A few months ago the news came up that for the first time a government paid a ransom to a cybercriminal group. It was about digital kidnapping (ransomware) from the local government of Riviera Beach (Florida city of 35,000 inhabitants). This mode of cyberattack consists of a criminal act in which an offender manages to encrypt all the victim's data through a malicious program that blocks the computer and asks for a payment for unlocking them.
Most of these cases are resolved by paying a ransom
Attacks of ransomware They have already been perpetrated previously in the systems of American cities such as Baltimore, Atlanta or New Jersey. Cases that are integrated into the more than 6,000 million computers, both individuals and small and medium enterprises, which have been affected in 2019 by this type of offensive. Behind them are criminal groups that have been performing and perfecting throughout the planet for years. In 2017, Telefónica had to deal with an extortion of this type that affected much of its data and the files of its employees; and, like her, hundreds of companies worldwide (Mondelez, DLA Piper, Maersk, Merck Sharp & Dohme, Saint Gobain …).
Although not recognized publicly, most of these cases – if not all – are resolved by paying a ransom that is always very large because cybercriminals know that large companies and public corporations can afford them. In the specific case of the city of Florida, where a sum of 526,914 euros was paid in bitcoins to the kidnappers. The group had left the city without its computer system and requested ransom through this means of payment so as not to be tracked.
In addition to the rescue, the cost of reconfiguration of the system was 800,000 euros. After such a contamination, the damaged computers have to be sanitized, inspected for any vulnerability and be provided with all the information they contained before the blockade.
Normally, victims of economic extortion do not make it public because of the cost in reputation that this entails. That is, the known cases are only the tip of the iceberg, so it is logical to think that if more and more cases are known, the problem has been increasing for years.
The FBI invented about 1,493 attacks last 2018 ransomware to subjects who were forced to pay a total of 3,161,484 euros to the kidnappers. That is an average of 2,107 euros per assault. In Spain, according to data from the National Center for Critical Infrastructure Protection (CNPIC), in 2018 there were 54 attacks against critical infrastructures of the Administration (120,000 to companies). And is that the ransomware It draws on the lack of security in several areas, such as the execution control of software malicious, which can be mitigated with an antivirus. Another factor that facilitates a plunder of this type is the lack of control in the user platform, which can be placated with good monitoring of local security and user policies. But the most important and the main reason that hundreds of companies have had to pay bailouts of thousands of euros are the bad policies of backup, which can be supplied with a specific monitoring of the backup copies.
It is not about having an antivirus, good local computer management planning or a policy of backup. It is about monitoring that the tools are being used well, because what is the use of having an outdated antivirus or not installed in each and every one of the machines in my organization? What is the use of having an outdated backup of six years ago months? Monitoring precisely helps to visualize which equipment is most vulnerable and to verify that our security equipment is up to date and prepared for any threat.
No one can stop an attack of ransomware With 100% efficiency, but it is possible to prevent it, interrupt its course and in the worst case, have a recovery plan.
It cannot be understood that today these malicious attacks still occur when tools are available. The problem often lies in the fact that these basic tools to control technology are not taken into account.
Sancho Lerena is a computer engineer and founder of Pandora FMS
. (tagsToTranslate) threat (t) digital kidnapping (t) fbi (t) inventory (t) passed (t) 2018 (t) 1,493 (t) attack (t) ransomware (t) subject (t) see ( t) force (t) pay (t) total (t) 3,161,484 euros (t) kidnapper