REvil, Wizard Spider, Grief, Ragnar, they sound like they should be in a Marvel comic. But there’s nothing funny about these guys. Operating in countries that do not cooperate with international law agencies and not caring who they attack, including health care organisations, Ransomware gangs are on the increase.
Ransom money in the millions has been paid by some very respectable companies, in order to recover access to their data and keep their companies going. A quick trawl of the internet produces results that how diverse ransomware targets are. Whilst the largest target area appears to be the US, the UK targets have included Amey, Hackney Council, Wentworth Golf and Country Club, Scottish Environment Protection Agency, UK Research and Innovation and last month, Serco. (Source Blackfrog).
The way it works remains relatively the same, regardless of the method used. Criminal gangs hack into connected IT systems, lock access to them, and then sell a decryption key in exchange for payment in bitcoin. They have targeted schools, hospitals (you may remember the well reported attack on the NHS a couple of years ago), councils, airports, government bodies (local and central), insurance companies, this list is far from exhaustive.
Anyone who is connected to the internet, is vulnerable to a Ransomware attack. An emerging sweet spot though, is mid-sized companies that generate enough revenue to make them a target, but aren’t yet large enough to have dedicated cybersecurity resources on board.
Make no mistake, these hackers operate as organised gangs who compartmentalise themselves into specialties. Some specialise in identifying compromised systems and gaining access, whilst others handle the ransom negotiations. These hackers operate as organised gangs: some members specialise in identifying compromised systems and gaining access, while others handle the ransom negotiations. It is not uncommon for an investigation to see cryptocurrency transferred into many different cyberwallets). These gangs to have a ‘signature’ which is often recognizable. REvil and Psya have flair whilst Ryuk are somewhat robotic in their approach.
A worrying trend is that recently, these gangs have pivoted into extorting individuals. If victims don’t pay, their data is dumped online, or sold on the dark web to the highest bidder, and of course, there is no way of ensuring that the data isn’t sold anyway, regardless of the victim paying up.
Of course, most people don’t have incriminating or embarrassing data on their private systems, but some do, particularly important people in the public eye for whom data release can be at least damaging, if not crippling. According to a report from cybersecurity software firm Bitdefender, attacks increased by 485% in 2020 alone. “It’s taken off since Covid because we have more people working from home,” says Sophia, a crisis communications expert who specialises in advising companies who have been targeted by ransomware hackers. Poorly secured remote access logins are a common route in. “More of a digital environment leads to more points of entry for the attackers,” she says. “The last year and a half has been a whole new ballgame.”
So, if you are running a medium size business, or perhaps running a local organisation using your own home systems where you have personal data belonging to others which you are obliged to protect under the DPA2018/GDPR, then you are a target and you need to take some precautions against an attack of this nature. If you want to know more please don’t hesitate to contact us for a chat. We specialise in looking after SMEs and understand your challenges.