A casual Google search for ransomware attacks will throw up a deluge of news stories, all of them from over the last few weeks (at time of writing).
At the start of June 2019, the UK based Eurofins Scientific were forced to pay out after a ransomware attack crippled the business. It was so serious the Police suspended working with them until their systems had been brought under control and secured.
Eurofins have declined to specify the amount they paid but presumably it was worth it compared to the potential loss of revenue caused by the various Police forces suspending their contracts.
At the end of June, the Florida town of Lake City paid $500,000 to hackers after a ransomware attack disabled public services. Two weeks prior the town of Riviera Beach dolled out $600,000 in a similar attack.
A court in the state of Georgia also fell foul of a similar attack, locking out access to online records. Servers were disconnected to quarantine the affected files. The court states that no personal information was affected.
In Baltimore, Ohio and Indiana all had to suspend public services due to a ransomware attack. For Baltimore it was the second attack using the RobbinHood ransomware in a 3-month period. The first attack cost the Baltimore City $18.2 million in losses and more than a week to get things back up and running.
And today news broke that the UK based first aid charity, St John’s Ambulance was the victim of a ransomware attack. Data relating to course bookings was locked out for the organisation and included names, contact details, payment information and even driving license details.
Stand and Deliver
Coupled with the high proportion of breaches caused by human error and it makes the conditions favourable for hackers.
And it’s costing the economy a fortune. Some affected businesses claim it’s costing tens of thousands a day in lost revenue. Even more for larger organisations.
It has effectively become the modern form of highway robbery with businesses or individuals vulnerable to attack at any time of the day or night.
Once a vulnerability is identified hackers don’t need to ask for large sums of money. Few businesses will cough up millions – or even hundreds of thousands – preferring to spend that money on someone to recover the data.
However, a few thousand here or there? It’s cheaper than risking the loss of data or the loss of revenue.
As a result, hackers are cleaning up and effectively declaring open hunting season on private and public organisations alike.
Although there is an obvious trend of targeting organisations that:
- Are big enough to have enough employees that a reasonable IT infrastructure will exist.
- Can reasonably be assumed to have a sufficent funds to pay the ransom.
- Won’t necessarily have the most robust cyber security in place.
Put all these things together and you’ve got an organisation ripe for the taking.
But for some it’s not about the money. As the quote goes – ‘some [people] just want to watch the world burn’.
In 2017 the Petya ransomware was released and decimated some of the world’s biggest companies. It was assumed that those behind it were out to make big money, like any other ransomware attack.
Petya works like most other ransomware, but for one key difference. It doesn’t let you pay the ransom.
According to Microsoft the malware hit 64 countries and according to security researchers the people behind the attacks wouldn’t have been able to unlock the encrypted files even if their victims could pay the ransom.
The indiscriminate nature of Petya (and spin offs like Bad Rabbit) is unusual but not unheard of.
Ransomware puts businesses and government bodies at major risk, facing either losing data – and their ability to operate – or a fortune in heard earned revenue.
Either way it spells disaster for organisations with vulnerable networks.
According to The Register, the most common causes of data breaches effecting Fortune 500 companies are system glitches, malicious attack or human errors. Although that last one is often following a malicious attack.
And as soon as one attack is successful further attacks follow, making it harder and harder for an organisation to maintain its security with any kind of efficacy.
The more data that gets encrypted and rendered useless, or sold on the dark web, the more the business will suffer and slip further towards collapse.
Traditional counter measures are built around the old cyber kill chain of reconnaissance, exploitation and exfiltration.
However now attacks focus more on opportunity, exploration, arbitrary action.
Hackers no longer need to get in and get out with their ill-gotten gains. They can sit there for days or weeks, waiting for the right time to strike.
This means cyber security needs to be active, not passive. If an active agent is on your network, lurking, then traditional measures will likely ignore it.
Threats will evolve as privacy laws change and will inevitable move towards artificial intelligences like Google’s search engines.
Data integrity attacks – in which data is manipulated and altered – before it reaches its recipient will destroy reputations, wiping billions off a company’s value. The same effect as ransomware but without the company knowing they’re a victim until it’s too late.
In reality, if a hacker really wants to break into your network then they will. Unless it becomes too expensive, verses the reward, then they’ll go elsewhere.
But assuming a concerted attack on any given network is likely, businesses need to be doing all they can to deter an attack and minimise the damage in the event of its success.
So – using the 3-2-1 rule for backs ups will help protect key systems and records.
Training team members to be sufficiently aware of suspicious emails, URL or questionable looking attachments, all of which can be used to deliver ransomware.
And limiting access to certain administrative tools so only authorised personnel can access key areas. The principle of least privilege may frustrate the more tech savvy employees, but a little grumbling is worth the extra protection it affords.
Especially – as we’ve noted already – half of data breaches are down to human error.
Network segmentation can also help to keep those business-critical drives and files safe from an attack.
Although we’re confident that artificial intelligence will overtake convention network security software in the coming years, it’s important that organisations make sure they are doing all they can to protect themselves now.
All the indications are that ransomware and other attacks will continue to grow, especially as more and more organisations are choosing to pay the money. Despite law enforcement’s attempts to convince people otherwise.
Although when faced with a choice of a few thousand in ransom or the potential loss of your entire organisation’s data, it’s easy to see why those organisations mentioned above made the decisions they did. Which paves the way for much bolder, more devastating attacks in the future.
Alternatively, if you’re looking for cyber security experts to join your team, register your details and a member of the team will be in touch to discuss your requirements.