Skip to main content Skip to footer
Security

Ransomware response and recovery

May 5, 2021

RESEARCH REPORT

In brief

  • Established ransomware operators are upping their game, focusing on new monetization opportunities.
  • Operators keep innovating, customizing ransom demands and constantly improving their ability to disrupt.
  • Organizations need to strengthen defenses across people, processes and technology.
  • Security leaders must act fast and demonstrate why security is critical to business resilience.

Be ransomware resilient—fast

Impacts vary but, in many cases, ransomware disrupts businesses for significant periods—or even forces them to suspend operations or close. A growing population of highly capable cyber extortionists is developing new means to counter defenses and to increase the level of disruption they can inflict, constantly. Threats are widespread, they extend across industry and the public/private sector and they affect large and small businesses alike.

Security leaders must understand and counter new ransomware challenges, strengthen defenses across people, processes and technology and demonstrate why security is critical to the business strategy.

Ransomware Response and Recovery

View Transcript

160%

year-on-year increase in ransomware events in 2020—with little sign of any slow-down in early 2021 Source: CIFR intrusion data

US$34M

ransom demanded from one of the world’s largest manufacturers—encrypted 1,200 servers, theft of 100GB of data, deleted 20 to 30TB back-ups. Source: Bleeping Computer

US$50M

The Accenture Cyber Investigations, Forensics & Response (CIFR) team observed ransom demands ranging from US$100,000 to US$50M in 2020. Source: CIFR intrusion data

Today’s top three ransomware defense challenges

  1. Successful ransomware extortionists are ramping up attacks
    Established ransomware operators are upping their game as they continue to focus on new monetization opportunities and see no limits to the potential profits.

  3. Ransomware operators are constantly improving their ability to disrupt
    Cyber extortionists are incentivized to develop ever-more disruptive ways of working. The more disruption they can inflict, the larger the ransom they can demand.

  5. Business growth and service strategies lack resilience
    Downtime from ransomware can affect tens of millions of people. The theft and publication of data gives attackers new extortion opportunities—such as the risk of regulatory sanctions if protected information is made available online.

Ransom demands are growing and becoming more customized—with threat actors assessing who is more likely to pay. If ransoms are paid, it can open the door to further criminality. Some ransomware operators have been sanctioned, potentially placing a ransom-paying victim in further legal jeopardy.

Protecting against ransomware

What can you do now?

Focus on the basics

 Keep security hygiene up to standard.

Prevent and protect

Continuously validate and test your defenses.

Know your operations

Model the threat against your operations and end-to-end value chain.

Make it personal

Collaborate and prepare so everyone knows how to work together during an event.

Prepare, prepare and prepare again

Constantly measure and improve resilience or adjust your course.

Ransomware solutions if you’ve been hit

What can you do next, now that you’ve been hit?

Trace the attack

Build a comprehensive understanding of the intrusion and impact.

Collaborate and report

Ensure statutory obligations are fulfilled and collaborate with others.

Learn from the experience

Identify metrics and resources to meet the C-suite's expectations for cyber resilience.

Update risk mitigation plans

Evaluate current and residual risk and apply a risk mitigation strategy.

Strengthen defense posture

Get tactical; drive behavioral changes to strengthen cybersecurity defenses.

Is your ransomware defense strategy ready?

Being resilient means robust processes, training and coordination across the business. Here are some questions you can ask yourself to find the best way forward to mitigate ransomware risk:

  • What are the most critical systems and data in your operations?
  • What plans do you have in place (eg, business continuity, disaster recovery)?
  • What is your media strategy in the event of a crisis?

  • How often do you pressure-test and exercise your plans?
  • How quickly could you respond to and recover from a ransomware threat?
  • How would you handle a full domain compromise?

  • Who are your decision-makers during a crisis?
  • Who is responsible for negotiating or reviewing your extortion policy?
  • Who handles incident response?
Mark Raeburn

Managing Director – Accenture Security, Global Cyber Investigation, Forensics & Response Lead

Jacky Fox

Senior Managing Director – Accenture Security, Europe Lead

Ryan Leininger

SENIOR MANAGER – ACCENTURE SECURITY

Related capabilities

Cyber resilience

Helping clients achieve a resilient cyber defense posture to continue operating their businesses regardless of the cyber threats they face.

Cloud security

Working with an ecosystem of partners to accelerate public cloud resilience for fast, scalable, proactive and cost-effective cloud security.
Visit our Subscription and Preference Center
Subscribe