Ransomware attacks are on the rise once again. It is a type of malware that infects computer systems and demands payment, usually in the form of bitcoins. These are attacks where a malicious user takes control of a victim’s private information and asks for a ‘ransom’ in return of the information. I discussed ransomware attacks in detail in a previous post.
Ransomware attacks historically were targeted towards companies, individuals where the attack vectors were small but less risky. It required low to medium effort and payout (the ransom collected) was generally less too. However, in recent years, we have seen an increase in the number of ransomware attacks on large institutions, multi-national companies, state governments and even central governments.
Ransomware attack on Albany, NY
Earlier this year, the capital of New York state, Albany stated that it was hit by a ransomware attack on March, 2019. City Hall itself experienced a number of municipal service interruptions, too. Albany residents were told to go elsewhere to get birth certificates, death certificates or marriage licenses. Some residents complain that building and development applications haven’t been available via the city’s website.
The city shelled out approximately $300,000 USD to repair destroyed servers, patch vulnerable devices and install new firewall and other security measures. The attackers demanded payment via cryptocurrency which was never paid. Although the city of Albany suffered loss in data and functionality, their loss were not extreme since they had off site backups of their systems. Unfortunately, this is not the case everywhere.
Ransomware attack on Riviera Beach, Florida
A ransomware attack hit the Florida city of Riviera Beach on May 29 when someone in the local police department opened an infected email. Email, phones, Police records, public Works, City Attorney’s Office, library, all of it were down. Even the 911 dispatch stopped working due to the nature of the attack. Earlier in 2019, the city’s Interim IT Manager found that most of the city’s security measure were so outdated that the manufacturers were not even making those devices any more. Even though the city authorized the purchase of a new system for $798,419, it was never installed.
In June 2019, the city officials decided that they would give in to the hackers’ demands and pay almost $600,000 USD in the form of 65 bitcoins as ransom to get access to their blocked data. This resulted in one of the biggest ransom paid to cyber criminals in recent US history.
Ransomware on Demant, Poland
Demant, one of the world’s largest manufacturers of hearing aids was hit by a ransomware in September 2019. The impact was so significant that the company had to shut down its entire internal IT infrastructure following what it initially described as “a critical incident.”
It was later announced that to recover the lost revenue due to loss in production, it cost Demant a whopping $95 million. This incident is going to have lasting impacts on the company and it would take them some time recover from this setback.
Why do these attacks keep happening?
There are a number of reasons from old security systems to insufficient resources when it comes to ransomware attacks.
1. Social engineering
The biggest reason for ransomware (and any other attack in general) is user negligence. In almost all the cases mentioned above, someone from the internal network of the company opened a spam email, downloaded a malicious application or a combination of both. This resulted in the ransomware ‘spreading’ in the internal network.
It should be noted that not all ransomware malware can spread on their own. Several times it needs to be opened and installed on individual computers to spread. This means if an employee opens a forwards the link to a vulnerable application to their colleagues, they could all install the ransomware on their devices. These are all part of social engineering tactics used by attackers to make people open their links. Employees should be educated and training should be set up from time to time in order to help even the least tech savvy people understand the threats and mitigation. I have explained some of these tactics in detail in a previous post.
2. Governments and companies reluctant to spend money on cyber security infrastructure
Governments and private companies have usually been reluctant to spend money on beefing up their cyber security infrastructure and their security resources. Threat vectors have changed in the past few years but companies (and even governments) are still using legacy equipment and end-of-life systems in their network. It is time for state and local leaders to rally support around a well-resourced cyber-security strategy. The National Association of State Chief Information Officers (NASCIO) put out their top ten priorities of the new year and cyber security was the top spot.
3. Lack of expertise in cyber security
There is a tremendous dearth of cyber security talent in the industry right now. What companies need right now are analysts and consultants with focus on cyber security. Companies right now are taking a ‘reactive approach rather than proactive’ towards cyber security. Several times, new versions and patches for vulnerable systems are made available to the industry but are not installed because of lack of expertise and proper planning.
One reason for this is the lack of importance on security given in school systems. There has been a major shift in that thinking lately and I hope the coming decade will see a rise in security experts (something that the tech world needs desperately).
Conclusion
The new decade is supposed to be game changing when it comes to both cyber security attacks and preventative measures. Artificial intelligence and machine learning are going to play a huge role in every field especially cyber security. Automation is another tool that hackers are using (and will continue to take advantage of) in the coming years.
We, as citizens, need to do our due diligence. We need to make sure we are suspicious for spam links, scam calls. We should also ensure that we have a trusted anti-virus software installed on our systems and patch our laptops for vulnerable applications.
Hackers will continue to innovate and find new ways of taking advantage of people. As always, I will continue making you aware of the threats out there. Be vigilant for the ‘web is dark and full of terrors‘.
Very very nicely written article. Kindly suggest how to prevent hacking in bank accounts specially in India, because I had bad experience in my account. We will highly thankful if give remedy for hacking in Indian scinerio.