Ransomware Continues to Lead Cyber Attacks

Categories
Tags

Ransomware red button on keyboard, 3D rendering

Cybercrime isn’t a new phenomenon. Back in the 1970s, it wasn’t uncommon for criminals, known as Phreakers, to commit crimes via telephone lines. But, the first person to be found of an actual cybercrime, where they hacked a computer to find, copy or manipulate personal data and information, was in 1981. Ian Murphy, also known as Captain Zap was able to hack the American telephone company in order to manipulate its internal clock. As a consequence, this allowed users to still make free calls at peak times.

 

As technology advanced, so did the rise of cyberattacks. And, they’ve soared forty years following the exploits of Captain Zap. 

 

In particular, ransomware attacks have surged. While this has been a growing trend since 2015, the COVID-19 pandemic only exhilarated these threats. According to Cybersecurity Ventures, businesses are attacked using ransomware approximately every 11 seconds. By the end of 2021, this will result in global ransomware losses to reach $20 billion. And, by 2025, this will reach $10.5 trillion in the U.S. alone.

 

Another security firm estimated that in 2020, there were some 65,000 successful breaches. And, in 2021 we’ve already experienced high-profile attacks including;

 

  • In February, hackers accessed a water-treatment plant in Oldsmar, Florida.
  • CNA Financial Corp, one of the largest insurance companies in the U.S., was locked out of its network for close to two weeks following a security breach in March.
  • Hackers, in April, claimed to have stolen 500 gigabytes of data from the NBA’s Houston Rockets. 
  • In May, Colonial Pipeline had to shut off its gasoline supply following a cyberattack. 
  •  JBS S.A, a Brazilian company with the largest meat processing company in the world, shit down a quarter of its American operations for two days due to a breach in June.
  • In July, Kaseya, an IT Firm, was hacked by REvil, who was responsible for the JBS S.A. This resulted in thousands of victims in 17 countries getting locked out of their systems.

 

These attacks have targeted businesses of all sizes and sectors. Not only has this cost them millions of dollars, but it’s also reported that hat $350 million was paid out for ransomware attacks in 2020, they’ve successfully been able to do everything from cripple America’s critical infrastructure to disrupt major food supply chains.  

 

“The threat is real. The threat is upon us. The risk is to all of us,” said Homeland Security Secretary Alejandro Mayorkas at the U.S. Chamber of Commerce’s Now & Then Speaker series in May 2021. “Inform oneself. Educate oneself and defend oneself.”

 

What is a ransomware attack?

 

According to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, “Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.”

 

These attacks occur just like any other cybersecurity breach, with the leading causes being;

 

  • Spam/phishing emails (54%)
  • Poor user practices/gullibility (27%)
  • Lack of cybersecurity training (26%)
  • Weak passwords/access management (21%)
  • Report clickbait (17%) 

 

As an example, an employee opens an email that looks legitimate. They either click a link or download a file. That small act lets the malware into your company’s network and spreads. 

 

In other cases, hackers are “breaking in through interfaces that are still exposed publicly,” Dr. Vikram Sethi, a professor, cybersecurity researcher, and the former director of the Institute of Defense Studies and Education at Wright State University, told ABC News.

“It has come out that there are a number of services that were exposed publicly in the Colonial Pipeline [hack],” he added. “It looks like they might have had [Microsoft] Exchange servers that have not been patched.”

Who’s behind ransomware attacks?

 

Authorities state that some of the more recent attacks have come from Russia and Eastern Europe. 

 

REvil, for example, is a Russian hacker group that offers “ransomware as a service.” This means “it leases out its ability to extort companies to other criminals and keeps a percentage of each payment,” explains Kari Paul in The Guardian. “Its business operates at scale, offering customer service hotlines to allow its victims to pay ransoms more easily.”

 

Why are ransomware attacks surging right now?

 

There are actually several reasons why ransomware has been on the rise. Obviously, there are financial and political motivations. And, the helping drive this financial incentive are cryptocurrencies. 

 

“The thing that really kept people from making tens of millions of dollars doing hacking 10, 15 years ago, is it’s very hard to get money out of the international banking system,” said Alex Stamos, former chief security officer of Facebook and current adjunct professor at Stanford University’s Center for International Security and Cooperation, as well as a partner at Krebs Stamos Group. Cryptocurrency is easier to purchase than ever before and it’s hard to trace. 

 

But, that doesn’t get to the root cause. First, “companies have not developed and tested backup/recovery plans that enable them to fully restore systems encrypted by ransomware,” writes Jody Westby in Leaders Edge. Second, ‘they have not encrypted their data at rest.”

 

Westby adds that this has created the perfect storm. “Unlike earlier versions of ransomware that simply encrypted data, newer forms of ransomware will enter a system and look for backup data first.” As a result, they must pay a ransom to the cybercriminals to decrypt their data and avoid having sensitive data posted online, which has “only fed the problem”. 

 

How to protect yourself from a ransomware attack.

 

The Cybersecurity & Infrastructure Security Agency recommends that users and administrators be proactive against ransomware attacks by;

 

  • Employing a data backup and recovery plan for all critical information. It’s also suggested that you regularly test backups to limit the impact of data or system loss.
  • Keeping all software and operating systems up-to-date with the latest patches.
  • Maintaining up-to-date anti-virus software.
  • Scanning all software that’s been downloaded online before executing.
  • Restricting the ability (permissions) of users to install and run software applications.
  • Disabling macros from email attachments.
  • Not clicking on suspicious email links. 

 

It’s also not advised to pay the ransom if you’re a victim. “Paying a ransom doesn’t guarantee you or your organization will get any data back,” the FBI states on its website. “It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”

 

“The bottom line,” says Westby, “companies need to invest in their backup/recovery capabilities and encrypt data at rest (encrypted data posted online isn’t worth much). Agents and brokers also need to meet with their clients, raise these issues, and advise them on how their cyber insurance carriers are handling ransom demands.”

Related posts

August 14, 2021

Commercial Real Estate Liabilities Are Amplifying. How COVID’s Playing a Key Role

Read more
August 12, 2021

Economic Stress Tests Workers Comp Plans

Read more
August 7, 2021

Ripping off the Band-Aid

Read more