2017 was the year of ransomware, the most significant threat in the cybersecurity sector both for large companies and SMEs, as well as users. Attacks like WannaCry and Petya held computers around the world to ransom and hit the headlines in newspapers in countries across the globe. In fact, last year the cost of ransomware hit around 5 billion dollars, making this Trojan the most powerful, sophisticated type of cyberattack around, and marking a 350% increase compared with 2016.
The report “No Kidnapping, No Ransom”, written by PandaLabs, Panda Security’s antimalware laboratory, compiles this data, alongside more information about ransomware, that we will explain below. Although we’ve seen the growth of other types of attacks in business environments – attacks such as cryptojacking – the effective results and the low risk involved for the cyberattacker make ransomware a constant threat that mustn’t be forgotten.
Businesses in the spotlight: How do these criminals attack?
Ransomware is a form of cybercrime that encrypts files on computers, blocking or denying access to them until the cyberattacker receives a ransom, generally in the form of bitcoin or some kind of virtual currency that allows the attacker to remain anonymous. The end goal of these kinds of attacks, therefore, is financial gain. The three most common incidents in which cybercriminals make use of ransomware are cyber-theft, extortion, and sabotage of civil or military infrastructure.
Cyber-theft is one of the tactics that criminals use to make money. A year ago, Equifax became the victim of what is to this day still one of the largest losses of personal data in the history of the Internet. The attack was carried out using a vulnerability in the company’s web applications that had previously been exploited with ransomware by the criminals, opening the door to the confidential information of 147 million people in the United States, including Social Security numbers, dates of birth, home addresses, and in some cases their driving licenses and credit cards.
Another the possible strategy is extortion, whether by force or with threats, to get something in exchange, which in the case of this kind of attack, is usually money. There are three recent examples of extortion that made a splash around the world: WannaCry, NotPetya, and BadRabbit. In this case (that isn’t the only case that demands a ransom), the cybercriminals access the files on a system, encrypt them, and finish their attack by displaying a ransom note to the user that demands remuneration in return for the safe return of their data. This situation has made thousands of companies tremble after seeing how they could lose their data if they didn’t cough up millions of dollars.
The final type of attack is sabotage of civil or military facilities. One clear example of this was the attack on Aramco, Saudi Arabia’s state-owned oil and gas company, that paralyzed exports for two weeks. The same software that brought activity to a halt was used again several years later to carry out a series of cyberattacks including a new module, this time containing ransomware. More recently, the city of Atlanta fell victim to the ransomware SamSam, which forced the city to freeze all digital processes. The inhabitants of Atlanta had to delay electronic payments, and city officials were forced to resort to writing their reports by hand. The attackers were demanding a $50,000 ransom in bitcoin to resolve the problem, and it is unknown whether the city handed over the money. However, the city has stated that it spent $2.6 million on recovering and responding to the incidents. This goes to show that, whether the ransom is paid or not, this form of attack can be very expensive for organizations of all types.
Recommendations for a ransomware-free company
To protect our companies from the constant threat of ransomware, here at Panda Security we’ve prepared this list of tips.
- Constantly creating backups to avoid the loss of data, and keep them up-to-date with system updates and patches.
- Training our employees, promoting awareness, and conveying the importance of detecting possible attacks that could target them, such as phishing.
- Carrying out security audits and vulnerability tests to know the points of entry for our systems.
- Having a multiplatform advanced cybersecurity solution such as Panda Adaptive Defense, which carries out real-time analysis and allows you to prevent, detect, and remediate this type of attack.