The rising tide of ransomware – Essential strategies for cyber resilience, response and preparedness

As emerging technologies, such as AI, robotics and machine learning continue to shape our world, there has been a rise in cybersecurity threats, including malware attacks, data breaches and data exfiltration. Ransomware has emerged as a particularly significant risk to businesses. 

According to a recent report, 59 percent of organisations (surveyed across 14 countries in the Americas, EMEA, and Asia Pacific) were hit by a ransomware attack, resulting in the encryption of almost 70 percent of their data.  The report further highlights that almost 60–70 percent of these organisations opted to pay ransom due to the absence of viable back-ups to secure their data and maintain business continuity. While paying ransom may seem a quick solution to regain access to encrypted data, its risks and long-term implications usually outweigh its benefits. 

Strengthening cybersecurity through proactive measures

The emergence of Ransomware as a Service (RaaS) has inadvertently created new vulnerabilities for organisations by simplifying the attack process. Unlike traditional methods requiring advanced skills, these platforms allow individuals with minimal technical expertise to quickly launch malware/ransomware attacks.

RaaS providers offer ready-made infrastructure, payment processing and support in exchange for a ransom. As a result, attackers now target conventional endpoints, such as desktops and servers and Internet of Things (IoT) devices, cloud infrastructure and mobile devices. This shift underscores the need for strong cybersecurity measures and thorough readiness assessments. Proactive measures, such as Ransomware Readiness Assessment (RRA), simulation and table-top exercises, are essential to counter these threats.

Simulations and table-top exercises address risks such as phishing, ransomware and malware and strengthen an organisation’s cyber defences. These proactive measures enable organisations to enhance their preparedness by testing response plans, identifying systemic weaknesses, training people, improving coordination within teams and building confidence in their capabilities. These exercises engage key stakeholders, including the CISO, CTO, CRO, CFO, IT, legal counsel, information security, public relations and HR teams, ensuring they are prepared to effectively respond to cyber incidents.

Ransomware preparedness guide

These simulations assist an organisation in numerous ways:

•    Preparedness: It entails identifying and uncovering answers to various questions, such as:
  o    How well is an organisation prepared to combat cyberattacks?
  o    Does the organisation have available data/logs for further forensic investigation?
  o    Can the organisation’s Security Operations Centre (SOC) team effectively detect ransomware, equivalent attacks or any other incident?
• Communication: Efficient team coordination is crucial to manage a cyber incident. These exercises promote better communication and collaboration across diverse teams and essential stakeholders. They also help emphasise streamlining incident reporting (internally to management, employees, etc. and/or externally to CERT-IN, industry regulators, law enforcement agencies, insurance agencies, vendors, customers, PR agencies, etc.), documentation procedures and escalation protocols.
• Gap identification: These exercises help identify weaknesses or gaps in an organisation’s cybersecurity capabilities (detect, respond and protect). The lessons learned can then be used to strengthen cybersecurity.
• Training and awareness: This exercise helps assess how well employees are trained to respond to and report a cyber incident. It increases awareness of the steps and decisions necessary during a ransomware attack, helping them react promptly and appropriately. 

Simulations and table-top exercises, akin to organisational wargames, are conducted in a day or less to help organisations prepare for possible scenarios. With high stakes involved, businesses rapidly recognise the critical importance of preparedness in responding to cyberattacks. 

More organisations are adopting proactive measures, such as RRA and incident response preparedness to counter the escalating threat of cyberattacks. These assessments comprehensively evaluate an organisation’s cybersecurity posture, incident response protocols, backup and resilience procedures, policies and training. 

A recurring issue identified during our readiness assessment reviews is ttblehe inadequate retention of critical logs to defend against Distributed Denial of Service (DDoS) attacks and differentiate between bots and legitimate users. Whether these logs were not retained at all, partially retained, or kept for a limited time, this deficiency creates significant challenges in pinpointing the root cause during a cyber incident. Addressing this issue promptly can significantly enhance an organisation’s cyber response capabilities.

Readiness assessments cover multiple aspects, including how ransomware infiltrates, operates and laterally propagates within an organisation. We collaborate closely with organisations to assess each infrastructure module to prevent ransomware infiltration, execution and propagation. Should ransomware breach the network, these assessments also aid in devising strategies for backup and resilience. Aligning with frameworks such as the National Institute of Standards and Technology (NIST) and ISO 27001, these assessments incorporate the five core elements of incident response, i.e., identification, detection, prevention, protection and recovery.

Conclusion

Organisations must prioritise preparedness, readiness and simulations to effectively combat ransomware and enhance cyber defences. Investing in assessment tools is key to safeguarding business continuity, enabling forensic investigations, maintaining customer trust and mitigating financial risks in the ransomware threat landscape.

While proactive measures ensure critical operations continue or are swiftly restored, cyber resilience assessments specifically focus on rapid recovery during a cyber incident to minimise disruption. Organisations that can adopt a strategy that integrates preventive (including AI-driven predictive measures), detective and corrective controls can bolster cyber resilience and overall business continuity. 

However, ransomware preparedness alone is not sufficient. To achieve true cyber resilience, businesses must integrate comprehensive business continuity, technology recovery and cyber crisis management plans.

Authored by Sachin Yadav – Partner, Forensic & Financial Crime, Deloitte India; Shailesh Kand – Director, Forensic & Financial Crime, Deloitte India; and Nachiketa Sharma – Manager, Forensic & Financial Crime, Deloitte India