Human-operated ransomware attacks: how resilient are you?

Johannes Dohren Partner, Cybersecurity and Privacy, PwC Switzerland 10 Nov 2020

The number of ransomware actors has grown steadily throughout 2020. Human-operated ransomware is in the skilled hands of adaptable criminals who are driven by the staggering profits derived from high-profile attacks that breach their targets’ network and deploy ransomware to encrypted data, before attempting to extort organisations into paying ransoms. These attacks have significant regulatory and reputational implications and can run daily business operations aground. 

Profitable mass-scale techniques

In many cases, ransomware attackers use simple, automated and mass-scale techniques to access a target’s networks by distributing banking trojans via phishing emails and compromise privileged accounts and systems, using a combination of legitimate administration and security testing tools. Popularity of affiliate programmes lowers the barrier to entry for newcomers who spread through organisations’ IT environments and profitably deploy ransomware at scale.

Unpatched legacy IT creates vulnerability 

Ransomware at scale is possible as most organisations have unpatched legacy IT, widespread IT and Active Directory hygiene issues, out-of-support operating systems, and flagging detection capabilities. Organisations’ legacy operating systems are mostly incompatible with modern security tools and lack the security features to fend off attacks. Vulnerabilities often remain unpatched and allow simple tools to gain access in internal corporate networks. 

Detect your vulnerabilities 

When it comes to ransomware attacks, there are no quick-fixes, as retrofitting modern cyber security controls on IT infrastructure can be costly and challenging, as it means that IT be modernised before it can become securable. Organisations who are yet to grasp and reduce their vulnerability should take steps now, and bring their security teams up to speed with a threat-focused testing approach. 

Remediate and mobilise an effective response

Our practice shows that recovering efforts after an attack are far more strenuous than mobilising an effective response beforehand:

  • develop and exercise a clear incident response and crisis plan,  
  • understand where critical data is, and the regulatory requirements attached to this,
  • ensure that offline backups have been created and validated for all critical systems,
  • build or retain the technical expertise to investigate and respond to the attack. 



How PwC can help

Count on us to rapidly detect and contain incidents before they hit you. Our experienced team can help you manage the growing threat of human-operated ransomware attacks. With our help, organisations across a range of sectors have been able to implement tactical improvements to immediately reduce risk, and build sustainable cyber security capabilities. 

Reach out to us


Contact us

Urs Küderli

Urs Küderli

Partner and Leader Cybersecurity and Privacy, PwC Switzerland

Tel: +41 58 792 42 21

Yan Borboën

Yan Borboën

Partner, Leader Digital Assurance and Cybersecurity & Privacy, PwC Switzerland

Tel: +41 58 792 84 59

Johannes Dohren

Johannes Dohren

Partner, Cybersecurity and Privacy, PwC Switzerland

Tel: +41 58 792 22 20