Delhi: As per Col. Inderjeet Singh, Cyber Security Expert, Director General, Cyber Security Association of India, past year has been defined by the COVID-19 virus affecting the entire world, including the cyberworld. The COVID-19 pandemic has brought about a change in working conditions – working from home and will continue to do so for many months ahead and cybercriminals are exploiting this.
Cybercriminals used pandemic to their advantage, spreading scams and phishing attacks to exploit people’s weaknesses during these testing times. Ransomware attacks continued to thrive this year, pitilessly attacking education institutions and pharma industries.
Threats such as stalkerware and adware, flourished due to people being forced into lockdown and likely spending more time on their mobile devices.
Cybercriminals began to promote mobile adware more heavily to younger audiences via popular social platforms like YouTube, TikTok, and Instagram.
As per Col. Inderjeet, " Previously, a significant number of organizations did not allow employees to work from home, especially in highly regulated industries like manufacturing, critical infrastructure, banking and healthcare. Therefore, many of these organizations had few policies or remote capacity in place. They were forced to enable remote work virtually overnight, creating vulnerabilities that cybercriminals did not hesitate to exploit."
Cybercriminals use Ransomware, which is a form of malware that encrypts a victim's files. Once the Ransomware has infected files on the computer, it will ask to pay a ransom - usually in cryptocurrency — in exchange for decrypting the data or unlocking the computer and to restore access to their data via a decryption key.
There are a number of attack vectors through which Ransomware can gain unauthorized access into victims’ databases. One of the most prominent ways used to access victims’ computers is phishing emails and email attachments.
Cybercriminals make these emails look trustable and trick the users to open them. Once these emails are opened and attachments are downloaded, the attackers take over the victims’ computers.
These attackers demand ransom to recuperate encrypted files and avoid the release of stolen sensitive data.
To further pressurize the victims, Ransomware criminals have created pages on the Deepweb and Darkweb where they post samples of stolen data letting victims know the types of data staged for release if payment is not received.
Also Read: Deepfakes: The dark side of Artificial Intelligence
In the past, Ransomware required criminals to be very well-versed in coding. However, today’s cybercriminals are much savvier and work with third-party programmers. This phenomenon is not all that different from Software-as-a-Service (SaaS). Instead of useful, problem-solving software, Ransomware-as-a-Service (RaaS) lives in the shadows of the internet. Developers are creating and selling products that make Ransomware easier to deploy.
Also Read: How to Address Cloud Security Challenges explains Col. Inderjeet, DG, CSAI
- Ransomware costs businesses billions of dollars each year and by the end of 2019, cybercriminals were using Ransomware that made off with a reported $11.5 billion in ransom payments.
- Double extortion Ransomware attacks first emerged in late 2019 and escalated in early 2020.
- Ransomware has taken quite a swing in 2020. It has grown at an alarming rate, becoming a threat affecting thousands of businesses and organizations worldwide. By the end of 2020, that number is projected to reach $20 billion.
While 2020 presented many cybersecurity threats, the year's overriding theme was relentless and often highly destructive Ransomware attacks. The attacker demands a ransom payment ranging from a few hundred dollars to hundreds of thousands, and criminals often ask for payment in a cryptocurrency like Bitcoin.
Also Read: Phishing attacks on the rise during COVID-19 pandemic
We saw an increase in the volume of attacks across all vectors. Most notable was the dramatic rise in ransomware attacks. There was more than one type of Ransomware and with new Ransomware threats constantly appearing it can be hard to keep track of them all.
At the beginning of the year, there was an increase in ransomware attacks in the early pandemic months.
- Ransomware grew by 20% during March and April in comparison to January and February this year.
- Multiple Ransomware attacks targeted hospitals this year, despite threat actors publicly stating they would stop targeting hospitals.
- In addition to Ransomware attacks against healthcare institutions, companies like Garmin, Jack Daniels, and the Ritz London were hit with Ransomware.
- Other notable victims of ransomware attacks in 2020, which paid ransom demands up into the millions, include the University of California San Francisco, Travelex, and defense contractor Communications & Power Industries (CPI) in California.
In June 2020, as many as 13 ransomware crime syndicates were detected, known to leak stolen data if the demanded ransom is not paid.
- Developed by the Maze ransomware group, this attack style is increasingly the norm, particularly when targeting organizations with extremely sensitive data, like the healthcare industry.
- By the end of the third quarter, 67.3 million Ryuk attacks had been detected, representing 33.7% of all 2020 ransomware attacks.
- Interestingly, Ryuk is relatively new—first discovered in 2018. However, its presence dramatically increased in 2020 and caused a massive amount of damage to the healthcare sector.
- Ryuk is particularly concerning because it often follows a multi-stage attack preceded by Emotet and TrickBot malware. If a Ryuk succeeds within an organization, its systems are likely infected with several types of malware.
According to recent ransomware statistics from cybersecurity firm Coveware, following are the most widely reported causes of data breaches in 2020:
- REvil (Sodinokibi) - Ransomware program that’s difficult to detect
- Maze - Data-stealing ransomware that threatens to sell your data.
- Phobos - Ransomware that locks productivity documents.
Interestingly, operators of LockBit and Ragnar Locker strains joined forces with Maze, which was at one time became the “industry leader”. Later, all three groups post data stolen in various attacks on Maze’s data leak site. Maze and Sodinokibi operators were the most active in the second quarter of the year.
Surprisingly, on 1st Nov 2020, Maze Ransomware declared its retirement. And they posted the retirement announcement on the website where they would normally name and shame their victims that we're unwilling to pay the ransom.
The year 2020 has seen a rise in the ransom demanded by hackers, which has increased by 60 percent since the start of the year to $178,000 on average. There is a shift from previous years to more sophisticated methods of attack.
Recent cybersecurity attacks take a more targeted approach, rather than the spray-and-pray tactics of past years. In 2020, hackers have exploited the COVID-19 pandemic by sending COVID-related phishing emails. Server vulnerability exploits remain the most common ransomware attack vector and are on the rise, despite taking a dip in 2019.
As per Col. Inderjeet, Although Ransomware- as-a-Service offerings were not first introduced in 2020, there was a dramatic growth in these services' utilization. Until recently, if someone wanted to launch an attack, the level of required technical knowledge was significant, especially for launching advanced attacks like polymorphic malware, supply chain attacks, code compression packers, and fileless malware. Now criminals can go onto the dark web and purchase these kinds of attacks, sharply reducing the required technical skill.
Ransomware attacks have become so common that it’s no longer a matter of how many cyberattacks happen per day — that metric is now measured in seconds. Every 14 seconds, a new organization gets hit by ransomware.
Schools, healthcare providers and even government institutions have all become victims of ransomware attacks by cybercriminals. With even crucial public services being shut down, ransomware is now a global threat to businesses and individuals alike.
By 2021, a company will be hit by ransomware every 11 seconds.
Col. Inderjeet said that Ransomware attacks don’t just cause monetary damage. In the United States alone, 764 healthcare providers temporarily stopped operations because of ransomware in 2019, as well as 113 government institutions and 1,233 universities and school districts. These attacks can have a huge impact on the lives of citizens who depend on those services and can potentially be fatal. In 2020, 73 percent of all ransomware attacks were successful. However, 24 percent of attacks were intercepted before they could encrypt any data.
The cornerstone of all the best ransomware defense strategies is having a reliable online backup, as well as local backups on different devices. As long as your data is backed up to the cloud, you can simply restore your system to its previous state, before it was infected by the ransomware attack.
Unfortunately, having a backup can’t stop cybercriminals from holding your data hostage and threatening to sell it on the dark web. A zero-trust approach to cybersecurity is essential for keeping your data safe. This includes a multifactor authentication system for logins on company devices and keeping no more data than is necessary on those devices.
Ransomware attacks have caused quite a bit of damage, and not just in money paid to ransomware attacks. So, what will the projected cost of cybercrime be in 2021? Only time will tell.
You can follow Col. Inderjeet on twitter @inderbarara, insta:inderbarara
Also Read: Ransomware Targets Healthcare Systems
