By the time you finish reading this statement, an organisation somewhere on the planet will have suffered a ransomware attack and will have at least some of its data encrypted.
On average, hackers launched an attack every 10 seconds in 2020. Less than five years ago, this figure was 40 seconds, demonstrating how the cybercrime economy relies on ransomware as a revenue generator.
What is ransomware?
Ransomware is a type of malicious software that prevents users from accessing the system or their personal files and demands a ransom to get it back. It affects all operating systems (Windows, Mac, Linux) and any device (PC, mobile, tablet).
Broadly speaking, there are two types of ransomware: blocking ransomware (affecting basic computer functions) and encrypting ransomware (encrypting individual files).
The most common ways for computers to become infected are by visiting a malicious website, opening a malicious attachment (e.g. that arrives in an email) or downloading malicious software.
Attacks doubled in 2021
According to research, the number of global ransomware attacks increased by 102% in the first half of 2021 compared to the start of 2020, and there is no sign of it slowing down. Teleworking, fuelled by the pandemic, is one of the causes of the increase in cases.
In general, the most affected sectors worldwide are health and utilities, but they differ by region. In Latin America, for example, communications companies and manufacturing are the hardest hit, followed by retail and finance. In Europe, the main sector affected is utilities, while in Asia it is insurance and legal consultancies.
It is estimated that in 2020 these attacks cost organisations around the world close to $20 trillion. This is almost 75% higher than in 2019.
Ransomware as a service: what is it?
The attackers have become more aggressive, in order to resume negotiations and secure the ransom payment.
They follow the ransomware as a service (RaaS) business model. But how does it work? A group of hackers generate ransomware and sell it on the deep web. This way, anyone, with no technical knowledge, can buy it and direct it to the target of their choice.
In recent years, there have been attacks against large companies, with large ransoms, as opposed to mass attacks, which generally require smaller amounts. One of the most recent was that suffered by Colonial Pipeline, a US oil giant, which had to suspend operations to resolve the threat.
Prevention is cure
Prevention is the best way to tackle this problem. To anticipate attacks in organisations, I recommend:
- Define and implement file backup policies. It is about establishing guidelines and periodically checking that they are being complied with. In Isbel we work to strengthen and develop the area of information security in companies. We also advise on best practices, among other activities.
- Train users. It is essential that employees are aware of and alert to threats and the risks of performing certain actions. There are also awareness programmes on the correct use of the company's digital assets, as well as phishing campaigns to assess the current state of awareness.
- Investing in IT security. In Uruguay, 45% of companies lack a specialised cybersecurity area, according to a study. It has become essential to have experts and adequate protection systems. It is highly recommended to have security plans, as well as to have well defined what software and/or hardware is convenient for the company to acquire.
- Keep software up to date. Keeping up to date with operating system updates and patches reduces the risk of attack.
Daniel AlanoProduct Line Analyst at Networking & Security.