Cisco UK & Ireland Blog

Ransomware: A threat that dictates a new approach

July 19, 2016

A question that I’m often asked by friends and colleagues is, “What motivates people to create ransomware?”

The answer, more often than not, is money. $60m is the estimated annual income from ransomware payloads distributed by the group behind the Angler Exploit Kit. This figure is just one of the many that are cited by researchers and represents the primary drivers behind the recent meteoric rise in ransomware campaigns.

Ransomware, as the name suggests, is class of malware that holds victims to ransom by encrypting valuable data files making them inaccessible to the user. Once the files are encrypted, the victim is required to pay a ransom in order to retrieve the keys necessary to restore the files to their usable state. Ransom demands vary from a few hundred pounds to many thousands and in recent times the attackers have stolen ideas from the retail sector in a bid to ensure a prompt ransom payment. This includes offering bulk discounts and reduced ransoms in return for prompt payment!


Ransomware outbreaks have been seen across many industries and the health sector is no exception. Numerous reports have detailed the impact to healthcare establishments across the world and whilst there is no specific inherent vulnerability being exploited, the attackers are exploiting the fact that a successful infection can have significant disruption to the delivery of clinical services. This impact could range from postponed appointments to the closure of entire hospital departments. As the NHS moves towards its goal of being paperless by 2020, the impact of a ransomware outbreak is only going to increase.

Tackling the ransomware threat requires a new approach to security. In the past, such outbreaks would typically result in the purchase and deployment of a piece of point technology with the promise to block the threat from entering the environment. Such focus on a prevent-only strategy though is fundamentally flawed and leads not only to a set of disconnected point-solutions but ignores today’s reality; malware will find its way through such defences.

In response to the ransonmware threat facing the NHS, Cisco has produced a brief paper that outlines some approaches that NHS organisations can take in order to not only reduce the chance of an outbreak occurring, but also to increase resilience if one does occur.

Leave a comment