Can you predict ransomware attacks before they happen?

“Cyber is the most dangerous weapon in the world” – Jamie Dimon, CEO, JPMorgan Chase & Co.
With that fair warning since late December 2021, the JPMorgan International Council has urged public and private sectors to step up their cybersecurity efforts. Cyberattacks–especially ones that are ransom-related–are a dangerous threat and pose a critical challenge to organisations, the economy, and national security across the world.
In the past year, the likes of Acer and the National Basketball Association (NBA), among various reputed entities have experienced repercussions of ransomware attacks. The banking sector alone experienced a 1,318 per cent year-on-year increase in ransomware attacks in the first half of 2021, according to Trend Micro. The question to ask is: Why has there been such a sharp spike in the number and the sophication of ransomware attacks?
The tools to execute a ransomware attack cost as little as $40 and the demands reach new heights each passing day. In fact, as per the World Economic Forum, till 2020 an average ransom demand per incident had a touchpoint of $170,000.
As businesses continue to adopt digital technologies for business continuity, unfortunately, security hasn’t kept pace resulting in increased exposure. The end result is an increased probability of data and confidential information being held hostage for ransom.
How has ransomware evolved?
Along with digital transformation, the arrival of cryptocurrency proved to be a bridge for untraceable payment methods which paved the way to attack and threaten businesses with minimum risk involved. Since 2011, the dynamics have changed from ‘if’ a business could be breached to ‘when’ a business will be breached.

As vendor networks become more widespread as a result of increased interdependence, ‘buffalo jumping’ or ‘one-to-many’ type of cyber attacks are becoming more commonplace. We have already seen this happen with SolarWinds, Nobelium, and Kaseya. attacking organisations with deeper pockets and wider networks, adversaries are maximising their financial gain without increasing effort. This may take the form of–but is not limited– to phishing or third-party attacks. The common thread in both is the lack of awareness among the organisation’s workforce. According to IBM’s X-Force Threat Intelligence Index 2022, phishing operations contributed a significant 41 per cent to running ransomware attacks.
But all that ransom does not equate to retrieval
Ransomware attacks have also evolved. Now, customers are being informed of data breaches the ransomware gangs themselves – increasing the pressure on companies to pay off the ransom to get control of the data. However, trends show that adversaries aim to destroy the stolen credentials instead of returning them to the business. In such a scenario, businesses are tempted to pay the ransom – but despite paying it, 92 per cent of organisations got none of their data back, according to The State of Ransomware Study 2020 Sophos.
In fact, businesses lose $1,448,458 when they pay ransom versus $732,520 when they don’t pay it. This is because of the additional costs they have to bear owing to the data breach – 66 per cent of organisations suffer a significant loss of revenue and more than half the businesses indicate a damage to their brand and reputation.

This is in addition to loss of employees at the C-level and a brief halt in business functions. The government also does not condone paying ransom to adversaries. For instance, The Office of Foreign Assets Control (OFAC) in the US mandates that if a business makes a ransomware payment (even in cryptocurrency) to one of the ‘controlled countries’ or a known threat actor, they will have to pay penalties amounting to $300,000 per event or double the amount paid as ransom, whichever is higher.
A stitch in time
Ransomware or any other cyberattack is possible because the current cybersecurity landscape is fundamentally flawed. The present approach is siloed, reactive, and does not speak the language of business.
At a time of shortage in everything – talent, time, and budget – a prudent investment journey is imperative for scalable growth of a cybersecurity programme. While improving cyber risk posture increasing coverage under cyber insurance and investing in more (or better) cybersecurity tools and services are both good practices, business leaders need to understand the return on investment. Individual security tools such as anti-virus, firewalls, malware security, and others operate well in their own domain but may overlook important alerts from other interrelated services.
Businesses that are initiating or augmenting their journey towards proactive cybersecurity are already collecting the data they require. What they need to do now is parse the information through sound data science-backed algorithms to measure their as-is cyber risk posture and map it against their to-be risk posture. With this knowledge, businesses can identify the biggest threats, prioritise their mitigation and therefore, reduce the likelihood of ransomware attacks.
Gartner’s Trends of 2022 highlights ‘Cybersecurity Mesh’ as an upcoming trend impacting the cyberscape. Within the mesh, the security products’ consolidation drives the integration of security architecture components. Therefore, a unified and real-time, ML-enabled risk assessment platform to quantify the cyber risk posture across all vectors – people, processes, and technology for first and third-party – becomes a reality.
I truly believe cybersecurity is more a matter of perspective than anything else. We have the resources at our disposal, all we need to do is align in our approach of reverse engineering to predict the potential of attack, and it will act as the north star to a much safer and secure cyberscape.
Saket Modi is Co-founder and Chief Executive Officer at Safe Security