Ransomware a Devastating and Omnipresent Threat

Regardless of their sector, geographical location, or size, both public and private organizations have become some of the most significant and lucrative targets for ransomware attacks. This is because beyond the paralysis of the operations of businesses, industries, and even entire governments, victims often suffer many lasting effects. As such, attacks that use malware to lock a target’s system and demand ransom for its release have become a devastating, omnipresent threat.

Just in Latin America, Kaspersky's solutions blocked 1.15 million ransomware attack attempts between July 2022 and July 2023. This meant that companies in the region experienced an average of two ransomware attacks per minute. Brazil, Ecuador, and Mexico ranked as the most affected, but no Latin American country escaped from being in the crosshairs. 

Examples of this are everywhere. Last year, Costa Rica suffered a series of ransomware attacks that resulted in data breaches and disrupted numerous government services for several weeks. Likewise, in Colombia, an attack suffered by a web hosting services company in September affected more than 30 government websites, as well as several e-commerce sites in other countries. 

Another factor that makes ransomware an ever-present threat are the tactics used by ransomware groups. According to Kaspersky’s Threat Intelligence Team, the most popular techniques for gaining initial access among ransomware groups are: 1) External Remote Services, such as Remote Desk Protocols, as these services are often not properly protected and may be accessed through stolen credentials or brute-forcing; 2) Public Facing Applications, especially those with misconfigurations, weaknesses and unpatched vulnerabilities (usual targets are MS Exchange and Sharepoint servers, VPN and other web services); and 3) Phishing, where attackers send a large number of phishing emails to employees of an organization to start an infection. Ransomware groups such as Conti, Clop and Hive are notorious for using these. 

In addition to the aforementioned, vulnerabilities in general are also a popular vector ransomware actors use to penetrate an infrastructure. Although there are a large number of “zero day” or unknown vulnerabilities, our investigations have shown that many known ones, for which a security update is available, remain unpatched. In fact, Kaspersky’s recent Threat Landscape report for Latin America revealed that the WannaCry ransomware continues to register among the highest detections (40.59% of cases), although the group has been inactive for years and a patch for the vulnerability exploited has been available since 2017.

Unfortunately, the high success rate of ransomware attacks and the havoc that these could wreak, on not only victims but also customers, partners and an entire supply chain, carry the potential for a high payout for cybercriminals. Affected companies may be motivated to pay to regain access to the encrypted data and to prevent the attackers from publishing sensitive information as this can lead to large reputational losses, disclosure of trade secrets and other serious issues. According to Kaspersky's IT Security Economics report, more than 40% of companies faced at least one ransomware attack in 2022 and as a consequence, SMBs paid an average of US$6,500, while large companies paid US$98,000 trying to recover their information.

To combat this threat, an organization’s response should not be improvised. As I've explained in the past, entities need to implement a proactive cybersecurity strategy based on three fundamental pillars: 1) Threat Intelligence, reports that offer firsthand information about possible threats (even by sector), as well as details on the tactics, techniques and procedures employed by threat actors so that security teams or SOCs can make proactive decisions; 2) A cybersecurity tool, one that meets the needs of the business or organization and it is specifically tailored to its sector, without affecting the continuity of its operations; 3) Cybersecurity training for employees at all levels to make them aware of the threats, as well as the different social engineering maneuvers they may encounter, with tips on how to detect and avoid them. 

In addition to these, I would also advise companies to adopt a Zero Trust model to avoid business risks.  Zero Trust is designed to protect modern environments and enable digital transformation by using strong authentication methods, network segmentation, preventing lateral movement, and ensuring least access policies. Doing so would prevent threat actors from using compromised administrator credentials to access an organization’s entire network in the event of an attack. This digital segmentation acts as a security barrier that improves network access control as it encourages entities to rethink how and for how long access is granted.

In cybersecurity, like in any other area that carries a substantial risk, prevention and preparedness are key. As more companies around the world undergo digital transformation, prompting more data to be stored, shared and accessed electronically, a proactive cybersecurity strategy based on these three pillars and the Zero Trust model is essential. 

Are you ready to set yourself up for success in 2024? Join us at Mexico Business Summit 2023, the must-attend B2B conference for Mexico’s business leaders!

Taking place on Nov. 28-30, 2023, at Expo Santa Fe in Mexico City, this high-level multi-industry conference offers unmatched opportunities to get inside perspectives on key industry trends, access actionable business intelligence, generate pre-qualified leads and identify new opportunities in a unique cross-industry networking environment.

Mexico Business News offers you an exclusive MX$2,000 ticket discount by using this code: MBS2023MBN2000. 

Don't miss this opportunity and get your tickets here: https://mexicobusiness.events/MBS/2023