Ransomware: the scale of the threat – and how not to pay
Chris Allen, consultant, lecturer and researcher in organised crime, has seen ransomware explode in this year of the pandemic… and has a sustainable answer to avoid payment
The hideous ‘new normal’ phrase that forced itself into our national consciousness during this year’s you-know-what crisis may have come from a public health context but it is equally applicable in the world of ransomware, where attacks on corporate systems have become a depressing reality of modern life.
In July, Blackbaud – a leading cloud software company contracted to manage the data of at least seven UK universities – was subject to a ransomware attack, resulting in staff and students at York, Oxford Brookes, Loughborough, Leeds, London, Reading, University College Oxford and Exeter unable to access files until a ransom had been paid.
A statement from Blackbaud admitted that the cybercriminal removed a copy of a subset of data from their system, prior to being locked out, adding that they’d not accessed any financial information. They added: “Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed.”
For most organisations, Active Directory (AD) is the key to identity and access management, which means it is vital that it stays operational and secure. Unfortunately, AD faces a surplus of risks every single day. Whether from ever-frequent cyber and ransomware attacks or critical misconfigurations, effective AD cybersecurity risk management can be a daunting endeavour.
Join us for this FREE live webinar on 14 June, where we'll discuss the threats and potential risks you face in your AD environment. See for yourself how to measure AD risk using a risk register (5x5) as well as learn ways you can mitigate those risks to ensure true cyber resilience.
Registering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
