Ransomware is one of the most prevalent cyber threats businesses face today. Only earlier this year, we saw massive UK retailers like Co-op and Marks and Spencer facing significant disruption from ransomware attacks.
Ransomware has also been evolving over many years. Attackers are always cooking up new variants, refining their tactics, and forming new criminal enterprises. Older, less complex strains often fade away as security defences get smarter and as cyber criminals move on to more effective methods.
One of these historic strains was Rapid Ransomware. This blog explores what Rapid Ransomware is and the key lessons that still apply to businesses today.
What was Rapid Ransomware?
Rapid Ransomware, which emerged around late 2017 and early 2018, was a distinctive variant of ransomware. It was known for its persistent encryption capabilities. Unlike some ransomware that performed a single encryption event, Rapid would remain active on an infected system, continuously encrypting any new files created or added by the user even after the initial attack. This characteristic meant that even if victims attempted to restore data or generate new content, it too could swiftly become encrypted. This led to an ongoing digital hostage situation.
The primary method of infection for Rapid Ransomware was through deceptive spam emails, often part of phishing campaigns. These emails typically contained malicious attachments, such as seemingly harmless Word documents embedded with macros. If a user opened the attachment and enabled the macro, the ransomware would then be downloaded and executed, initiating the encryption process. Encrypted files would typically bear the “.rapid” extension, and ransom notes, often in text files, would be left to instruct victims on how to pay the ransom for decryption.
Individuals and small to medium businesses (SMBs) were particularly susceptible. Users who were less cyber-aware, or those in environments with less robust email security and user training, were more likely to open these deceptive emails and enable the macros that deployed the ransomware. This could lead to significant operational disruption, data loss and financial strain.
Beyond its encryption and persistence, Rapid Ransomware also took steps to hinder recovery efforts. It was known to delete shadow copies of files and disable Windows’ automatic recovery features, thereby complicating data restoration from system backups.
Is Rapid Ransomware still a threat?
You’re unlikely to hear much about “Rapid Ransomware” specifically hitting the headlines these days. The particular variant that first popped up around 2018 isn’t considered a major, active player in the way some of today’s more sophisticated ransomware groups are.
While “Rapid” as a specific variant may no longer be a dominant threat, the core tactics it employed are foundational elements that continue to be refined and utilised in modern ransomware.
Today, the ransomware landscape is dominated by highly organised, professional cyber crime syndicates. These groups, often operating under a “Ransomware-as-a-Service” (RaaS) model. They employ far more advanced tactics, such as double and triple extortion – not just encrypting data but also stealing it to threaten public leaks, and even launching distributed denial-of-service (DDoS) attacks. They specifically target critical infrastructure and large enterprises, continuously innovating their methods for initial access and evading detection. Only recently did this type of ransomware hit the headlines.
So, while you probably won’t be a specific victim of “Rapid Ransomware,” the overall threat from ransomware remains incredibly high and is constantly adapting. The fundamental principles Rapid used, like tricking users with phishing emails, encrypting files, demanding ransom and trying to stay hidden on a system, are still very much in play. Organisations therefore need to maintain robust cyber security practices to defend against the ever-evolving array of modern ransomware threats.
How to protect your business against ransomware
Ransomware can have significant financial, reputational and operational repercussions – so it’s crucial to protect yourself. We’ve listed the top security measures to have in place against any variant of ransomware or attacks similar to Rapid Ransomware.
1. Bolster your defences
The basis of any business should be a strong cyber security baseline, strengthening your digital perimeter and all your devices. Go beyond old-school antivirus with Endpoint Detection and Response (EDR) or Extended Detection and Response (XDR) systems that actively monitor for suspicious activity and can respond automatically.
You should also make sure you have firewalls and intrusion prevention systems in place to block bad traffic, filter content and stop unauthorised access. Remember to keep their rules updated, in line with emerging threat levels and organisational policy.
Next, implement advanced email security gateways to catch phishing attempts and harmful attachments before they ever hit an employee’s inbox. Also, use web content filtering to prevent visits to dangerous sites.
Crucially, enforce Multi-Factor Authentication (MFA) everywhere, including for remote access, cloud services and all privileged accounts. Pair this with strong password policies and stick to a strict, timely schedule for patching all your software and devices, as ransomware loves to exploit known weaknesses.
2. Safeguard your data
Your backups are your ultimate lifeline. Follow the 3-2-1 backup rule: keep at least three copies of your data, use two different types of storage and make sure one copy is off-site and offline (air-gapped).
Look for backup solutions that offer immutability, meaning your data can’t be changed or deleted once it’s saved. Then, regularly test your backups to ensure they work. Keep your backup network completely separate from your main network to prevent ransomware from spreading to your recovery points.
3. Train your team
Your employees are your first line of defence, so educate them. Provide continuous security awareness training that’s engaging and up-to-date, covering everything from spotting phishing emails to reporting anything suspicious.
It’s also worth running simulated phishing attacks regularly to test their awareness and reinforce what they’ve learned. Make sure everyone knows exactly how and to whom to report any unusual activity immediately.
4. Control your network and access
Segment your network into smaller, isolated sections. If one part gets hit, the damage is contained and the ransomware can’t easily jump to other critical areas.
Next, practice the principle of least privilege, giving users and systems only the access they absolutely need to do their jobs. This limits potential damage if an account is compromised. Don’t forget to review access rights regularly and revoke anything that’s no longer needed.
5. Prepare for the worst
Have a clear Incident Response Plan (IRP) that details every step to take before, during and after a ransomware attack, including detection, containment, and recovery. Within this plan, designate a specific team for incident response and conduct tabletop exercises to practice your plan and find any weak spots.
Also, create a robust Business Continuity Plan (BCP) so you know how your business will keep running even if your IT systems are down. Consider getting cyber insurance too; it can really help soften the financial blow of an attack.
6. Stay ahead of the game
Cyber threats are constantly evolving, so be proactive. Run regular vulnerability scans and penetration tests on your systems and apps to find weaknesses before attackers do. You should also stay informed about the latest ransomware trends and threats by following threat intelligence feeds.
Finally, use a Security Information and Event Management (SIEM) system to centralise and analyse all your security logs, helping you spot suspicious activities that might signal an attack is brewing.
By taking these steps, you’ll significantly strengthen your business’s defences against the constant and evolving threat of ransomware. It’s an ongoing commitment, not a one-time fix.
Stay ahead of incoming cyber security threats
The cyber crime landscape is more dangerous than ever, with criminals leveraging tools like AI to scale attacks, plot tactics and exploit your vulnerabilities. It is now crucial that every business, of every size, has a strong cyber security posture that proactively addresses threats and protects data.
With the right guidance and tools, you can build defences that keep your businesses safe from incoming and evolving threats.
Our Get to Secure video series is led by our internal experts, with years of experiencing building cyber security defences for businesses and warding off risks. It’s full of practical tips to help you create your own protective perimeter, using the right tools and processes. Most importantly, it’s completely free to access.
Access the series below.
