Blogs & Opinions 22.02.2024

Ransomware: The Myth of Sophistication

Sometimes it’s the simple things that can have the biggest impact on cybersecurity posture

Protecting your organisation from ransomware might be less about exciting new AI tools and more about boring auditing methods, finds Roman Faithfull

Cybersecurity and cybercrime are in an arms race: as hackers become more sophisticated, tools and security teams must react in kind. They must keep up with the newest attacks, understand the latest methods, and constantly evolve to ensure they don’t fall victim to ransomware.

Or do they? Marketing efforts have successfully convinced us that we need constant vigilance and the latest tech to stay one step ahead. But let’s be real: most successful ransomware attacks are not sophisticated. Instead, they rely on dumb mistakes and dumb luck.

Mundane yet effective auditing methods are often more effective than alluring new tools (and the accompanying enthusiastic marketing) safeguarding against ransomware attacks. However, it’s important to recognise the value that intel can bring to the table.

The root cause is in the details

There’s a misconception that constant vigilance of new threats is the only means to stay ahead of cyber criminals. Almost a decade ago, a hacker demonstrated how to clone a fingerprint from a photograph to fool Touch ID or a similar technology. Is it possible? Yes. But ask yourself, is it likely?

“A hacker demonstrated how to clone a fingerprint from a photograph to fool Touch ID or a similar technology. Is it possible? Yes. But ask yourself, is it likely?”

The reality is that most successful attacks result from common vulnerabilities such as weak passwords, a lack of multi-factor authentication (MFA) protections, or unpatched, neglected infrastructure rather than hyper-sophisticated attack types. A recent report from PwC found that many attacks occur through exploiting basic vulnerabilities, demonstrating that attackers often pursue the low-hanging fruit.

Call it poor cyber hygiene or simply neglect; basic vulnerabilities are the primary factor in almost all successful attacks. Therefore, focusing on basic security practices is far more important than looking out for sophisticated attacks. The UK government has laid out the standard auditing regime for companies, including user education and awareness, ensuring everything is securely configured, good network security, and an ongoing monitoring strategy to flag any problems quickly.

This isn’t an exhaustive list, but just some of the basics that need to be in place. Just as a house requires a sturdy foundation to ensure stability, companies must prioritise standard security auditing as the cornerstone of their cybersecurity strategy. Only once this foundation is established is it wise to make the house smarter with the newest tools.

Understanding the enemy

I do not suggest that businesses rely only on auditing to understand and improve their security. But when looking to enhance security, threat intelligence should not be underestimated. Understanding who is targeting a particular business or sector and what tools they use means being able to make informed decisions about additional security measures.

This intelligence is beneficial when attackers use complicated or unusual methods and target unexpected areas of a business. NCSC CEO, Lindy Cameron, has warned that attackers are already starting to develop and use AI, potentially leading to more sophisticated ransomware attacks.

This is not a one-way street. In conjunction with skilled analysts, threat intelligence can also use AI to quickly identify the most important threats and what action can be taken beyond the basics to defend against such threats.

However, it’s important not to overestimate the impact of AI. It will change how both sides attack and defend, but the fundamentals remain the same.The cybersecurity industry is often portrayed as a battleground where only the latest technologies and constant vigilance can safeguard against ransomware threats. But while sophisticated tools and techniques play a role, the root cause of many successful attacks often lies in overlooked vulnerabilities and basic security lapses.

If it is a battleground, it’s one where hoplites and cavalry are still as important as smart missiles. Finding the right balance between advanced technologies and fundamental security measures is the key to creating a shield, with solid intel the best way to identify where else to invest.


As a cyber threat intelligence team lead for Cyjax, Roman brings three years of dedicated expertise in CTI, specialising as a Russian-language analyst. His professional journey encompasses a diverse range of roles, including social media intelligence (SOCMINT), open-source intelligence (OSINT), and human intelligence (HUMINT). His academic foundation is rooted in a Bachelor’s degree from the University of Bristol (Spanish & Russian) graduating with First Class honors in 2018.

Latest articles

Be an insider. Sign up now!