The vicious cycle that makes ransomware such a potent threat

Zero-day attack
(Image credit:

The threat posed by ransomware has grown ever more acute in recent years, as cybercriminals adapt their approach to manoeuvre around protections put in place by businesses.

First, the emergence of double extortion attacks (whereby criminals exfiltrate as well as encrypt data) meant businesses could no longer rely on extensive backups for recovery. And now, hackers are beginning to adopt triple extortion techniques, adding DDoS attacks to their arsenal.

The rise of the cyber insurance market has offered a way for businesses to mitigate the financial risk of ransomware, but also incentivizes further attacks by increasing the likelihood of a payout.

To find out about the combination of factors that makes ransomware so effective, as well as the measures businesses can take to minimize risk, TechRadar Pro spoke with Aare Reintam, COO at security firm CybExer Technologies.

What qualities make ransomware such a potent threat?

Ransomware is unfortunately an effective way for malicious actors to finance their criminal activities. The sums generated by successful attacks exceed the millions, and hackers create a vicious cycle of criminal behavior whereby large payouts allow them to spend more time and money developing their approach.

Paying ransom is feeding new cybercrime and inflating the incentive to launch more and more attacks. This is what keeps the wheel spinning, and the threat is growing since almost every business is functioning in some digital capacity, making them vulnerable.

Why have we seen an influx in attacks over the past year or so?

Covid-19 has led to an unavoidable yet staggering reliance on online systems due to the sharp rise in employees working remotely. In turn, there has been a greater number of impactful attacks that have influenced the functioning of industry, critical infrastructure, public health systems, and which have also affected the end-users.

We’ve seen cybercrime increase among some of the most vulnerable sectors including public health systems and hospitals too, which has sparked the interest of the media and raised awareness among the general public. The relative success of cyber criminals in the last five years has inspired malicious actors to find new ways to exploit weak environments and try even harder.

Yet we must also understand that defense is also improving to counteract the growing intensity of new threats.

How can businesses balance the need to shield against ransomware with the need to maximize staff productivity?

Creating a system of backups and contingency measures is at the heart of maximizing staff productivity whilst ensuring that companies are shielded against ransomware. In addition, company IT systems must be differentiated and prioritized. Core-systems have to be protected more heavily. A company’s cyber security strategy must determine where the crown jewels and secondary systems lie and adjudicate cyber spending accordingly.

In what ways have ransomware strategies evolved in recent years?

Cybercriminals and government-supported teams have evolved their tactics and methods for knowing how to successfully claim ransom from their victims. Ransomware has evolved drastically – from regular ransomware to Ransomware 2.0, and now what we call ‘Triple Extortion’. Triple extortion occurs after the data is breached and encrypted - hackers then manipulate a company’s data to wreak havoc on the business.

We can’t forget the impact of the pandemic too, since businesses were forced to digitally transform in record time – yet they have had to maintain the same level of business accessibility and quality to staff and clients, thus increasing the possible angles of attack. And since businesses want to keep their services up and cash flow coming in, they are willing to pay the ransom if it means they can continue with ‘business as usual’.

What's your take on the debate around cyber insurance?

Obviously, there is a market for products like this. If insurance companies push potential cyber clients into carrying out IT security audits as a prerequisite, then it makes the systems more resilient - so there are positives. But at the same time, companies still have to keep their personnel and systems up to date. Insurance should never be an excuse for complacency when it comes to preparing for cyber threats.

In what ways might the transition to hybrid working affect the ability to shield against ransomware?

Hybrid working is certainly creating new opportunities for cyber criminals. People are often working using connections that are unsafe and easy to monitor, creating a general situation where cyber hygiene is still weak. We advise companies to “vaccinate” their employees against cyber threats by improving their cyber hygiene knowledge. There are good free tools, but we also recommend contacting specialists who deal with cyber hygiene training.

● Which new techniques and emerging technologies might play a role in shielding against ransomware?

It is about constantly keeping your cyber security personnel and IT teams up to date and trained.

Cyber Ranges are a great option for giving employees hands-on experience in how to tackle cyber attacks - they’ve historically been deployed in the military domain, but this has shifted dramatically, where the demand for this technology has increased across the board in the business sector. The tech allows your teams to simulate an attack and respond in real time - something we haven’t had the chance to do in the past. It also gives IT teams more perspective by allowing them to look at their systems from the outside in, as cyber criminals do.

In my opinion, all Fortune 1000 companies (as the bare minimum) should be using cyber ranges to train their staff, proactively ensuring they are prepared for upcoming threats.

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.