Payments made by companies to recover data hijacked by ransomware reached a record in 2021, according to research by Unit 42, a cybersecurity platform. The average payment, in these cases, rose 78%, from US$ 303,700 in 2020 to US$ 541,000 last year.
According to the survey, the most affected segments were professional and legal services, construction, wholesale and retail, healthcare and manufacturing.
The number of victims whose data was posted on leak sites rose by 85% in 2021 to 2,566 organizations, according to the survey. Additionally, 60% of spill site victims were in the Americas, followed by 31% in Europe, the Middle East and Africa, and then 9% in the Asia-Pacific region.
the attacks of ransomware are part of the family of malware, which is the result of combining the words “malicious” and “software”. The term malware, therefore, refers to all malicious software that can be dangerous to a device, including viruses and trojans.
Daniel Bortolazo, systems engineering manager at cybersecurity firm Palo Alto Networks, says the ransomware it is very common because it has an impacting aspect, since everyone realizes that the attack completely makes the attacked platform unfeasible.
What explains the increase
Bortolazo lists three points that are becoming increasingly common, causing criminals to request more significant amounts and companies to accept to pay them.
“The first thing is that these attacks go through a multiple extortion process.” That is, in addition to the hacker encrypting company data, he threatens to disclose it. “This exposure can collide with the data protection law, generating legal damages for the company, in addition to harming its vision in the market”, he said.
The second point Bortolazo brings up is the so-called “ransomware as services”which occurs when a group of hackers sells their services, simplifying the contracting of attacks.
“Currently, an individual with little knowledge can contract the malware and carry out the attack. This simplicity in hiring and executing the attack has also contributed to the rise of this type of crime,” he explained.
The third point is the use of so-called “zero days”, which are faults that have not yet been discovered by anyone. Security researchers often sell these vulnerabilities to a particular company that owns the vulnerable software.
However, Bortolazo says that when the flaw is discovered by a cybercriminal, he does not disclose it to the company, but instead exploits the vulnerability. “Some take years for researchers to discover, while an attacker has freely used them to install malware, create a connection to the server and steal data.”
According to him, the problem with this type of vulnerability is precisely its novelty, since there is nothing that can be quickly corrected. “The company has ways to mitigate the effects of a zero day, but not to avoid it”.
Tendencies
According to Daniel Bortolazo, attacks against the “public cloud” have great potential for growth. Public cloud is a cloud system managed by a provider, not a company’s private property.
For the specialist, this trend is reinforced, as a growing number of companies are adhering to this system, “but without notions of how to operate on that platform, compromising the security of their data”.
In addition, attacks on IoT’s, internet of things devices, such as smart TV devices and security cameras, also have growth potential. Or even against IoMT (Internet of Medical Things), a device that controls a pacemaker, for example.
In general, they are products with a high degree of sensitivity when it comes to security, due to their simplicity and the lower frequency of updates they receive.
Finally, the OT’s (operation technologies), a cut of the IoT. These are industrial devices—a dam gate, electricity controller, or water treatment, for example.
These are also sensitive devices, however, with great potential for physical harm to businesses.
Prevention of attacks
Daniel Bortolazo says that it is not enough just to leave the software of updated equipment. “This measure is a tactical action, but it needs to be embedded in an elaborate strategy”.
The specialist lists four important points for companies to be aware of. The first one is to carry out an analysis of what would be the impact of an eventual data leak or kidnapping for the business.
“The level of risk acceptance of each company is different. One must ask: what consequence of the attack? How does it impact my business?”.
Based on the conclusions of this questioning, the corporation must plan how much it is willing to invest in security, processes and internal policies to combat and mitigate cyberattacks.
Second, Bortolazo mentions that companies need to obtain ways to access their systems, both those that are in the private infrastructure (the datacenter) or systems that are in a public cloud, as well as computers for remote use.
This feature of easy access to data and users is important so that a mapping is put into practice and the company has better guidance on where its data is.
The third point is to have an incident response plan prepared. The specialist recalls that, in addition, it is important that this plan is “tested and revised whenever possible”, repairing specific flaws that will eventually be found.
Finally, the fourth point is the implementation of a “zero trust strategy”. It is about “trusting nothing and inspecting everything”. The company lists a data or device that it wants to protect and tries to limit as much as possible any type of access to the content, even by other internal users.
Source: CNN Brasil
I am Sophia william, author of World Stock Market. I have a degree in journalism from the University of Missouri and I have worked as a reporter for several news websites. I have a passion for writing and informing people about the latest news and events happening in the world. I strive to be accurate and unbiased in my reporting, and I hope to provide readers with valuable information that they can use to make informed decisions.
