Our site uses cookies to make it work and to help us give you the best possible user experience. By using our site, you agree to our use of cookies. To find out more about cookies and how you can disable them, please read our cookies statement. 

Cookie Settings

You can manage your cookie settings by turning cookies on and off.

Click on the different cookie  headings to find out more about the types of cookies we use on this site and to change your settings. Please be aware that if you choose to turn off  cookies, certain areas of our site may not work and your browsing experience may be impacted.

For further information on how we use cookies, please see our cookies statement. 

Strictly Necessary Cookies


These cookies are essential for the technical operation of and proper functioning of our site  and enable you to register and login, to easily move around our site, and to access secure areas. Without these cookies our site won't function properly.  

These cookies are required

Performance Cookies

Performance cookies allow us to collect aggregated and anonymous data on how our site is used, such as the number of visitors to our site, how you navigate around and the time spent on our site and also to identify any errors in functionality. These cookies also help us to improve the way our site works by ensuring that you can find what you’re looking for easily, to better understand what you are interested in and to measure the effectiveness of the content of our site. 

Marketing Cookies

These cookies allow us to advertise our products to you and allow us to pass this information on to our trusted third parties so that they can advertise our products to you on our behalf. All information these cookies collect is aggregated and therefore anonymous. No personal information is shared to third parties. Any personal information collected while using our website could be used for direct marketing from Dimension Data only.

Ransomware’s reach expands

Mark Thomas

Group CTO Cybersecurity, Dimension Data

Follow on LinkedIn

Explore the latest cybersecurity developments

Discover how the latest security threats are impacting on specific regions and vertical markets.

Get the insights here

Ransomware is a different kind of threat that could have serious implications for organisations. The goal of such an attack is very simple: lock down company data through encryption and demand a ransom to grant access again. It can stop a company’s business operations in its tracks and is unnervingly simple to deploy. Fortunately the threat of ransomware is also reasonably easy to remedy but it starts by being proactive.

Understanding ransomware

Ransomware started making news headlines in 2014. It often targets people sing social engineering methods such as phishing to have them unknowingly deploy a ransomware payload on their machine, usually as an email attachment. The payload then encrypts files on the machine and demands a ransom ─ often asked for in a cryptocurrency such as bitcoin ─ to unlock the files. These demands are usually time-sensitive with a deadline, after which the data is permanently deleted. Paying the ransom is no guarantee, though, that the files will be activated again.

In 2016, this method took on a new dimension. Ransomware would not only infect the first machine, but then look to propagate itself across the network. A single attack becomes a raging infection. Adding to the devastation is the choice of target: adversaries using ransomware often go after companies with highly sensitive business process-relevant information, such as health records or manufacturing data. This raises the odds that the victims will pay.

350% increase in ransomware attacks in 2017

The world saw an explosion in ransomware attacks in 2016, in part because attackers used exploits allegedly stolen from the NSA and released online. The vulnerabilities that these exploits target can be patched, yet from our analysis, ransomware attacks actually rose in 2017, from 1% of malware attacks to 7%, an increase of 350% from the previous year. There’s growing evidence that attackers are also using ransomware to expand their control, downloading additional payloads once an infection is active. But unlike long-term breaches, which might syphon valuable company data over time and be even more devastating, ransomware attacks work best on shock-and-awe tactics: pay the money or lose your data.

350% increase in #ransomware attacks in 2017 according NTT Security’s Global Threat Intelligence Report. @DimensionData shares recommendations on how to fight back. Tweet this

Growing security maturity among certain sectors has tangibly reduced ransomware attacks. Business and professional services used to be the most popular target because they have access to and hold records on many customers (and thus many potential targets). Security investments have reduced their ransomware threat. We found a reduction from 28% in 2016 to 17% in 2017. Adversaries are now focusing on new targets to catch less security-mature companies and countries.

The change has been offset by a heightened focus on casinos and other gaming companies, which now top the list as the most target sectors. These are financially lucrative organisations but they may not have the security pedigree to match. Attackers are also paying more attention to supply chains.

Ransomware is still a serious threat for all sectors and shouldn’t be ignored. Future surges in ransomware attacks are very likely.

Fighting ransomware

There are strategies organisations can follow to reduce their threat profile and risk. It requires investment and executive-level buy-in but it can be accomplished. The financial services industry (FSI) has demonstrated as much.

In 2016 FSI companies ranked very high for ransomware attacks. This forced a flurry of security-related upgrades and investments ─ and in 2017 FSI wasn’t even in the top five of most-attacked sectors. Their strategies included three vital components: people, patches, and backups.

Let’s start with the last point: backups are a natural remedy to ransomware, as the data that’s been compromised is available elsewhere. FSI companies adhere to compliance dictating backup and recovery, which has greatly reduced the reward for successful attacks. This still causes a disruption to operations but it leaves a bad taste in the mouths of adversaries, who prefer maximum reward for the effort. At this stage many FSI companies can even respond internally to a ransomware breach. So a good data backup/recovery strategy is critical.

Patches are just as crucial: many ransomware attacks exploit known flaws in operating systems. Yet patching can be challenging to implement. This depends on the sector and company but suffice to say it’s not always practical to take down systems and patch, as this can interrupt business operations. Yet on the other hand it’s crucial, so a risk-based patch strategy must be in place. Even in 2017, after the attack methods became known, many companies were still caught unaware. A healthy patching strategy is a critical element of a mature security culture.

Cyber awareness culture critical

Finally, people may be the weakest link in implementing strategies to combat ransomware. Attackers are skilled at duping people into malicious actions. They could chance it by hitting various people or finely hone an attack to focus on a specific individual. A vigilant workforce is invaluable to security. Humans are the best at spotting curious activities and reporting them. Cloud technologies are helping here ─ for example, an attachment could be detonated in an online sandbox to test for any red flags.

The people element includes the executive: it’s important for them to know that ransomware goes straight for the business’ throat. It will target and compromise the very process-related data and workloads that executives and departments need to execute their mandates. Security in general is a business problem but ransomware brings this home acutely.

More and more companies are using simulated attacks to test their employees’ actions, giving additional training to those who don’t spot threats. Even experienced security operators have been caught out by clever cyber subterfuge: failing such a test is not a mark but a victory. It helps get the workforce one step closer to being the vanguard of the company’s frontline. Adequate investment in endpoint security also bolsters this area but is not a substitute for cyber aware employees.

A single #ransomware attack becomes a raging infection. @DimensionData explains how to create a predictive cybersecurity posture to protect your organisation. Tweet this

Prevention or cure?

There’s another choice: pay the ransom. Some companies even stockpile cryptocurrencies such as bitcoin for this purpose. But this should be avoided: there’s no guarantee that the files will be unlocked, plus it enables and encourages attackers to do the same again. In the case of ransomware, prevention is far better than cure ─ because there is no real cure.

The lack of an effective security culture, especially relating to people and endpoints, attracts adversaries. This trend is currently evident in the EMEA region, the only global region where ransomware attacks ranked in the top three malware types. Malware activity is also rising in the APAC region, where endpoint security and user education remain low priorities. But ransomware ─ as with all malware ─ is an evolving threat. It’s simply too easy and rewarding for criminals to ignore.

In summary

Ransomware is one of the easiest ways for adversaries to bring a company to its knees. Without the right precautions, there’s little that can be done to recover compromised data. But it’s very possible to build defences against it: despite a rise in global malware attacks from 1% to 7%, ransomware-related incident response engagements dropped from 22% in 2016 to 5% in 2017. This indicates that companies are improving their capabilities to deal with such threats internally. Here’s how they accomplished it:

  • Assess the threat to the organisation: what would stop the business in its tracks?
  • Ensure sufficient investment in security.
  • Gain the understanding, buy-in, and support of executives.
  • Put a backup/recovery strategy in place.
  • Have a system patching strategy in place.
  • Secure the endpoint.
  • Invest in user education and training.

Threat intelligence alerts!

Gain insight into the latest threats that could impact your organisation. We have insight from 40% of the world's internet traffic

Subscribe here

Related content

How we can help you

Managed security services

We offer consistent services to manage and optimise your security infrastructure.

Read more

Ransomware protection

Predictive cybersecurity protection to help you prevent, detect, and contain ransomware before it’s too late.

Read more

Security advisory services

We formulate processes and policies to help ensure that your business is fully compliant.

Read more

Careers at Dimension Data

Be part of our global team of cybersecurity experts.