By Carlos Cabral*
As widely reported, several public and private organizations have suffered cyber attacks in which a type of malicious program called ransomware has been activated. This is an invasion modality that is not new, but it has been increasing significantly since the beginning of the pandemic, a period in which private and public companies were forced to speed up some stages of the so-called Digital Transformation. It turns out that ransomware is like the spark needed to explode an environment already flooded with fuel. Attacks like these serve as a wake-up call to show that companies need to seriously consider making investments, not just financial ones, but in implementing critical security processes.
Before advancing the argument, a brief technical disclaimer regarding the concept of ransomware that is widespread in the media is in order. First, we need to remember that ransomware is a category of attack whose objective is to block users’ access to their data, often by encrypting files, which means that there are several types of ransomware, each with its own specificity. However, most of the attacks we’ve seen can actually be categorized as double extortion.
Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Canaltech News. Everyday a summary of the main news from the tech world for you!
Double extortion consists of demanding a ransom payment so that (1) the criminals provide the key that unlocks the files and (2) the stolen files are not leaked. Those who choose not to pay the ransom, in addition to the impacts of data leakage, may face strenuous days of rebuilding the environment. Therefore, the double extorsion method differs from the simple adoption of automated attacks.
That said, we bring some data that shows the evolution of incidents involving ransomware during the pandemic. A study by Temple University (USA) focusing on attacks targeting critical infrastructure installations points to an increase of 370% between 2018 and 2020. It is important to note that attacks against critical infrastructure are only a part of the total attacks involving this type of malware, but the data manages to give a dimension of the threat’s growth.
This modality has become a highly professionalized activity, with levels of specialization that can be compared to what is found in high-end industries. Speaking of industry, this is also a valid comparison, as it moves exorbitant figures annually, earning revenue mainly from ransom payments, but with some gangs selling the data of companies that do not pay the ransom to other criminals. Quite clearly speaking: it is an organized crime activity, which is not operated randomly by individuals, but rather by gangs that divide the tasks by specialty among affiliates and, in some cases, help each other under a cartel regime.
WannaCry screen, one of the most “famous” ransomware ever used by cybercriminals (Image: Wikipedia / securelist.com)
The point is that, most of the time, when the ransomware is activated and the attack is discovered, it’s too late and the damage can be severe, because what happens is that criminals invade the network of large organizations, spend days selecting and extracting sensitive information and after they are satisfied with what they have collected, they spread the ransomware on all eligible computers, exposing or selling the data of companies that do not pay the ransom within the specified period.
An IBM Security study shows that, on average, companies take 287 days to identify and close a breach — nearly a full year in total. So, we hit the key again: ransomware is the last step in an attack that can have a long chain, in which the attacker adapts to the defense conditions of each target.
The financial losses for companies can be exorbitant. The same research cited above, based on data from 537 attacks against organizations in 17 countries that suffered data leaks between May 2020 and March 2021, indicated that the average total damage from ransomware attacks was $4 .62 million globally.
This whole picture is part of a Digital Transformation movement that had been happening slowly in the private sector, but which gained an unexpected pace due to the isolation imposed by the pandemic. The home office, with all its advantages from the point of view of flexibility, opened loopholes for criminal actions, ranging from the simplest, such as the use of weak passwords to more elaborate attacks against platforms used by multiple organizations that allow compromising the security of several companies at the same time. There are several other techniques tailored according to the defenses—or lack thereof—in organizations.
In summary, the ubiquitous technology landscape is bringing numerous benefits and amenities, but also some significant risks, such as ransomware attacks. The good news is that there is technology and, above all, expertise to avoid crises. There is no “silver bullet”, but the adoption of essential digital security management practices, such as keeping software up to date, having strict access control and demanding high security levels from the providers with which you have a connection, can already bring a level of protection which demands additional layers of adaptation on the part of the adversary, stimulating him to look for another easier target.
For that, it is necessary that there is a cybersecurity culture in the company, from the top to the bottom. Decision makers and managers need to understand that investing in this area is an important part of a business strategy.
*Carlos Cabral is a Tempest digital security researcher
Did you like this article?
Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.