According to Kaspersky research, 2019 was ‘the year of ransomware attacks on municipalities’. Last year, the company said hundreds of municipal institutions across the globe were targeted by ransomware, and SA had its fair share.
However, although attacks on municipalities are ongoing and remain a concern, ransomware is also being used against other public entities and is becoming more targeted.
Maher Yamout, senior security researcher for the Global Research and Analysis Team at Kaspersky, said municipalities remain a target for ransomware attacks, as shown by the 60% increase the company saw in attacks of this nature around the world from 2018.
“However, 2020 has already marked the trend where other public/community entities, even low-funded public non-profit organisations (NPOs) that were not targeted that actively before, such as libraries or religious centres, are also falling victim to this type of attack.”
Another trend noted by the company is that ransomware is becoming increasingly targeted. Bad actors are now spending more time on intelligence gathering to gain access to their targets.
Researchers said they are seeing an increasing number of cases where attacks are performed manually, in an onerous, yet efficient manner that was not previously typical of small-scale attackers.
New angles, leverages
Another trend, says Kaspersky, is that ransomware continues to look for new angles and leverages to force victims to pay.
“The pattern we are seeing actively developing in 2020 is that instead of making files unrecoverable, threat actors threaten to publish data that they have stolen from the victim company. We already see threat actors creating Web sites dedicated specifically for publishing gigabytes of stolen corporate data,” added Yamout.
Last year, the security giant detected over 120 000 ransomware attacks in SA. The figure for the first two months of 2020 is only 4 000, but researchers attribute this decrease to malefactors focusing on quality instead of quantity.
“The largest share (20%) of these attacks were performed with ransomware previously seen among the top three malware that encrypted cities in 2019 and which are now responsible for the largest share of ransomware attacks targeting SA,” he said.
Survival of the fittest
“The nature of the threat landscape leads to a ‘survival of the fittest’ scenario, with ransomware writers and distributors adjusting and updating their arsenals constantly,” said Kaspersky CEO, Eugene Kaspersky.
He noted that one thing remains stable - the companies that keep cyber-protection as a top priority and that have dedicated professionals to monitor the situation are not subject to the vast majority of attacks and may be quite close to being almost immune.
“Even for smaller organisations, with no security departments, there needs to be a good basic level of security to ensure that they are protected. This means arming oneself with quality security solutions and keeping them up to date; only this will make the cost of a cyber attack far outweigh any benefit to the attacker,” Kaspersky explained.
To avoid falling victim to these attacks, the company advises installing all security updates the instant they appear. Most cyber attacks are made possible by exploiting vulnerabilities that have already been reported and addressed, so installing the latest security updates lowers the chances of an attack.
Next, they advise to protect remote access to corporate networks by VPN and use secure passwords for domain accounts, and always update operating systems to eliminate recent vulnerabilities.
In addition, researchers advise that ransomware is a criminal offence, and no one should pay the ransom. Anyone who falls victim should report the incident to local law enforcement.
“Try to find a decryptor on the internet first – some of them are available for free here: https://noransom.kaspersky.com, and finally, remember that educating staff in cyber security hygiene is also crucial to prevent attacks from happening.”
Share