Payment Security 101
Learn about payment fraud and how to prevent it
Ransomware is a type of malicious software that infiltrates your device and renders the files unusable until a ransom is paid. By encrypting your data and preventing access to it, it is nearly impossible for organisations to decrypt and recover their files. Even when a ransom is paid, there is no guarantee that the encrypted files can be recovered in full. In fact, by paying the ransom, you’re more likely to be targeted for future attacks.
Aside from data loss and system damage, organisations attacked by ransomware are also at risk of reputational damage and a disruption to normal operations which can all contribute to a decrease in revenue.
Ransomware statistics show that attacks are on the rise worldwide and aren’t showing any signs of slowing down. Want to find out how critical ransomware is in 2022? Let the numbers speak for itself:
Ransomware payments have grown year on year especially with the rise of attacks on businesses of all sizes. Attackers are constantly coming up with new ways that are more disruptive and damaging with debilitating impacts on business operations.
Despite promises by ransomware attackers that data will be returned once payment has been made, this is often not the case. Attacker provided decrypters often fail and there’s no guarantee the stolen data hasn’t already been deleted or sold on the black market.
The shift to remote work in 2020 as exacerbated by the pandemic provided attackers the golden opportunity for more aggressive and powerful attacks. By exploiting the fear and uncertainty of organisations navigating the new norm, users are more likely to click on questionable links which can install ransomware on their devices.
The low risk and high gains model of ransomware means attackers can send out phishing emails to a large number of organisations without many consequences. As long as a number of organisations continue paying the ransoms, attackers will be continually fuelled to develop more sophisticated ransomware to extort even greater funds.
A successful ransomware attack on a business costs the business both time, money, and energy to get back on their feet running. Lost productivity, missed revenue opportunities, and damaged data are just some of the short term ramifications of a ransomware attack.
Government bodies and cybersecurity experts all advise against paying a ransom as this encourages this activity to continue and puts organisations at risk for future attacks. A prevention first strategy is the key to minimising a ransomware attack.
The huge volume of phishing emails that are sent out on a daily basis to target vulnerable businesses means successful attacks are growing in number.
The rise in remote work has prompted attackers to take advantage of the uncertainty across the cyber landscape and exploit the security vulnerabilities that pertain to the home office.
Due to the anonymity of Bitcoin, cybercriminals can easily receive payment whilst keeping their identity hidden. Bitcoin’s accessibility and ease of use also increases the chance of victims paying the ransom.
Ransomware attacks often stop companies without security measures in place in their tracks. A halt in operations results in lost revenue and work which many organisations cannot afford. Employees are often laid off following a ransomware attack or in some extreme cases, the entire company shuts down.
One of the US’s biggest insurance companies – CNA Financial – experienced a ransomware attack that prevented it access to its core systems. The attackers asked for a $60 million ransom which was later negotiated to $40 million.
Data such as tax file numbers, bank account details, remuneration, and superannuation were all stolen with staff access to myGov being disabled.
One of its suppliers – Kojima Industries – was hit with a ransomware attack that disrupted its computer service system. The temporary halt across all of Toyota’s domestic productions lines impacted the production of approximately 13,000 vehicles.
Acer was hit by two ransomware attacks in 2021. The latter attack was claimed by the Russian REvil ransomware group which demanded a $50 million ransom. The stolen data was sent to reporters and posted on online forums.
Patient details such as medical data and personal information were all held hostage by the attackers with the department unable to access the data for approximately 3 weeks. A Bitcoin ransom was asked by the attackers to which the department reportedly paid.
Despite asking for much smaller ransoms ranging from $8000 to $10000, Dharma has made enormous volumes of attacks globally which has made it one of the most successful RaaS ever created.
However, in an odd twist of fate, TeslaCrypt released its master decryption key to its victims along with an apology note on May 2016.
22 flights were delayed as a result of the attack with the cybercriminals stating that they were willing to sell all 1.6TB of stolen data to a potential buyer.
Ransomware attacks are more common in countries with higher internet connected populations. Tensions between the US and Russia are also thought to have influenced the boom with beliefs that Russia is the main mastermind behind the ransomware attacks.
With more than 50% of victims paying the ransom and an increase of 80% in ransom demands, it’s no surprise that both businesses and home users have contributed to the billion-dollar industry.
As remote work was in full swing in 2021, the cost of a ransomware data breach reached an all time high. Remote workforces took longer to contain breaches with an average of 58 days to identify the attack.
Ransomware variants are on the rise making it the fastest growing form of cybercrime. There have been exponential increases in year on year ransomware attacks so it’s vital that organisations have countermeasures in place to prevent and limit the impact of them.
Australia ranks 7th globally in terms of most ransomware attacks with the commercial and professional services sector receiving 37% of all attacks.
With RaaS on the rise, it’s become even easier for cybercriminals to deploy ransomware to vulnerable organisations. Australian businesses are advised to invest in both employee security training and defence mechanisms to minimise their chances of falling victim to ransomware.
Australian companies received 10% more ransomware attacks than the global average in 2020 with approximately a third of the victims paying the ransom. This has resulted in an average cost of $1.25 million for each data breach.
Between 2020 and 2021, the United States received 732 ransomware attacks which accounted for 76% of the top 5 countries’ attacks.
Factories often use a variety of specialised equipment and software to get items manufactured which provides attackers with a wide surface area to target. Not all of the vast number of computer systems in place are well protected against the evolving tactics used by ransomware attackers.
The shift to remote learning as a result of Covid-19 has caused universities to embrace new technologies and teaching methods that they’re not traditionally accustomed to. The variety of apps, devices, and portals used has significantly increased universities’ vulnerability to a number of cybersecurity risks such as ransomware.
The sensitive information that financial institutions gather on their customers, partners, and the financial market make them the ideal target for ransomware attackers. Double extortion techniques such as threatening to release the data to the public can result in greater ransom payments as the subsequent negative consequences for the financial institution is enormous.
Emerging cyberattacks on government bodies means they must be better prepared for ransomware disasters by providing training to all staff members and allocating specific budgets for these situations. A stagnant growth in ransomware training can lead to increased attacks with more damaging effects.
As these two industries provide valuable services to society, they also have higher propensity to pay the ransom to protect the encrypted data and restore essential services back to normal operations.
As the nature of these industries provide important services to people and society, when services cannot be accessed, they’re more likely to pay the ransom to attackers.
Attacks on the healthcare industry can be quite detrimental as the system are inaccessible until the ransom is paid, which means many patients’ lives are often on the line as they cannot receive the help they need.
As the emergency department of the hospital was closed due to the ransomware incident, the woman was redirected to another hospital for treatment. However, as the hospital was a substantial distance away, she didn’t receive the right treatment until an hour later. Her death serves as the first ransomware related fatality.
The exponential growth and evolvement of ransomware in the past 5 years has led to a breed of new malware that is more challenging and damaging than its predecessors. Predictions for the future are that security awareness training is more important than ever as human generated risk is the main factor in infection mechanisms.
Cybersecurity Ventures predicts that attackers will refine ransomware to the point where a new attack will take place globally every couple of seconds. The year on year growth of ransomware attacks means organisations should be prepared for a large jump in the coming years.
The US has already declared the payment of ransomware to be illegal in 2021 as it creates additional motive for perpetrators to continue cyberattacks. Other countries are expected to also crackdown on ransomware payments in a bid to curb the exponential growth in attacks.
The most common way ransomware infects computers is via phishing emails which contain malicious attachments or links. By clicking on the link or attachment, the user will unknowingly download and install the ransomware which then begins encrypting files.
Ransomware can be removed from your device through deletion of the malicious files, however your files will remain encrypted. By disconnecting from the internet and wiping the infected device, you should be able to remove all ransomware. The best way to recover all the encrypted files is still through an offline backup.
Whilst there’s no method to completely protect your organisation against ransomware, the best defence is prevention and being prepared. Security hygiene and basic training can significantly reduce your chances of employees unknowingly clicking or installing compromised software. Multilayer security controls that uses firewalls, antivirus programs, and multi factor authentication can also provide your organisation with additional opportunities to identify the ransomware and stop it before harm is dealt.
Once your data has been encrypted with ransomware, it’s unlikely you’ll be able to recover it in full. Even if a ransom is paid, the data returned is often corrupted or damaged. The best approach to recovering data is through an offline backup which does not contain the ransomware that is infecting your current system.
Antivirus programs can only identify and detect ransomware that is within their database. Until the program is updated by their developers, users can still be vulnerable to new ransomware. However, antivirus programs cannot do much once a user has clicked and installed the ransomware.
The most common sign of a ransomware infection is the appearance of a popup message requesting payment to unlock files and system. Other indications include unusual file extensions, inability to access your device, movement of location of files, and the need for a password to access your files.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.