Tag Archive for: Ransomware

What if we made ransomware payments illegal?

/in


The September 2023 ransomware attacks against Las Vegas casinos are a great opportunity to examine the challenges enterprises face when they are attacked by ransomware.

In a sort of “Choose Your Own Adventure” version of addressing the problem, while Caesars reportedly paid a $15 milllion ransom to the perpetrators (Scattered Spider) and quickly returned to normal operations, MGM chose not to pay the same group when they were attacked. MGM’s choice, while aligned with the  U.S. Government’s stance on ransomware payments, resulted in 10+ days of impact to MGM that generated a reported loss of $100 millon.

It doesn’t take a math wiz to realize that the choice Caesar’s made was $85 million less expensive than the route MGM took, and that’s before accounting for whatever losses were covered by their cyber insurance policy.

With that in mind, why does the federal government still strongly advise against paying the ransom? Answer: The government (FBI) focuses on the big picture, not any single event. Paying ransom addresses an immediate problem, while not paying ransom exponentially increases the immediate pain. The former focuses on one’s own needs as a company or security practitioner, while the latter requires accepting the consequences of upholding a policy that’s in everyone’s best interest.

The divergent responses to the casino attacks demonstrated that not everyone will accept a bigger loss to uphold a greater good. We can’t expect to address that through volunteerism, particularly when quarterly profits are the most important metric for profit-making companies. The leaders get paid for meeting that metric. When our eyes are focused on short-term goals, long-term needs are subordinated, and business leaders don’t willingly make decisions that require them to suffer for the benefit of others.

Since cybercriminals are motivated almost exclusively by money, if they know organizations are willing to pay ransom to regain access to their systems and data – even without guarantees the criminals will deliver on those promises – they have a perpetually strong business model. When we also consider that there are at least 100 active ransomware gangs ranging from…

Source…

Manufacturing sector top target for ransomware attacks last year

/in


Palo Alto said UK manufacturers and professional and legal services are most at risk of ransomware attacks.

The UK’s manufacturing sector is the prime target for ransomware attacks, according to data from Palo Alto Networks’ threat intelligence arm, Unit 42, seen by City A.M.

In 2023, manufacturers bore the brunt of ransomware assaults, accounting for 17.2 per cent of all attacks recorded in the UK, totalling 45 incidents.

They are particularly at risk due to their low tolerance for operational disruption, which can negatively impact production, cyber security company Palo Alto said.

With only one fewer incident last year, professional and legal services followed closely behind, suffering 16.9 per cent of ransomware attacks, as cyber criminals targeted sensitive data.

In 2023, the first year the study has been conducted, 261 ransomware attacks targeted UK organisations.

The UK’s technology and education sectors both experienced 8.4 per cent of attacks.

A ransomware attack is when hackers use malicious software to encrypt files or systems, demanding payment, often in cryptocurrency, for their release. The impact on businesses can include loss of data, reputational damage, regulatory penalties and higher insurance premiums.

Palo Alto Networks recently released a separate report, revealing that the frequency of cyber assaults on UK companies has surged, with attacks occurring on a monthly, weekly, and even daily basis for 76 per cent of respondents.

Amid the rise, regulatory pressure is mounting on companies, particularly in critical infrastructure sectors, to enhance their cyber security measures.

For example, the Product Security and Telecommunications Infrastructure (PSTI) Act is coming into force on 29 April. It will require manufacturers of internet-connected or ‘smart’ products to ensure they meet minimum security requirements, protecting consumers.

Similarly tagged content:

Source…

Health Care Notes: Change victim of second ransomware attack | Health Care

/in


Earlier this week, a second ransomware group came after Nashville-based clearing house Change Healthcare, according to Becker’s Hospital Review. Hackers known as Ransom Hub claim to possess Change data and are asking for payment, or else they would sell the information on the dark web.  

Change confirmed to Becker’s that it was “aware of the reports.”

Belmont opens center for health discipline collaboration 

Source…

Compromised backups send ransomware recovery costs soaring

/in


There’s a common misperception that to defeat ransomware attacks, organizations must simply back up their systems and data. Unfortunately, that’s not necessarily the case. Organizations must back up their systems and data, but they must also protect those backups as if their business survivability depended on it, because it likely does.

Consider a report from cybersecurity firm Sophos, published last month, revealing an alarming trend: Ransomware attackers increasingly target and compromise victims’ backups. And, in doing so, they are increasingly crippling the victim’s ability to recover maliciously encrypted files without having to pay the ransom demand.  

Based on a survey of nearly 3,000 organizations hit by ransomware in the past year, the study found that a staggering 94% of respondents reported attempts by cybercriminals to compromise their backups during the attack. In specific sectors such as state and local government as well as media and entertainment, this figure soared to 99%.

Attackers know that when potential victims can simply recover their systems and data from backups, the attacker loses their leverage. However, by successfully compromising backups, the script is flipped: Victims lose any leverage they may have. And this drives the costs of ransomware relatively high. Data from Sophos’s survey shows that organizations whose backups were compromised faced the following:

  • 63% higher rate of data encryption, 85% vs 52% if backups are not compromised.
  • More than double the median ransom demand at $2.3 million compared to $1 million if backups remain intact
  • 67% paid the ransom, compared to just 36% if backups were available
  • A median ransom payment of $2 million is nearly double the $1.062 million paid by those with secure backups

Backups are the start

There is good news here: Lots of organizations are backing up their data. That’s a great start in the successful recovery from a ransomware attack. The bad news is that not enough organizations are protecting these backups from attack. Sophos found that attackers have very high success rates in some industries. For instance, the success rate of energy utilities’ backup compromises reached 79%. However, in IT/technology…

Source…