The British Library, victim of a significant ransomware attack, has braced users for a protracted recovery. The organization estimates several months for initial data analysis alone, while external observers anticipate a year-long recovery timeline.
The attack's impact is compounded by the use of a hypervisor, which hosts multiple critical business applications. Kimberly Goody, head of cyber crime analysis at Mandiant, highlights that "the impact is more significant" in such scenarios, potentially affecting the infrastructure essential for restoration.
In cases where recovery extends over months or years, Goody identifies potential causes. One factor is encrypted backups that hinder restoration efforts, with the acquisition of a decryption key being a time-consuming process. Additionally, organizations should avoid relying solely on a single type of prevention. Goody emphasizes that the thriving underground marketplace enables criminals to test malware against antivirus programs, exploiting vulnerabilities to target organizations with weak defenses.
To mitigate future attacks, investment in cybersecurity staff and tools is crucial. Goody advises organizations to test potential solutions within their specific environments to determine their effectiveness. Given the inevitability of future cyberthreats, preparation is paramount. Ciaran Martin, former head of the UK's National Cyber Security Centre, forecasts that severe cyber-attacks similar to that on the British Library are likely to occur frequently in the coming years.
Despite decreasing ransom demands, cybercrime remains lucrative due to the ease of outsourcing attacks and the emergence of AI-powered opportunities.