/p>\n\n\n\n<p>The UK\u2019s National Cyber Security Centre (NCSC), for example, stated that \u201cransomware has been the biggest development in cybercrime\u201d since it published its 2017 report on online criminal activity.<em> <\/em>Similarly, <a href=\"https:\/\/www.cyber.nj.gov\/threat-landscape\/ransomware\/the-evolution-of-ransomware-a-5-year-perspective\" target=\"_blank\" rel=\"noreferrer noopener\">the New Jersey Cybersecurity &amp; Communications Integration Cell affirmed<\/a> that \u201cafter 2017, the number of ransomware attacks have become more prevalent and continue to increase each year\u201d, tallying with the growing popularisation of cryptocurrencies at that time which have enabled payments to be sent anonymously.<\/p>\n\n\n\n<p>Since then, ransomware has remained an ever-present threat. Indeed, by the third quarter of 2021, <a href=\"https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2021-10-21-gartner-says-threat-of-new-ransomware-models-is-the-top-emerging-risk-facing-organizations\" target=\"_blank\" rel=\"noreferrer noopener\">Gartner<\/a> revealed that <a href=\"https:\/\/interface.media\/blog\/2024\/09\/27\/new-levels-new-devils-the-multifaceted-extortion-tactics-keeping-ransomware-alive\/\">new ransomware models<\/a> had become the top concern facing executives.<\/p>\n\n\n\n<p>In response, companies of all shapes and sizes have gradually begun to work towards protecting themselves from the evolving threat of ransomware, working to establish effective security policies and protocols. Further, the fightback has also stemmed from other areas, be it the continual evolution of defensive technologies or the heightening of regulations, with enterprises now required to implement more stringent security measures to ensure compliance and avoid fines.<\/p>\n\n\n\n<p>However, without question, there are still several gaps that need to be bridged.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-the-state-of-ransomware-in-2024\"><strong><em>The state of ransomware in 2024<\/em><\/strong><\/h3>\n\n\n\n<p>To explore just how effective (or ineffective) enterprises have become in defending against the impacts of ransomware attacks, Semperis recently carried out a survey of <a href=\"https:\/\/www.semperis.com\/ransomware-risk-report\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a0nearly 1,000 IT and security professionals<\/a> from global organisations across multiple industries in the first half of 2024.<\/p>\n\n\n\n<p>Looking at the data, it\u2019s clear that the threat of ransomware remains a significant problem, with attacks having become both frequent and continuous. According to <a href=\"https:\/\/www.semperis.com\/ransomware-risk-report\/\" target=\"_blank\" rel=\"noreferrer noopener\">the report<\/a>, ransomware attacks impacted 85% of UK organisations in the past 12 months. Almost half of all organisations (45%) were attacked three times or more.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-repercussions-of-ransomware-nbsp\"><strong><em>Repercussions of ransomware&nbsp;<\/em><\/strong><\/h3>\n\n\n\n<p>What is more concerning, however, is the rate at which companies are failing to combat these attempts. Indeed, hackers using ransomware successfully breached more than half (54%) of the UK companies we surveyed were in the space of 12 months \u2013 sometimes within the same day.<\/p>\n\n\n\n<p>The damages associated with ransomware attacks are well known. From regulatory fines to business downtime and reputational damages, such threats can cause domino effects of problems for firms, with very few respondents having managed to avoid any kind of impact. Globally, almost nine in 10 (87%) experienced some level of disruption, while for a significant group, the effects were much greater. Indeed, 16% had their cyber insurance cancelled, 21% saw layoffs, and one in five (20%) had to close their business permanently.<\/p>\n\n\n\n<p>Given the potentially devastating consequences, firms can feel cornered into cooperating with threat actors. In fact, more than three quarters of respondents in our survey that had suffered such an attack opted to pay the ransom, with 32% having paid out four or more times in the space of just 12 months.<\/p>\n\n\n\n<p>Further, these sums are not insignificant. Indeed, 62% of UK companies that paid a ransom stumped up funds of between \u00a3200,001 and \u00a3480,000.<\/p>\n\n\n\n<p>It shouldn\u2019t just be the astronomical sums involved here that cause alarm bells to ring. Equally, it is vital for firms to understand that there is no guarantee that meeting the demands of cybercriminals will make their problems disappear during a ransomware attack. In fact, our findings show that more than a third of organisations that paid ransoms failed to receive decryption keys or were unable to recover their files and assets.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-d-on-t-overlook-recovery\"><strong><em>D<\/em><\/strong>on&#8217;t overlook <strong><em>recovery<\/em><\/strong><\/h3>\n\n\n\n<p>Such a status quo cannot continue. Instead, enterprises must go back to the drawing board, working to establish more reliable and effective cybersecurity and system recovery strategies that work effectively against the ever-present threat of ransomware.<\/p>\n\n\n\n<p>As part of this rework, companies must continue to test and trial their methods. This is vital to ensure they work when the company needs them. Indeed, our survey shows that 63% of UK companies took more than a day to recover their systems to a good state, while one in eight took over a week.<\/p>\n\n\n\n<p>This is a problem. Indeed, downtime is more than just an inconvenience. Every second that passes during an outage translates into lost revenue, diminished customer trust and lasting damage to an organisation\u2019s reputation. From sales slipping away to consumers questioning the reliability of your company, the implications can be massive.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-on-the-right-track-to-recovery\"><strong><em>On the right track to recovery<\/em><\/strong><\/h3>\n\n\n\n<p>Promisingly, it appears that many organisations are <a href=\"https:\/\/interface.media\/blog\/2024\/09\/12\/3-reasons-you-need-a-new-cyber-resilient-approach-to-data-protection\/\">on the right track<\/a>, with nearly 70% of respondents stating that they had an identity-focused recovery plan in place. However, despite this, only 27% actually maintained dedicated systems for recovering Active Directory, Entra ID, and identity controls \u2013 the Tier 0 infrastructure that all systems depend on for recovery.<\/p>\n\n\n\n<p>Organisations must bridge this gap. For many companies worldwide, AD is the backbone of their operations, serving as the primary identity platform. Cybercriminals are acutely aware of its significance and continue to target it. If they can gain control of an enterprise\u2019s AD, they can effectively bring everything to a halt, applying immense pressure on unprepared organisations.<\/p>\n\n\n\n<p>To avoid such a scenario from unfolding, organisations must prioritise establishing a dedicated system for backing up and recovering AD, ensuring they can restore operations with both speed and integrity in the event of an attack.<\/p>\n\n\n\n<p>Less than a quarter of firms currently have such a system in place, and that needs to change. Yes, preventative measures are important. However, recovery is an aspect that organisations cannot afford to overlook.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dan Lattimer, Area VP UK&#038;I at Semperis, breaks down the industry\u2019s best route to recovery in the wake of a ransomware attack. <\/p>\n","protected":false},"author":480,"featured_media":21731,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"apple_news_api_created_at":"2024-10-07T11:41:33Z","apple_news_api_id":"b7fc3f0c-7f9c-4fd2-bc54-ed164c83a786","apple_news_api_modified_at":"2024-10-07T11:41:34Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/At_w_DH-cT9K8VO0WTIOnhg","apple_news_cover_media_provider":"image","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_cover_video_id":0,"apple_news_cover_video_url":"","apple_news_cover_embedwebvideo_url":"","apple_news_is_hidden":"","apple_news_is_paid":"","apple_news_is_preview":"","apple_news_is_sponsored":"","apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":[],"apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[3],"tags":[],"topic":[613],"class_list":["post-21730","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-interface","topic-cybersecurity"],"acf":[],"apple_news_notices":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.6 (Yoast SEO v26.6) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Ransomware in 2024: Prioritising tried and tested recovery - Interface<\/title>\n<meta name=\"description\" content=\"Dan Lattimer, Area VP UK&amp;I at Semperis, breaks down the industry\u2019s best route to recovery in the wake of a ransomware attack.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ransomware in 2024: Prioritising tried and tested recovery\" \/>\n<meta property=\"og:description\" content=\"Dan Lattimer, Area VP UK&amp;I at Semperis, breaks down the industry\u2019s best route to recovery in the wake of a ransomware attack.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/\" \/>\n<meta property=\"og:site_name\" content=\"Interface\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-07T11:41:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-07T11:41:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/10\/iStock-1364583876.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1095\" \/>\n\t<meta property=\"og:image:height\" content=\"958\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dan Brightmore\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dan Brightmore\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/\",\"url\":\"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/\",\"name\":\"Ransomware in 2024: Prioritising tried and tested recovery - Interface\",\"isPartOf\":{\"@id\":\"https:\/\/interface.media\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/10\/iStock-1364583876.jpg\",\"datePublished\":\"2024-10-07T11:41:29+00:00\",\"dateModified\":\"2024-10-07T11:41:36+00:00\",\"author\":{\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748\"},\"description\":\"Dan Lattimer, Area VP UK&I at Semperis, breaks down the industry\u2019s best route to recovery in the wake of a ransomware attack.\",\"breadcrumb\":{\"@id\":\"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/#primaryimage\",\"url\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/10\/iStock-1364583876.jpg\",\"contentUrl\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/10\/iStock-1364583876.jpg\",\"width\":1095,\"height\":958,\"caption\":\"Generative design artwork graphics of bizarre computer vector generated shapes and abstract geometric design elements, useful for web background, poster fine arts, front page covers and digital prints\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/interface.media\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ransomware in 2024: Prioritising tried and tested recovery\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/interface.media\/#website\",\"url\":\"https:\/\/interface.media\/\",\"name\":\"Interface\",\"description\":\"Delivering World Class Content \u201cFrom Executive, For Executive\u201c\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/interface.media\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748\",\"name\":\"Dan Brightmore\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g\",\"caption\":\"Dan Brightmore\"},\"url\":\"https:\/\/interface.media\/blog\/author\/dbrightmore\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Ransomware in 2024: Prioritising tried and tested recovery - Interface","description":"Dan Lattimer, Area VP UK&I at Semperis, breaks down the industry\u2019s best route to recovery in the wake of a ransomware attack.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_GB","og_type":"article","og_title":"Ransomware in 2024: Prioritising tried and tested recovery","og_description":"Dan Lattimer, Area VP UK&I at Semperis, breaks down the industry\u2019s best route to recovery in the wake of a ransomware attack.","og_url":"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/","og_site_name":"Interface","article_published_time":"2024-10-07T11:41:29+00:00","article_modified_time":"2024-10-07T11:41:36+00:00","og_image":[{"width":1095,"height":958,"url":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/10\/iStock-1364583876.jpg","type":"image\/jpeg"}],"author":"Dan Brightmore","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Dan Brightmore","Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/","url":"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/","name":"Ransomware in 2024: Prioritising tried and tested recovery - Interface","isPartOf":{"@id":"https:\/\/interface.media\/#website"},"primaryImageOfPage":{"@id":"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/#primaryimage"},"image":{"@id":"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/#primaryimage"},"thumbnailUrl":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/10\/iStock-1364583876.jpg","datePublished":"2024-10-07T11:41:29+00:00","dateModified":"2024-10-07T11:41:36+00:00","author":{"@id":"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748"},"description":"Dan Lattimer, Area VP UK&I at Semperis, breaks down the industry\u2019s best route to recovery in the wake of a ransomware attack.","breadcrumb":{"@id":"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/#primaryimage","url":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/10\/iStock-1364583876.jpg","contentUrl":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2024\/10\/iStock-1364583876.jpg","width":1095,"height":958,"caption":"Generative design artwork graphics of bizarre computer vector generated shapes and abstract geometric design elements, useful for web background, poster fine arts, front page covers and digital prints"},{"@type":"BreadcrumbList","@id":"https:\/\/interface.media\/blog\/2024\/10\/07\/ransomware-in-2024-prioritising-tried-and-tested-recovery\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/interface.media\/"},{"@type":"ListItem","position":2,"name":"Ransomware in 2024: Prioritising tried and tested recovery"}]},{"@type":"WebSite","@id":"https:\/\/interface.media\/#website","url":"https:\/\/interface.media\/","name":"Interface","description":"Delivering World Class Content \u201cFrom Executive, For Executive\u201c","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/interface.media\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748","name":"Dan Brightmore","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/interface.media\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g","caption":"Dan Brightmore"},"url":"https:\/\/interface.media\/blog\/author\/dbrightmore\/"}]}},"_links":{"self":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/21730","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/users\/480"}],"replies":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/comments?post=21730"}],"version-history":[{"count":1,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/21730\/revisions"}],"predecessor-version":[{"id":21734,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/21730\/revisions\/21734"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/media\/21731"}],"wp:attachment":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/media?parent=21730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/categories?post=21730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/tags?post=21730"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/topic?post=21730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}