Ransomware Remains Strong in Latin AmericaBy Claudio Martinelli | Mon, 01/11/2021 - 09:14
Few dates are as memorable within the cybersecurity industry as May 12, 2017, when the WannaCry ransomware attack occurred. This was the first massive global attack that spread through computers equipped with Microsoft Windows, encrypting users’ files and requesting a ransom in bitcoins for their release. Wannacry affected 230,000 computers in approximately 150 countries. Furthermore, it caused losses of over US$4 billion around the world. Even though the industry had long known about the potential of this threat, this was the first time it had witnessed an attack of such magnitude. It changed our perspective on the reach and repercussions of ransomware.
Ransomware is malicious software that encrypts files on the infected device, or an entire network, and demands payment to decrypt them. To put it in simpler terms, it is an attack of extortion that affects targeted companies with downtime, fines and damage to their reputation. It also has a big economic impact due to expenses needed to restore information systems, pay penalties, business losses, plus the ransom that many companies choose to pay. Since 2018, this threat maintained a moderate year-over-year growth of 7 percent; however, in 2020, there were significant peaks in this type of attack in April, July and September, particularly in specific sectors, such as health, financial services and government.
Furthermore, the risk is no longer just about encryption. We are witnessing the rise of ransomware 2.0: when the cybercriminals behind these attacks threaten victims with posting their confidential data online if they refuse to pay the ransom. This tactic increases the risk for organizations, not only because it can tarnish their reputation but also because it exposes them to lawsuits and hefty fines related to General Data Protection Regulation (GDPR) policies if the data is ever published. Between January and September 2020, Kaspersky detected 1.3 million ransomware attack attempts in Latin America, with Mexico ranking as the second-most attacked country in the region with 22.57 percent of detections. The fact is that the region continues to practice certain habits that make it especially susceptible to this type of attack. On the one hand, two out of three devices in Latin America have critical vulnerabilities, such as the use of outdated software; on the other hand, the software piracy rate in the region is practically double that of the average global rate.
The problem with ransomware is that it will remain an attractive business for criminals as long as companies and organizations choose to pay the ransom to retrieve their information, even though doing so offers no guarantees. Coordination between public and private organizations, law enforcement agencies and the cybersecurity industry is required to address this with initiatives such as the No More Ransom portal, launched in 2016 to help victims recover their encrypted data without having to pay the criminals. In just four years, this organization has saved users more than US$630 dollars. It is also possible to decrease the probability of becoming a victim by implementing basic cybersecurity practices. Some of the most practical include:
1. Create frequent backups. We will never cease to emphasize this. Having a recent backup will allow for a faster recovery of systems in case of an attack. The security copy should be stored offline.
2. Protect each endpoint. Having a robust security solution that protects all the devices connected to the corporate network is essential since it will detect suspicious behavior and block the threat.
3. Keep systems updated. It is crucial to install security updates for operating systems, software, and applications as soon as they are available to patch any vulnerabilities, so it is advisable to force periodic updates. Also, always use legitimate software so that you can receive support and relevant updates from the manufacturer.
4. Train employees. Without a doubt, employees are the weakest link in a company or organization, which is why it is fundamental to conduct regular training to educate staff on the risks of opening suspicious links, websites and attachments on corporate computers, as well as on the importance of creating strong passwords.
5. Activate the option to show file extensions in the Windows configuration menu. This will make it easier to detect potentially malicious files that disguise themselves under different file extensions. Additionally, file extensions '.exe', '.vbs', and '.scr' should be avoided.
6. Encrypt sensitive data. This layer of protection will prevent data leaks in the event of an attack, helping to avoid reputational issues and sanctions related to privacy protection laws.
7. Control the use of credentials. Limit access to both the server and specific service segments. This way, if any credentials are compromised, the rest of the corporate environment won’t be at risk.
If we learned anything in 2020, it's that ransomware is here to stay. In addition to not paying the ransom, different sectors must adopt basic measures to prevent its propagation and strengthen their cybersecurity strategies so that this threat ceases to be economically attractive. In other words, implement cybersecurity measures that increase the costs incurred by criminals for perpetrating these types of attacks, since if the cost to carry out the attack is greater than the value of the damage (for the victim) or the possible profit (for cybercriminal), the likelihood of falling victim to such attacks decreases.