Business Plus

Ransomware

As the ransomware scourge keeps on escalating, businesses should pay more attention to their backup policies, writes Doug Casey

-

As ransomware attacks become more common and sophistica­ted, businesses need to bolster their back-up plans

The growing problem of cybercrime was highlighte­d recently by the ransomware attack on the Health Service Executive. The government decided not to pay the requested ransom, despite facing a much larger cost for sorting out the problem. Most businesses don’t have that luxury. If their PCs are locked up they have no choice but to pay up – unless they have backed-up their data.

The experience of most organisati­ons subjected to a ransomware attack is that they never recover all the encrypted data, so regular backup is absolutely vital. The extent of the growing ransomware threat is illustrate­d by the recent ‘State of Ransomware’ report from cybersecur­ity specialist Sophos. Its findings are very alarming, and highlight why the attack on the HSE was almost inevitable.

Sophos commission­ed research house Vanson Bourne to survey 5,400 IT decision makers across 30 countries, not including Ireland, in January and February 2021. The focus of the survey was mid to large organisati­ons, with half the respondent­s in each country employing 100 to 1,000 people, and the balance with up to 5,000 staff. The report’s key findings include:

37% of respondent­s were hit by ransomware in the last year.

54% of victims said the cybercrimi­nals succeeded in encrypting their data in the most significan­t attack.

On average, only two-thirds of the encrypted data was restored after the ransom was paid. l The average ransom paid was $170,000.

Sophos believes that many attackers have moved from generic, automated phishing attacks to more targeted attacks that include hands-on keyboard hacking. Its survey findings point to attacker preference for large organisati­ons, as they are likely to be a more lucrative target. However, one in three smaller organisati­ons in the survey cohort were hit by ransomware in the last year too.

Based on the survey responses, Sophos concludes that ransomware attackers concentrat­e their efforts on rich countries. One exception is Japan, which has very low levels of ransomware. The Sophos report muses: “It may be that the Japanese have invested heavily in antiransom­ware defences, or that the unique nature of the Japanese language makes it a more challengin­g target for adversarie­s.”

As for sectors, retail and education suffer the most ransomware attacks, while healthcare is below average. “Healthcare’s over representa­tion in news reports is likely due to regulatory obligation­s that require healthcare organisati­ons to reveal an attack, while many businesses can keep them private,” says Sophos. Though healthcare experience­d a belowavera­ge number of attacks, attackers succeeded in encrypting files in almost two-thirds of incidents, which is considerab­ly above average.

Not all recorded ransomware attacks succeed. Sophos reports that in 2020 there was a large drop in the percentage of attacks where the criminals succeeded in encrypting data, down from 73% to 54%. This is partly due to increased adoption of anti-ransomware technology, but also because of a change of approach by the criminals.

The Sophos survey found that the proportion of attacks where data was not encrypted but the victim was still subject to extortion has more than doubled. As was the case with the HSE, attackers steal data and then threaten to publish it unless the ransom demand is paid. This approach has become more appealing due to GDPR. “Adversarie­s often leverage the punitive fines for data breaches in their demands in a further effort to make victims pay up,” says Sophos.

Across the survey, of respondent­s whose data had been encrypted, Sophos asked whether they had recovered their data. One-third paid the ransom, an increase on 26% reported the previous year, while 57% were able to use backups to restore their data.

The propensity to pay the ransom demand largely depends on the efficacy of backups. Sophos notes that companies in the energy, oil/gas and utilities sector are most likely to pay the ransom. This sector often relies on legacy computer infrastruc­ture, so

 ??  ??

Newspapers in English

Newspapers from Ireland