Jan-Feb-Mar 2021
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
SECURITYUPDATE<br />
"Research shows that new ransomware can easily steal users' data to extort a victim.<br />
Since data loss is a growing concern for companies and individual users, these attacks<br />
are becoming increasingly prevalent and sophisticated. While large organisations are<br />
targeted the most, COVID-19, and a shift to remote working has triggered an influx of<br />
individuals being victimised, which can only be mitigated by implementing the correct,<br />
responsible security measures."<br />
only encourage cybercriminals.<br />
Furthermore, this can come at a huge<br />
financial cost - according to Safety<br />
Detectives, the average requested ransom<br />
amount has risen from $4,300 in 2018 to<br />
$8,100 just two years later. Cybersecurity<br />
Ventures have also predicted that the<br />
damage caused by ransomware would be<br />
more than 20 billion USD in <strong>2021</strong>. That<br />
said, there is also no guarantee that you'll<br />
be able to decrypt files after paying a<br />
ransom or that your stolen data will not<br />
be sold to competitors or other criminals.<br />
DATA LEAKS, ENCRYPTION<br />
AND INFECTION<br />
A particularly vicious ransomware<br />
technique involves stealing data from a<br />
victim and then encrypting files on<br />
infected computers. Attackers threaten the<br />
victim by publishing a portion of stolen<br />
data on the dark web and demanding a<br />
ransom fee in return - regardless of<br />
whether the victim has backups to recover<br />
their data. This is a particular concern for<br />
a company which operates with customer<br />
data - if the data is leaked publicly, they<br />
could incur hefty fines. This approach is<br />
known as double extortion.<br />
The methods of infecting ransomware<br />
have remained almost the same in 2020.<br />
According to figures from Ransomware<br />
Detectives, 67% of attacks stem from<br />
spam and phishing emails, 36% are due<br />
to inherent human factors such as when<br />
users are not trained well enough and<br />
30% are due to weak passwords and<br />
insufficient access management. More<br />
specifically, the most popular methods to<br />
infect computers and infiltrate networks<br />
remain almost the same as in the past<br />
year: Remote Desktop Protocol<br />
Misconfigured public cloud instances,<br />
USB flash drive and other removable<br />
mediums.<br />
WHO IS BEING HIT HARDEST?<br />
In 2020, ransomware targeted North<br />
America with 33% of total attacks, Asia<br />
with 30% and Europe with 27%. Research<br />
from BlackFog demonstrates that<br />
developed countries across the globe are<br />
targeted more heavily, with the USA, UK<br />
and Australia hit most commonly,<br />
followed by Canada, Germany, Denmark,<br />
Japan and France. In extreme cases,<br />
some countries have been known to hire<br />
state-sponsored hackers to launch attacks<br />
against organisations (including those<br />
related to critical infrastructure) and<br />
competitors in rival countries.<br />
It is rather unsurprising that Windows is<br />
the most infected operating system, with<br />
85% of ransomware occurring on this<br />
interface. A considerably lower amount<br />
(7%) occurs in both macOS and iOS, and<br />
merely 5% attack Android platforms.<br />
However, trends seem to be shifting as<br />
macOS is increasingly being targeted by<br />
ransomware creators - since 2018,<br />
detection of malware on Mac devices<br />
has doubled.<br />
For organisations, BlackFog reports that<br />
companies with a low tolerance for<br />
downtime are the most vulnerable to be<br />
targeted by ransomware criminality - such<br />
as manufacturing companies, the<br />
professional services sector and<br />
government organisations. This is because<br />
hackers choose organisations that cannot<br />
afford significant downtime, or because<br />
an attack will mean they face regulatory<br />
fines if they handle public data. For these<br />
reasons, they are more likely to pay the<br />
ransom. With pressure on the public<br />
sector particularly intense this year as a<br />
result of Coronavirus, attacks on<br />
healthcare and educational organisations<br />
have grown.<br />
2020 saw ransomware attacks grow in<br />
virulence, with attackers taking advantage<br />
of remote work vulnerabilities. Research<br />
shows that new ransomware can easily<br />
steal users' data to extort a victim. Since<br />
data loss is a growing concern for<br />
companies and individual users, these<br />
attacks are becoming increasingly<br />
prevalent and sophisticated. While large<br />
organisations are targeted the most,<br />
COVID-19, and a shift to remote working<br />
has triggered an influx of individuals<br />
being victimised, which can only be<br />
mitigated by implementing the correct,<br />
responsible security measures.<br />
No matter how careful one can be,<br />
ransomware on a global level is unlikely<br />
to be conquered any time soon. NC<br />
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards JANUARY/FEBRUARY <strong>2021</strong> NETWORKcomputing 25