Ransomware 2020

Since its first appearance, ransomware has undergone an evolutionary journey — from piecemeal tools created by isolated enthusiasts to a powerful underground industry reaping vast rewards for its creators. What’s more, the cost of entry to this shadowy world is getting lower.

Nowadays, would-be cybercriminals no longer need to create their own malware or even buy it on the dark web. All they need is access to an RaaS (Ransomware-as-a-Service) cloud platform. Easy to deploy and requiring no programming skills, such services enable just about anyone to use ransomware tools, and that has naturally led to increasing numbers of ransomware cyberincidents.

Another worrying recent trend is the transition from a simple ransomware model to combined attacks that siphon off data before encrypting it. In those cases, nonpayment results not in the destruction of information, but in its publication in open sources or sale at (closed) auction. In one such auction, which took place during summer 2020, databases from agricultural companies, stolen using REvil ransomware, were put up for sale with a starting price of $55,000.

Unfortunately, many victims of ransomware feel compelled to pay despite knowing it’s no guarantee they’ll get their data back. That is because hackers tend to target companies and organizations with a low tolerance for idle time. The damage caused by a production stoppage, for example, can run into millions of dollars per day, whereas an incident investigation could take weeks and not necessarily bring everything back on track. And what about medical organizations? In urgent situations, some business owners feel they have no option but to pay.

Last fall, the FBI issued a special clarification on ransomware, recommending unequivocally that no one pay hackers any money. (Paying encourages more attacks and in no way guarantees the recovery of encrypted information.)

Top headline-grabbers

Here are just a few incidents from the first half of this year that point to the growing scale of the problem.

In February, Danish facility services company ISS fell victim to ransomware. Cybercriminals encrypted the company’s database, which led to hundreds of thousands of employees across 60 countries being disconnected from corporate services. The Danes refused to pay up. Restoring most of the infrastructure and conducting an investigation took about a month, and total losses were estimated at $75–$114 million.

Ransomware hit US multinational IT service provider Cognizant in the spring. On April 18, the company officially admitted to being the victim of an attack by the popular Maze ransomware. The company’s clients use its software and services to provide support for remote work to employees, whose activities were disrupted.

In a statement sent to its partners immediately after the attack, Cognizant listed Maze-specific server IP addresses and file hashes (kepstl32.dll, memes.tmp, maze.dll) as indicators of compromise.

Rebuilding much of the corporate infrastructure took three weeks, and Cognizant reported losses of $50–$70 million in its Q2 2020 financial results.

In February, Redcar and Cleveland Borough Council (UK) suffered an attack. British newspaper The Guardian cited a board member as saying that for three weeks — the time they required to effectively rebuild the IT infrastructure used by hundreds of thousands of local residents — the council had been forced to rely on “pen and paper.”

How to protect yourself

The best strategy is to be prepared. Equip mail services, which are potential

Continue reading

This post was originally published on this site