Kaspersky dubbed 2019 ‘the year of ransomware attacks on municipalities’. This followed research which showed that hundreds of municipal institutions across the globe were targeted by ransomware during the last year – where South Africa was not immune. While attacks on municipalities continue and remain a worry, ransomware is also being used for targeting other public entities – and is becoming more targeted and the pattern of enticing forced payment is developing in 2020.
Speaking on the company’s research during a recent Kaspersky Partner conference held in Cape Town, Maher Yamout, Senior Security Researcher for the Global Research and Analysis Team at Kaspersky, said: “Municipalities remain a target for ransomware attacks, evident by the 60% increase we saw in these attacks globally from the 2018 figure. However, 2020 has already marked the trend where other public/community entities, even low-funded public non-profitable organisations (NPOs) that were not targeted that actively before, such as libraries or religious centres, are also falling victim to this type of attack.”
“This trend is also leading to a complete and full de-romanticising of hacking, as the image many people once held of hackers as ‘political warriors’ is rapidly changing as more people come to understand and accept that unethical hacking is a preserve of criminals,” adds Yamout.
Kaspersky notes that the most distinctive trend is that ransomware is becoming increasingly more targeted. While 2019 saw ransomware exploits being highly targeted against specific businesses, as well as local Government organisations, attackers are now spending more and more time on intelligence gathering to penetrate targets’ security perimeters The researchers gathered at the conference have also noted that they see more and more cases where attacks are performed manually, in a time-consuming, yet efficient manner that was not very typical for small-scale attackers previously.
Further to this, Kaspersky research has highlighted that ransomware continues to look for new angles and leverages to force victims to pay.
“The pattern we are seeing actively developing in 2020 is that instead of making files unrecoverable, threat actors threaten to publish data that they have stolen from the victim company. We already see threat actors creating websites dedicated specifically for publishing gigabytes of stolen corporate data,” says Yamout.
In 2019, Kaspersky detected more than 120,000 ransomware attacks in South Africa. The figure, to date, for 2020 is only 4,000, in 2 months into the year. However, the researchers note that this decrease is a sign of the attackers focusing on quality instead of quantity. The largest share (20%) of these attacks were performed with ransomware previously seen among the top-3 malware that encrypted cities in 2019 and which are now responsible for the largest share of ransomware attacks targeting South Africa.
Commenting on the ransomware issues in the region, Eugene Kaspersky, CEO of Kaspersky, said: “The nature of the threat landscape leads to a ‘survival of the fittest’ scenario, with ransomware writers and distributors adjusting and updating their arsenals constantly. However, one thing remains stable: the companies that keep cyber-protection as a top priority and that have dedicated professionals to monitor the situation are not subject to the vast majority of attacks, and may be quite close to being almost immune. Even for smaller organisations, with no security departments, there needs to be a good basic level of security to ensure that they are protected. This means arming oneself with quality security solutions and keeping them up to date; only this will make the cost of a cyberattack far outweigh any benefit to the attacker.”
Aspects to be considered include:
- It is essential to install all security updates as soon as they appear. Most cyberattacks are possible by exploiting vulnerabilities that have already been reported and addressed, so installing the latest security updates lowers the chances of an attack
- Protect remote access to corporate networks by VPN and use secure passwords for domain accounts
- Always update your operating system to eliminate recent vulnerabilities and use a robust security solution with updated databases
- Always have fresh back-up copies of your files so you can replace them in case they are lost (e.g. due to malware or a broken device) and store them not only on the physical object but also in cloud storage for greater reliability
- Remember that ransomware is a criminal offence. You shouldn’t pay a ransom. If you become a victim, report it to your local law enforcement agency. Try to find a decryptor on the internet first – some of them are available for free here: https://noransom.kaspersky.com
- Educating staff in cybersecurity hygiene is necessary to prevent attacks from happening. Kaspersky Interactive Protection Simulation Games offer a special scenario for local public administration that is focused on threats relevant for them
- Use a security solution for the organisation to protect business data from ransomware such as Kaspersky Endpoint Security for Business. The product has behaviour detection, anomaly control and exploit prevention capabilities that detect known and unknown threats and prevent malicious activity
- One can enhance their preferred third-party security solution with free Kaspersky Anti-Ransomware Tool
Photo by Michael Geiger on Unsplash / Article by www.smetechguru.co.za