Ransomware is a piece of software that is used by hackers to attack, undermine, and breach corporate security systems to ‘lock’ and deny access to systems and/or data files until a ‘ransom’ has been handed over to release said networks or files. These attacks are still a real and present danger to all companies around the world.
Ransomware has been around for years. The first documented example was a basic attack in 1989, delivered through an infected floppy disk. The target company had to pay the sum of just under $200 to a PO Box located somewhere in Panama, which is considerably less than the millions of dollars that are demanded by modern, sophisticated criminals using advanced cyber and crypto methodologies.
Today, various reports cite that ransomware attacks have risen by more than 10% in the last year, a figure greater than the previous five years. In fact, ransomware counted for more than 70% of malware breaches in 2021.
The latest increase in ransomware’s threat profile is “double extortion”, where the target company is told to pay up otherwise not only will the system/files remain inaccessible, but the victim’s files will be released to the public.
Another new trend known as ‘extortionware’, is where the target company’s data is not encrypted, but simply stolen, with the threat to make the data public unless sums of money are paid.
People are the problem
Ransomware preys on workers being lax and not following corporate security guidelines. A staggering 80% of actual breaches are caused by company personnel unknowingly exposing their company networks to data threats.
The most common entry route for ransomware is one of the most prosaic: A phishing email that is carelessly opened, allowing the malicious software into company PCs, and into the entire network.
Another entry point is when an employee inadvertently enters login details after receiving an email request. In this scenario, the employee has been ‘socially engineered’ into thinking the email is from a legitimate source. Once the sender has captured login information, they can enter the network and f use this to extort ransoms.
Companies regularly and repeatedly educate their personnel on how to spot scam emails and the proper procedures to follow, such as not clicking on any unrecognisable links or opening emails from unknown sources. Despite these precautions, some employees make a slip and let these bad actors in.
One such training path is for the company’s own security officers (or a company contracted to do this) to send out suspicious-looking emails to check whether employees spot the email as a phishing attack.
Here are five known cyber-attacks in 2022:
1. The world’s largest semiconductor chip company, Nvidia, was hit by a ransomware attack in February 2022. The company swiftly hardened security and engaged cyber incident experts to contain the situation. Some media channels reported the cost was in the region of $1m.
2. The highest-profile attack so far in 2022 has been against the Costa Rica Government. The country had to declare a national emergency as its finance ministry was on its knees, impacting both governmental services and private import/export sector players. The attackers initially demanded US $10m, but subsequently raised this figure to US $20m.
But they weren’t finished.
On the last day of May, they forced their way into Costa Rica’s healthcare system, taking it offline and affecting the everyday lives of the Costa Rican people, as it impacted the country’s social security fund as well.
3. The attack on Bernalillo County, New Mexico‘s local government systems was one of the first big attacks in 2022. County personnel found it impossible to enter their work computers, paralysed as the machines were by the attack which took out several county departments and government offices.
Although county officials said they made no ransom payments, this attack demonstrated conclusively the severe distress caused to citizens by government departments going offline.
4. Three Toyota suppliers were attacked during February and March 2022. The first was Kojima Industries, which had to halt operations in 14 Japanese plants, causing a 5% dip in the company’s monthly production capability. Denso and Bridgestone were next, being hit by ransomware within an 11-day window. Bridgestone suffered badly as the affected computer networks and production facilities simply shut down. Denso was supposedly hit by the ransomware group, Pandora.
5. In the early part of 2022, Indian airline SpiceJet was hit by attempts at ransomware attacks. Although unsuccessful, it still left hundreds of passengers stranded, and underlined the vulnerability of the aviation market.
The attack attempts also highlighted the urgency of implementing robust cyber-security measures at airlines across the globe, to ensure anti-ransomware protection and response systems.
Datto Ransomware Protection and Recovery Solution
One takeaway from the above examples of ransomware attacks is that if large global businesses are defenceless against them, what then of smaller businesses with less money and cyber expertise?
Datto has been providing software/hardware systems and custom-designed consultancy to global corporates to protect against ransomware attacks. The latest product they offer in this regard is Ransomware Protection and Recovery Solution (RPRS).
This contains a host of innovative features based around the Datto SIRIS, NAS, Backupify, and Datto Drive product lines, and will detect ransomware attacks and perform an automated system rollback (restore) to a pre-set, pre-attack point. It covers not just the protection of systems, data files, and folders anywhere on the network, but also on mobile devices, remote workstations, and corporate information stored in the cloud.
Datto has also created a packaged service-as-a-solution for managed service providers (MSPs) with these same features, so they can offer this robust system to their customers.
MSPs can offer Datto’s tried-and-tested layered approach, which details how to train (and continuously educate) and test employees’ security performance. It contains information and processes on how to implement and maintain security for corporate IT systems, business continuity, and disaster recovery (BCDR) solutions designed for the toughest possible cyber resilience for your business and their clients.