How the growing Russian ransomware threat is costing companies dear

As group members were led away in cuffs, FSB officers gathered crypto-wallets containing untold volumes of digital currency such as bitcoin. Others used money-counting machines to tot up dozens of stacks of hundred dollar bills.

The cybercriminals behind REvil had mastered a form of extortion orchestrated by seizing control of company computer systems and demanding payment to unlock them.

When the boss of a company such as KP gets the dreaded ransom note, no matter what time of day, their next call might well be to US cybersecurity firm Mandiant.

The importance of computer systems to company supply chains, he says, affords enormous power to any hackers who breach their defences.

Hackers, he says, will even hand-hold executives through the process of buying and transferring the cryptocurrency favoured for ransom payments.

Depending on the sophistication of the attack, the damage done by a prolonged shutdown, and whether the likes of Mandiant can fix it, there is sometimes little choice but to pay.

On top of operational disruption, firms risk regulatory fines if data is leaked, as well as huge damage to their reputations.

Many now have cyber insurance that offers them the option of letting the insurer pick up the tab, albeit while fuelling criticism for potentially fuelling future attacks.

Ransomware attacks are on the rise. There were 1,396 in 2020, according to Ransom-DB, which tracks such incidents. The number nearly doubled to 2,699 in 2021, with about 35-40% of cases ending in a ransom payment.

The likelihood, Ransom-DB says, is that many more go unreported. In the UK, the body responsible for stemming the tide is the National Cyber Security Centre (NCSC).

Some have proposed banning companies from paying ransoms, in theory removing the incentive for such attacks. This, warns Fairford, may just result in companies failing to report attacks or simply going out of business.

The challenges for those trying to stem the tide are manifold. Gangs are anonymous, rebranding, and relocating as quickly as the authorities can find them.

The only solution, experts agree, is for firms to take every precaution to defend against some of the most well-known weaknesses that ransomware gangs exploit, often via individual staff members.

These include targeting computers used remotely by staff, a growing trend as the pandemic led to more people working from home.