Blog A3Sec

What is ransomware?, all about one of the cyber-attacks on the rise

Since 2016, ransomware has emerged as one of the world's leading cyberattacks, causing impacts of ever-increasing proportions and putting companies around the globe at risk.

Last year we recorded several of the highest impact attacks having ransomware as the protagonist, including those suffered by the US pipeline operator Colonial Pipeline Company (US$5 million ransom), the meat producer JBS (US$11 million ransom) or the agricultural sector firm New Cooperative (US$5.9 million extortion).

Ransomware is a type of malicious software that started out as a program that initially infected a system, encrypted the information and blocked it so that users could not have any kind of access, which meant that they were subjected to the requests of cybercriminals who extorted them for a certain payment, however, over time it has evolved and the latest ones focus on copying the information and exposing it if the appropriate payment is not made.

After only a few years the tactics of cybercriminals have diversified and become more powerful as technologies have evolved, with the result that since 2017 nearly 500 different families of ransomware have been discovered.

Some of the most common methods in which ransomware currently operates is locking device screens, encrypting information or changing passwords; however, tactics can vary in multiple ways.

The specialized firm A3Sec analysts point out that most of these attacks are carried out through social engineering, that is, through techniques that exploit common vulnerabilities in users' online behavior in order to steal information.

But in a scenario in which data has become one of the most valuable assets in the digital era, the costs associated with ransomware attacks can be in the millions for organizations, not only because of the cost of these attacks themselves, but also because of the aspects that must be solved once the situation has become public.

 

The Ransomware Impacts

According to figures released by Statista, in 2021 68.5% of companies were victims of ransomware worldwide, "the highest figure reported so far", showing a steady growth from 2018 when that percentage was 55.1%.

With the arrival of the pandemic, which caused many processes to turn to the virtual world, many companies that did not have consolidated cybersecurity policies were exposed to Internet threats.


According to figures from cybersecurity firm Tenable, more than 40 billion pieces of data were exposed worldwide last year, an increase of 78% compared to 2020. Some of the most exposed sectors were healthcare, followed by education and government.

The report also explains that cyberattackers who developed ransomware are increasingly resorting to double extortion, which refers to the collection of a ransom from the victims of this crime and the dissemination of advertisements on the dark web - the side of the Internet that traditional browsers do not access - with the files of those with whom they have not yet reached agreements. .  

On this topic, a report by the British firm Sophos Group points out that the costs of ransomware attacks can be highly variable according to the size, location and sector of the companies. In the document regarding The State of Ransomware 2021 it says that the average cost of rectifying one of these attacks was US$1.85 million worldwide on average, taking into account factors ranging from downtime to damage to technology infrastructure, hours spent by specialists and ransomware.

 

Cryptocurrency extortion

Due to the global boom in cryptocurrencies, extortions carried out by cyber attackers, and especially those using ransomware tactics, have increased through this modality.

The 2022 Crypto Crime Report, published by Chainalysis, reports that 2020 was the "year of ransomware" in the face of "huge growth" in cryptocurrency-based extortions, amid a bullish price scenario. (Chainalysis chart)

While 2016 saw global payments equivalent to US$24 million in cryptocurrency-based ransomware extortions, that figure jumped to US$152 million in 2019 and by 2020 reached a record US$692 million.

And although last year there was a possible reduction in payments made for this reason, they are still at high levels and stood at over US$602 million, although this could be a very underestimated figure due to how difficult it is to accurately track these movements, many of which are not reported by companies.