The true impact of a ransomware attack may not be immediately obvious, writes the CEO of Kaspersky.
Eugene Kaspersky
Since the early 2010s, ransomware cyber-attacks have not only posed a prominent threat to individual users, but to companies too. Today they are getting more and more sophisticated, targeting specific organisations in both the public and private sectors. Despite overall IT budgets decreasing as a result of the Covid-19 pandemic, cybersecurity is still a top priority for organisations across the globe preparing for more targeted and impactful threats.
Looking back over the past three years, the share of users targeted with ransomware in the overall number of malware detections has risen from 2.8% to 3.5%. While this might seem like a modest increase, ransomware is capable of causing extensive damage to affected systems and networks and hence it should not be viewed as trivial. The financial impact of a data breach, particularly in today’s turbulent economic climate, could have a detrimental effect on businesses.
In the UK alone, between January and September 2020 we detected and blocked almost 73,000 ransomware attack attempts, which translates to 265 attacks per day. In Germany, more than two million attacks were detected over the same period, which corresponds to more than 8300 attacks per day. [Statistics provided by targeted attacks researchers at Kaspersky.]
Historically, ransomware attacks have been focused on the potential pay-off, but since last year, Maze ransomware, for example, is not only seeking to extort a ransom via encryption, it is also threatening to sell or publish the stolen data and name the victims if a ransom is not paid. Dozens of companies have fallen victim to this particularly nasty malware, including such giants as LG and Southwire.
Worsening situation
Today, while the world still suffers the effects of the Covid-19 pandemic, and amid the resulting shift in employees’ working practices (which often means weakened or unprotected home networks), hackers are making the most of these difficult times and a ransomware attack on companies can cause even more disruption than under normal circumstances. While medical companies, hospitals, governments, and international organisations are struggling to contain the spread of Covid-19 (including developing a vaccine), they are becoming even more worried about losing access to their systems and thus are more likely to pay a high ransom to minimise work disruption.
The recent development of successful vaccines is sure to be of interest to cybercriminals as the world looks to regain control of the virus and inoculate the population. It can be expected that, beyond intellectual property theft, criminals will look to halt production of the vaccine and demand ransomware.
If an organisation is attacked with ransomware, it is not just a matter of paying the ransom and ending the matter.
Unfortunately, we have all seen that as far as healthcare organisations are concerned, ransomware attacks can easily go beyond the digital world and cause real world damage. In September 2020, an attack on a hospital in Dusseldorf in Germany resulted in a delay in patient care and ultimately a patient’s death. In the same month, UHS, one of the largest healthcare provider chains in the US, was hit by a ransomware attack that led to blocked computers and phone systems. During a time when healthcare services are more important than ever, ensuring that the correct cybersecurity protocols are in place is vital.
At the beginning of October 2020, Europol stressed that ransomware remains a top priority threat for a majority of law enforcement bodies across Europe. It also pointed out that it is harder to identify and investigate such attacks if the organisations that fell victim to ransomware cybercriminals were reluctant to turn to the police for fear of losing money, business or private data. Fearing regulatory fines and/or reputational losses, victims often simply pay off their attackers without notifying the authorities.
It has been reported that UK firms have been forced to pay out more than £200m ($266m) in ransom demands from cybercriminals in the past 12 months, for fear of further fines, lost data and damaged reputations. As cyberthreats become ever more sophisticated and targeted, and businesses rely more on technology, that number is only set to rise further in the coming years.
Currency exchange company Travelex suffered the first big UK ransomware attack of 2020, with well-known cybercriminal gang REvil holding it to a ransom of £4.6m and forcing the complete shutdown of all the organisation’s computer systems.
Tip of the iceberg
If an organisation is attacked with ransomware, it is not just a matter of paying the ransom and ending the matter. There are many other costs that are inextricably linked to hacking. The real cost of a ransomware attack will most likely include loss of revenue during downtime, fees paid to cybersecurity experts, various fines, as well as reputational damage and even a consequent loss of business or capitalisation. In Travelex’s case, the failure to notify the Information Commissioner’s Office, combined with the threat of doubling ransomware costs and ignored warnings of possible vulnerabilities in IT infrastructure some four months earlier, resulted in huge reputational damage.
Thus, whether an organisation decides to pay a ransom or not, remediation expenses and other hard and ‘soft’ costs still need to be paid. Given that higher ransoms are demanded from companies with extensive technology infrastructures and highly valuable reputations that are equally expensive to maintain, it is not just the ransom itself, but the costs associated with failure to prevent the attack and the consequent remediation that may cause real reputational damage or even destroy a business.
Most importantly, every ransom paid makes the cybercrime model all the more attractive for criminals. Ransomware is very big business already, with pay-outs calculated in the millions of dollars per single high-profile attack. Recent stats have revealed that more than 25% of organisations are paying an average of $1m in demands when their systems are held hostage by criminals for lack of an alternative.
Disrupting this business model is essential, whether by providing free decryption keys like by NoMoreRansom.Org, which in four years has saved users more than $630m, or by outlawing ransom payments, as suggested by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC). The enforcement agency warns that businesses paying ransoms to cybercrime groups “not only encourage future ransomware payment demands, but also may risk violating OFAC regulations”.
Protection against ransomware
In view of the recent uptick in ransomware attacks, organisations (especially those involved in medical research related to Covid-19) should take all possible measures to protect their data. Cybercriminals are increasingly recognising the impact of holding a business’s data hostage, and if victims continue to pay these demands, they will only fuel the attacker’s activities.
The rise in cybercrime is not new; in fact, it has been observable for the past 30 years. However, this trend has occurred in parallel with organisations’ attempts to digitally transform systems and protocols. Such a focus on digital development has meant that cybersecurity has been put on the back burner for IT departments and spending. But as we enter a new decade, in which threats to organisations have been laid bare by a barrage of data breaches and hacks, it is firmly back on the agenda.
It is actually possible to lower one’s chances of falling victim to hackers simply by focusing on the basics, such as working with up-to-date software, using multi-factor authentication and strong passwords, and by separating the more important systems from the wider-access network and avoiding pirated copies of programs. Furthermore, recovering from ransomware is easier and less expensive when proper routing exists for creating backups offline.
The past year has put many organisations in situations where they need to respond and focus all their efforts on staying afloat. However, even with the revision of budgets and changes to IT spending, cybersecurity must not be allowed to move down the priority list. Organisations can work smart and deploy the simplest protocols to keep their business protected against attack.
Though ransomware attacks are a huge threat, most are often opportunistic. Hackers simply pick you from a list of companies at random, so it is up to businesses to take all possible steps to ensure their network is secure enough should they be targeted. But if a ransomware attack does get through your barricades, report the crime, seek professional help – and do not pay.
Eugene Kaspersky is CEO of cybersecurity firm Kaspersky.
