1.2029990-3515132599
Staff monitoring the spread of ransomware cyber-attacks at the Korea Internet and Security Agency (KISA) in Seoul. More cyberattacks could be in the pipeline after the global havoc caused by the Wannacry ransomware, a South Korean cyber security expert warned May 16 as fingers pointed at the North. Image Credit: AFP

Highlights

  • Why ransomware attacks are spiking amid the COVID-19 pandemic.
  • Know the top tips to avoid falling victim to darkweb attacks
  • Know the dos and don’t of safe email practices.
Also in this package

Dubai: You think your network is “bomb-proof”? Or your organisation’s digital assets are “safe”? Think again. No matter how airtight you think work or organisation’s network is, there’s always a way in for the most persistent intruders. From the hackers’ point of view, we — the end users — are the best route of an hack. And this time, those who work from home are prized targets.

What’s the link between ransomware and pandemic?

Make no mistake: We are still in the midst of a health pandemic. And we’re also still in the midst of a digital pandemic of ransomware attacks. These are organised, deliberate attacks on increasingly significant targets. There are signs people and businesses are facing a chronic failure in finding ways to keep them at bay.

Why are ransomware attacks on the rise?

Ransomware attacks have spiked during the COVID-19 pandemic, say IT security professionals. “There’s one simple reason: More people are working away from the office, where security controls are comparatively weak,” said Anoop Kumar Pauval, Information Security Manager at Gulf News’ IT Department.

“At home, connected to work via remote data access, end-users tend to be less protected, and are more vulnerable,” Pauval added. He cited example, Check Point Research's (CPR) latest report (published in May) found a 102% increase in ransomware attacks this 2021 compared to the beginning of 2020. “There are no signs of the attacks slowing down.”

What’s the usual route of a ransomware attack?

Most ransomware attacks exploit the vulnerabilities of employees to get through to organisation’s network. Most hacks are done this way, called “social engineering” attacks.

How do links pose a threat?

Emails are the most potent tools in the arsenal of cybercriminals. It comes int he form of a link or an attachment. If you open an unknown attachment or click a link in an email sent to you by a hacker, you’re roped in.

Email security tips
Image Credit: Jay Hilotin / Gulf News

How can you tell the difference between legit email and hacker’s email?

There are email senders among people you know. They tend to be safer, but that’s not to say you shouldn’t exercise caution (especially with forwards). Some spams are obvious, but others are very smartly designed get past past the filters. They’re done by deception masters designed to dupe recipients. “Phishing” email is No. 1 way hackers get around firewalls, filters and antivirus.

Ransomware dark web
Cybercriminals have taken advantage of the pandemic by attacking at a time when many organisations are at their weakest. Tightened budgetary controls and home working has diverted attention away from IT and info-security concerns, leaving vulnerabilities throughout networks.

Should I always trust emails from a friend or colleague?

No, even if it’s from a friend or colleague, take a pause before clicking anything further. Check the contents of the message they send along with it: Does it sound like it’s from them? A smarter way to avoid malware or phishing is to call the sender or speak in person, if possible, to confirm they sent the email. If you can’t be sure of its authenticity, simply delete.

Top 5 biggest ransomeware payouts:

CWT
1. CWT Global ($4.5 million) | Date: July 2020 | The US travel services company CWT Global set a world record for the largest ever ransom payment, after it handed over $4.5 million in bitcoin to the Ragnar Locker ransomware gang. The attack is believed to have taken down 30,000 computers and compromised two terabytes of data. Financial records, security documentation and employees’ personal details, such as email addresses and salary data, were all affected. Image Credit:
1.2231392-3655806653
2. Colonial Pipeline ($4.4 million) |Date: May 2021 | Millions of people got a first-hand glimpse of the disruption that ransomware can cause, when Colonial Pipeline was crippled by the DarkSide gang. The fuel supplier was forced to halt operations amid the attack, which targeted the company’s business network. This included the Colonial’s billing system, which meant it had no way to track fuel distribution and to accurately bill its customers. Additionally, Colonial shut down its operational technology network, which controls the pipeline, to prevent further spread of ransomware. Image Credit:
Ransomware dark web
3. Brenntag ($4.4 million) ) | Date: May 2021 | Brenntag’s North American division was compromised by criminal hackers. The chemical distribution company has over 17,000 employees in over 670 sites worldwide, but the damage to just one part of its business, in which 150GB of data was stolen, caused huge disruption. The group responsible for the attack, DarkSide, initially demanded a 133.65 bitcoin ransom, which equates to approximately $7.5 million – which would have made it by far the largest ever payment. Image Credit:
2020-01-08T102213Z_1373740858_RC2MBE9FBK7A_RTRMADP_3_BRITAIN-TRAVELEX-(Read-Only)
4. Travelex ($2.3 million) | Date: December 2019 | While most of us spent New Year’s Eve 2019 celebrating, the IT department at Travelex was grappling with a ransomware virus that was spreading through its systems. Almost two weeks later, the currency exchange service finally restored its internal systems, but not before paying the attackers a reported $2.3 million ransom. Image Credit:
NAT RANSOMWARE ATTACK HACKED-1567347791021
Image Credit:
View gallery as list

Why are ransomware very disruptive?

The threat is real, as can be seen by recent examples. There’s often a financial motive involved. The demands are also real, too. But the damage to operations can destroy an institution or organisation's reputation.

How much is the average ransomeware payment?

As we’ve seen, attacks capturing an organisation’s data and systems are on the rise. One study shows that since the start of the pandemic, ransomware attacks have gone up by almost 500%.

The average ransom payment has also continued to climb, up 43% from the last quarter of 2020 to an average of over $200,000, according to one report.

$ 200,000

the average ransomware payout during Q1 2021

Worse, a ransom demand is often accompanied by a breach and extraction of company data — and a concurrent extortion threatening to release this data unless additional payments are made.

News about attacks against the CNA Financial and Colonial Pipelines are recent publicly-known examples of hacking events. There’s a much bigger section involving unknown pay-offs for which the victims never publicly declare the hack.

Who are the perpetrators?

They are evolving, from the stand-alone hackers to what are now known as “criminal collectives”, including the DarkSide, which behave like state-sponsored attackers. These collectives have created virtual organisations, sharpening their techniques in targeting specific sectors and companies. They patiently wait for the kills.

Ransomware dark web
Image Credit:

How big is the ‘cybercrime’ threat?

What’s the away around scams, spams and ransomware attacks.

It’s the dark underbelly of the online world. Cybercrime is a growing, highly successful and profitable “industry”. It is estimated that cybercrime costs will grow by 15% per year to reach $10.5 trillion by 2025. If it’s a country, it would be the world’s third-biggest “economy” — after those of the US States and China.

What’s the way around ransomware attacks?

Image when governments, health-care providers, online merchants like Amazon/ebay/Alibaba or other large organisations become beholden to cybercriminals? There’s certainly a way around the current state of affairs.

Intranets — closed, proprietary networks — might hold the key, say experts. As the internet evolves, a new trend emerges, with two distinct sides.

  • Free-for-all internet:

This is the free-for-all, unfiltered, minimally regulated, “Wild West” type of internet anyone can access. This is the playground of the rising ranks of cybercriminals and everybody else, including you and me.

  • Intranet

The second is “World Wide Intranet” — widely accessible but tightly controlled websites with stringent access controls to prevent criminal activity. Years ago, closed corporate intranets have gained popularity. This second type is rapidly evolving.

As such, as security measures and conditional access via multi-factor authentification will become a standard.

The internet needs a semblance of control — the price of not having them is immeasurably greater than the damage of any “restrictions”. It’s an inevitable outcome of the security threats mushrooming around us, compromising not only networks but individual the end users that use them.