Expert warns construction industry on costly ransomware attacks

Shutterstock

By Connor O’Neill, CEO and co-founder of OnSecurity

Just last week, an annual report released by tech giant Microsoft found that the number of ransomware attacks has more than doubled over the last 12 months.

The Digital Defence Report has found that financially motivated cybercrime has increased in the last year and is to remain a “persistent threat” moving forward. The report also found that the number of online scams has risen five-fold in the last two years, with Microsoft now observing around 100,000 scams a day in 2024(1).

According to the Office for National Statistics UK business report, released in September, there were 2.72 million businesses registered in the UK as of March this year(2). Conor O’Neill, CEO and Co-Founder at OnSecurity, the leading penetration testing vendor, explains why these businesses should prioritise this essential security measure.

What is Ransomware?

Ransomware has the very specific purpose of extorting money from a target. It is a type of malicious software (malware) designed to block your access to a computer system or encrypt data on it until a ransom is paid. The attackers typically demand payment, often in cryptocurrency, to unlock the system or provide the decryption key needed to recover the data.

Ransomware typically takes the format of phishing emails, malicious links, infected software downloads or through vulnerabilities in a system. The latest Microsoft report stated that fraudulent emails continued to be the most common way that cybercriminals were able to gain access to user files. However, texts, voice messages and missed software updates were also reported to be a rising issue.

Once ransomware is activated, it can spread rapidly through networks, encrypt files, and sometimes threaten to release sensitive information unless the ransom is paid.

This is also known as ‘single-extortion’ ransomware, where it holds your computer hostage and threatens to delete data unless the demanded money is paid.

Why do businesses need a remediation strategy in the event of a ransomware attack?

All businesses should implement a remediation strategy in the event of a ransomware attack. Not only do the figures show that attacks of this nature are on the rise, and are not going anywhere anytime soon, but, because they can have severe impacts on many areas of your business – from operations and finances to your business’s reputation. A ransomware remediation strategy puts a plan in place so that you can respond quickly and efficiently to minimise damage control and enable a faster recovery.

Businesses should evaluate the areas below in order to begin setting up a remediation strategy:

Data backup and recovery plan

Frequently backing up your critical company data to secure offline storage will ensure it’s retrievable should an attack take place.

Incident response plan

All businesses should create a step-by-step document that details the following: how to detect a ransomware attack, how it can be contained from the individual’s perspective, how the incident can be reported and any guidance on minimising future attacks.

Business continuity plan

Management teams should regularly review their IT systems to ensure that if a ransomware attack takes place, business operations and systems can continue unaffected.

Employee awareness and training

Businesses should introduce cybersecurity training to educate employees on the signs to look out for if they’ve been hit with a ransomware attack. This will also prevent ransomware attacks from escalating and causing more damage to the company.

Cybersecurity firm support

Partnering with a cybersecurity company that can help implement ransomware remediation strategies, and provide useful information that can be shared internally with your team or generally be on hand to support any suspicious activity will aid technical recovery.

What will happen if a business doesn’t have a remediation strategy for a ransomware attack?

Businesses are more at risk from cybersecurity criminals who will exploit vulnerabilities in a company’s online IT systems if preventative measures are not in place. The biggest risk that will impact a business following a ransomware attack is financial loss. This can be from a loss in revenue if the company’s IT system is down for an extended period and they are unable to process online orders, manufacture goods or services or process payments. But, to minimise reputational damage and make the issue ‘go away’ some businesses will resort to paying the ransom.

A report by Onapsis, ERP Security in the Age of AI-Enhanced Ransomware, found that 56% of construction and real estate companies paid the ransom, followed by retail and wholesale (45%), technology (36%) and healthcare (33%)(3). If the ransom is being paid, and companies aren’t investing in a solid remediation strategy, then cybercriminals will continue to attack that company. This report also found that 83% of firms suffered ransomware attacks last year, with 46% facing four or more attacks.

What is the future of ransomware remediation in the age of AI?

The ongoing rise of generative AI, and its potential use by cybercriminals, was flagged in the report – with Microsoft warning that both criminals and nation-states were experimenting with the technology to spread misinformation and attempt to influence people. Companies are expected to face greater challenges as cybercriminals produce more sophisticated and convincing attacks that can be created more efficiently with the assistance of AI.

However, as cybercriminals become more advanced, so do cybersecurity companies who are looking for AI-driven tools and technologies to combat ransomware attacks more efficiently.

It’s important to note that although AI is providing a new perspective to ransom detection, at OnSecurity we lead with a manual-first approach which means that our real testers use real business logic when discovering vulnerabilities. With AI tools and automation, it is quite easy to discover false positives which can waste time and resources.

The future of ransomware remediation in the age of AI is a blend of automation, faster response times, enhanced detection capabilities and smarter, more advanced recovery tools. However, as AI continues to evolve, so will ransomware attacks, making it crucial for businesses to stay ahead of the curve and continue to review and update their remediation strategies.