You never know when ransomware will strike, or where it will hit you from. The only thing we do know for sure is that even the most well-protected organisations can fall – and have fallen – victim, and it can be very expensive to recover.

Seacom said in a release published on its website that South African organisations experienced more than 12 000 ransomware attacks in the first half of 2021. In 2017, the WannaCry ransomware attacks infected over 230 000 computers in one day. The DarkSide ransomware of 2020 that attacked US gas and oil infrastructure cost more than US$20-million to repair. Another business that was infected reportedly paid the $2-million ransom to avoid public scrutiny.

Ransomware is relatively easy for hackers to execute, which is why it’s such a massive global menace. The business impact is also extremely high. Plus, working from home and hybrid work environments have made the problem much more difficult to manage, particularly since security practices can be difficult to apply with a lot of people not always in the office. The traditional security approach to protect the perimeter is no longer effective.

Ransomware gets onto the network through a lot of usual hacker methods, like phishing e-mails. A city council in the UK, for example, has 5 500 employees who, during lockdown, suddenly had to change the way they work. Working from home, without IT on site, and running across a wide number of home networks, introduced huge change to processes and workflows. As a result, the council experienced acutely sharpened exposure to ransomware.

Ransomware is very easy for criminals to execute, and they can even run it under a software-as-a-service model. It’s in the cloud and, just like we all do in our personal and work lives, the hackers can sign up for a subscription-based attack service. After that, the ransomware gets to work and is into the network through many of the usual hacking vectors, including phishing e-mails. Once the payload is activated, it replicates itself across as many devices as it can and gets to work encrypting up to 10 000 files per minute.

Layer defences

Traditional security tries to stop it at the perimeter, like at the firewall, before it even gets to your inbox. But that’s no longer effective. To be safe, you need layer defences to both detect and halt the ransomware if it gets through.

The layered approach doesn’t replace your existing cybersecurity infrastructure. It works hand in glove to detect, isolate and respond at the infected source and keep your files and data safe.

There are four essential elements to protect your business. First, you need to actively monitor files and quickly alert administrators of threats while containing the spread of the infection. Second, you need to respond fast — faster than a human can. Third, implementing backups of only the impacted files ensures rapid restoration of services and business continuity. Fourth, detailed reporting ensures regulatory compliance and continued improvement.

The city council in the UK is a typical example of one of the big challenges organisations face with ransomware today. Many businesses have gone through a rapid digital transformation process that has had anywhere from minor to sweeping impacts on their business processes and workflows. At a more granular level, it has affected the documents that really drive the business at an operational level: invoices, proofs of delivery, and many more operational documents that are now digitalised: business documents, system data, e-mails, and cloud-based documents and data.

The big snag is that, at the heart of digital transformation is collaboration, and that means sharing data and documents, extracting data from documents, feeding it into systems and workflows, and passing that between different people. Protecting it as it shuttles in from paper documents and digital sources then back again, into business systems and between users, is vital.

With all the to’ing and fro’ing of data and documents, digital transformation connects people, data and devices like never before. It is an ideal environment for a parasitic ransomware to infect and abuse. That is why it is the logical beating heart of a business, the data that pumps through the enterprise veins, which must be protected.

As a digital services organisation, Ricoh knows that you want to enable hybrid working, securely automate business processes and implement the cloud. As we help thousands of organisations on their digital transformation journeys, we also have the experience and knowledge to help you bake layered security into the heart of your operations.

About Ricoh
Ricoh is empowering digital workplaces using innovative technologies and services that enable individuals to work smarter from anywhere. With cultivated knowledge and organisational capabilities nurtured over its 85-year history, Ricoh is a leading provider of digital services, information management, and print and imaging solutions designed to support digital transformation and optimise business performance.

Headquartered in Tokyo, Ricoh Group has major operations throughout the world and its products and services now reach customers in approximately 200 countries and regions. In the financial year ended March 2022, Ricoh Group had worldwide sales of approximately US$14.5-billion.

For further information, please visit www.ricoh-europe.com.