Blog

Get news about our products, which events we are attending plus industry insights and commentary

New Lloyds Report outlines the impacts of a global ransomware attack

Written by Telesoft Engineer on Friday, 01 February 2019. Posted in Cyber

The report explores and analyses the risks, costs and damage that would be caused by a coordinated global ransomware attack. The scenario outlined predicts that from the time the attack is launched it would encrypt all data on nearly 30 million devices worldwide. Companies of all sizes and in all sectors would be forced to pay a ransom to decrypt their data or to replace their infected devices. The report estimates a cyber-attack of this scale could cost $193bn and affect more than 600,000 businesses worldwide.

When considering the scenario described, essentially a global malware infection aka Bashe attack much like the recent WannaCry ransomware attack but scaled up significantly, I looked at it from both an organisational viewpoint and an attackers. As an attacker you need a global and agile delivery platform of your malware that's resilient to attack/disruption itself (aka highly-available). These are the same set of high level requirements that large organisations have to meet their own commercial imperative.

As companies like Microsoft Azure report record revenues, overall commercial cloud revenue grew 48% year-over-year to $9.0 billion, highlighting how important cloud adoption has become at an enterprise level. This trend has not gone unnoticed by adversaries who have begun to take advantage, using highly-resilient cloud services (Pastebin and Google Drive etc.) to deliver malware-as-a-service, showing that the report highlighted scenario isn't futuristic - it's fast becoming a reality.

This means that enterprise must be more highly resilient, in terms of organisational and security operations tools, policies and personnel who must be empowered to be more agile and responsive than an attacker. A very tricky task - especially when you consider that the attacker is able to learn and tune their attacks continually and see SecOps tool and policy trend changes/evolutions - effectively threat defence intelligence.

In order to level the playing field in this new cloud based threat landscape and increase cyber threat visibility, enterprise must factor in these three key components in to their cyber security strategy:

  • Latest threat intelligence from reliable cyber threat intelligence companies that they are able to action.
  • Robust business continuity and risk management plans and policies.
  • Agile and responsive SecOps and business operation tools such as flow monitoring tools, next gen IDS systems and multi-layered threat detection platforms.

Companies must ensure they are better prepared for ransomware attacks, by utilising these three components SecOps teams will dramatically reduce vulnerability and an organisations attractiveness to attackers. This needs to happen across the board, at every level, in every vertical, as the global economy becomes more interconnected and reliant on technology.

Talk to Telesoft about securing your infrastructure against attacks at carrier scale...learn more

About the Author

Telesoft Engineer

Telesoft Engineer

The Engineers here at Telesoft are tackling the most challenging issues facing the Cyber and Telecom industries, working on problems that no one is even thinking about yet. 

The 'Tech Talk' blog has been created to give our Research and Development, Hardware and Software Engineering Teams a voice, creating posts that detail what technologies and techniques we are using to create our cutting edge products. So expect lots of interesting and varied subject matters.  

Created by Engineers, for Engineers.

Information cookies

Cookies are short reports that are sent and stored on the hard drive of the user's computer through your browser when it connects to a web. Cookies can be used to collect and store user data while connected to provide you the requested services and sometimes tend not to keep. Cookies can be themselves or others.

There are several types of cookies:

  • Technical cookies that facilitate user navigation and use of the various options or services offered by the web as identify the session, allow access to certain areas, facilitate orders, purchases, filling out forms, registration, security, facilitating functionalities (videos, social networks, etc..).
  • Customization cookies that allow users to access services according to their preferences (language, browser, configuration, etc..).
  • Analytical cookies which allow anonymous analysis of the behavior of web users and allow to measure user activity and develop navigation profiles in order to improve the websites.

So when you access our website, in compliance with Article 22 of Law 34/2002 of the Information Society Services, in the analytical cookies treatment, we have requested your consent to their use. All of this is to improve our services. We use Google Analytics to collect anonymous statistical information such as the number of visitors to our site. Cookies added by Google Analytics are governed by the privacy policies of Google Analytics. If you want you can disable cookies from Google Analytics.

However, please note that you can enable or disable cookies by following the instructions of your browser.