Johannesburg, 15 Sep 2021
Ransomware kits are widely available on the dark web and have a lower bar of entry for use and deployment by malicious actors. Since 2016, at least 4 000 ransomware attacks have taken place, according to the FBI.
According to the report, the average ransomware demand globally is estimated at $761 106. Organisations that decide not to pay the ransom spend around $732 520 to recover their systems. Businesses that pay lose twice the amount due to all the additional costs, totalling close to $1.45 million.
“Ransomware is being spoken about at the board level. It is one of the top five overriding threats these organisations are facing. And I'm not talking just IT threats, I'm talking about all threats for CEOs, CTOs and CIOs,” explains Brandon Rochat, Cybereason’s sales director for Africa.
Once deployed, ransomware can cripple an organisation in a matter of days. Dealing with the aftermath of a ransomware attack is complicated and costly.
“The bad guys, the threat actors – they want to get into your network to deploy a piece of malware that will ultimately encrypt your network and your data. The ransom can be in different formats – money, Bitcoin – and in return they’ll unlock your data,” adds Rochat.
On the dark web, ransomware is being offered ‘as a service’, affecting organisations across every industry vertical. It’s no wonder that 2020 was declared the year of ransomware.
“There’s been a huge increase in ransomware and all different versions of ransomware are now coming through. There have been some large, devastating ransomware attacks in South Africa,” says Rochat.
“The original ransomware was always around – dropping malware and holding companies to ransom for some kind of financial gain. What we’re starting to see is an old military tactic where you make a lot of noise over here, but you go in over there. It’s a deception mode.”
According to Rochat, ransomware is rapidly evolving from a loss of data where companies are chasing ransomware payments in the form of Bitcoin (for example) to data being lost at the back door, which nobody is aware of.
“There are basic things you can do to start decreasing your tech attack vectors like ransomware, but it’s often the simple things don’t do that open the doors,” adds Rochat. “Get a good password system going, use two-factor authentication, keep control of your software updates and be involved with organisations that defend for you, against ransomware. Even when you’ve done the basics, you still need another layer on top of that.”
With ransomware, the basics shouldn’t be taken for granted. Many CISOs and CSOs see human error as one of the biggest cyber security threats to an organisation (in addition to faulty software and back-end development problems). Common, at-risk employee behaviours such as clicking on a malicious link, downloading a compromised file, falling victim to phishing e-mails or unintentionally leaking data can all result in a cyber attack.
One organisation made the news after it paid a hefty ransom (reported to be millions of dollars) only to be hit by a second ransomware attack by the same threat actors a few weeks later because it did not take the necessary steps to understand how the first attack occurred.
“A lot of it is potentially human error but not on purpose – it’s just the basic things that people miss. With ransomware attacks and cyber security in general, a lot of education is required and I believe that should come from the IT department,” says Rochat.
Researchers from Stanford University found that around 88% of all data breaches are caused by an employee mistake. Yet ransomware attacks are growing, evolving and “can be very large and very devastating. We call them nation-state attacks and they’ve already happened globally. There have been measured attacks against oil pipelines, electrical grids, water infrastructure…”
From internet of things (IOT) ransomware variants to even larger, more global attacks, the fight against ransomware is getting increasingly complicated, more sophisticated and with more devastating results going forward.
Even with cyber security insurance and data backups in place, complete recovery efforts can be compromised, which is why responding to a ransomware attack comes down to putting the right prevention, detection and response capabilities.
“As we connect more and more of our things to the internet, it gives threat actors more space to play. We’re not very good at going manual these days – picking up a pen and paper. Everything is online and that means everything is available for attack, which is why we need to start taking ransomware very seriously,” he concludes.
Share