- Your Roku TV just got 5 useful updates for free - including a Roku City shortcut
- Why I recommend this $250 smartwatch to most people - and it's not a Samsung or Google
- This Ecovacs robot vacuum and mop is a sleeper hit, and it handles carpeting like a champ
- I tested DJI's latest flagship drone, and it's straight from the future (with one caveat)
- INE Security Alert: Top 5 Takeaways from RSAC 2025
The Co-Op, M&S, Harrods… You? Mitigating the Risk of Ransomware – IT Governance Blog
The recent DragonForce cyber attacks on the Co-Op, Marks & Spencer and Harrods show the threat of ransomware is as prevalent as ever – and, despite warnings from the attackers that they’re “putting UK retailers on the Blacklist”, it’s obviously not just the retail sector that needs to be concerned. For all organisations, it can be disastrous when systems are encrypted and data is exfiltrated.
According to Sophos’s State of Ransomware report for 2024, 59% of organisations were hit by ransomware attacks last year. So what can you do to counter the risk?
Ransomware as a service
Ransomware is, of course, nothing new. In fact, since the RaaS (ransomware-as-a-service) model – which commodified ransomware tools for widespread use – gained traction in 2020, unskilled cyber criminals have been increasingly using it to execute attacks with minimal effort or technical knowledge.
Worse still, the double-extortion approach used by many RaaS clients continues to increase: a Secureworks report published last October reported that between July 2023 and July 2024, there was a 30% year-on-year increase in ransomware groups encrypting victims’ data and threatening to release it if a ransom wasn’t paid.
How to defend against ransomware
Every authority will tell you that paying ransoms is seldom a good idea. By doing so, you confirm that you’re a viable target and encourage further attacks, plus you might not even regain access to your data anyway.
However, it’s easy to understand why some victims might feel it’s their only option, especially if they were unprepared for an attack and its effects.
So, to avoid being put in the difficult position of having to justify acceding to your attackers’ demands, what should you do to prepare your organisation?
Ransomware attackers rely on the simple fact that you need your data in order to work.
If you lose access to your data, you need to know that you have a recent, uninfected backup copy securely stored, either on a local device that’s isolated from your (infected) network, or in the Cloud.
- Test for vulnerabilities and keep your technical security measures up to date
According to Sophos, more ransomware attacks started with an unpatched security vulnerability than any other cause (32%) – and these attacks resulted in considerably more damage and disruption than those that started by other means.
A programme of regular penetration testing will identify and test the extent of new security vulnerabilities as well as old ones that have been reintroduced into your systems, for instance as part of network changes.
Ensuring your software is kept up to date with the latest patches will close known security vulnerabilities, and deploying anti-malware and antivirus solutions will identify the latest threats.
Most ransomware – like other types of malware – is delivered via phishing attacks.
Training your staff to understand this threat, and know what to look out for and what to do if they fall victim is essential.
- Deploy incident response plans
Finally, if you are unfortunate enough to fall victim to ransomware, you need to identify and respond to the attack as quickly as possible. Robust cyber incident respond management planning will ensure you can get back to business as usual.
IT Governance has a wide range of services to help you secure your organisation. Contact us today to book a free scoping call with our penetration testing experts – and discover your vulnerabilities before attackers do.
