A hacker holding assets hostage for a hefty ransom was once a common storyline in many a Hollywood movie, but this act has quickly become one of the leading real-life cyber-attack strategies against companies and private individuals.
Ransomware, as the name suggests, is a malware designed to make a target’s data unusable or to block access to systems until a ransom – typically in hard-to-trace digital currency – is paid.
It differs from other types of cyber attacks in that the objective is to make the victim pay the perpetrator directly, while other types of malware attacks often take more effort to monetise.
The lucrative and fast payoff, combined with the stealth and relative anonymity of the transactions, has made this kind of cyber attack increasingly attractive to criminals.
Here in Cayman, ransomware threats are very much on the radar of cyber-security specialists and government agencies.
“It’s a very real risk for anybody that’s connected to the internet, any system that’s internet-facing,” government’s Chief Information Security Officer Pamela Greene told the Cayman Compass.
Deloitte & Touche LLP risk advisory director Wayne Green points out that ransomware and cyber attacks have moved away from basement operations to a full commercial enterprise, a view colleague Alexandra Forssell, also a risk advisory director, shared.
“It is really cyber warfare. You deal with very sophisticated, not just individuals, but organisations. They run like real businesses. They go to work every day, do their job… they have customer service, 24-hour support,” she said.
“It is not unlike families being willing to pay kidnappers whatever is required to release their loved one from captivity. Given the parallels in criminal strategy, it may not be surprising that the methods used by teams dealing with human kidnapping incidents can be successfully adapted to a cyber-environment. As with any malware threat, prevention is the best defence.
However, it cannot eliminate the risk altogether.
“It is also necessary to prepare for a successful breach by establishing a ransomware incident response strategy with a well-defined protocol. This establishes clear negotiation guidelines that help to gain more time or follow the right steps to recover the data and/or prevent another attack. A clear protocol may also assist the organisations in assessing whether their data would be released upon payment or if they would run into a higher chance of being on the target list after the payment.”
- From January to July 31, 2021, US Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) received 2,084 ransomware complaints, resulting in $16.8M in losses.
- A 62 percent increase in reporting
- 20 percent increase in reported losses as compared to the same time frame in 2020.
The US Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) reported that “from January to July 31, 2021, the IC3 has received 2,084 ransomware complaints with over $16.8M in losses, a 62 percent increase in reporting and 20 percent increase in reported losses compared to the same time frame in 2020”.
Eric Goldstein, US Cybersecurity and Infrastructure Security Agency (CISA) executive assistant director for cybersecurity, said ransomware “continues to be a national security threat and a critical challenge, but it is not insurmountable”.
He made the statement in a recent advisory to organisations warning them to be vigilant against the threat. October is International Cyber Security Awareness Month and safeguarding against ransomware attacks is the focus for those within the industry.
The Cayman government has launched a campaign to raise local awareness on cyber safety and ransomware in particular.
It pointed to the impact of recent ransomware cyber attacks on US companies like Colonial Pipeline, which resulted in the shutdown of the largest pipeline system for refined oil products in the States; and the cyber attack on JBS, one of the largest global meat producers, which forced the closure of all meat storage operations in the US, Canada and Australia.
In both cases, the cyber criminals demanded payment in cryptocurrency, as has been the case with most ransomware attacks.
Financial Services Minister André Ebanks, in a statement for International Cyber Security Awareness Month on the rise in cyber threats, emphasised the need to be cyber safe.
“Given our ever-increasing reliance on digital devices, communications, and transactions – especially in a world changed so fundamentally by the COVID-19 pandemic – all members of the community play an important role in cyber safeguarding, at home, in our families, at work and in businesses,” he said in the statement.
Greene said a ransomware attack could start with an email.
“It could start with a phishing email with a malicious attachment. Simply clicking on that is the start of the process of the ransomware attacker gaining remote access to your infrastructure, to exploit your systems,” she said.