Frequent and routine backup of data seems to be the only way to tackle this menace.
Global tech giants and enforcement bodies have been losing sleep over the menace of ransomware. Amazon, UK’s National Crime Agency (NCA), Microsoft, and the FBI have come together to form a Ransomware Task Force (RTF) to provide governments with about 50 recommendations.
But what is the latest ransomware threat? It is a fast-spreading malware risk that has exposed public institutions and businesses across the globe. It is a virulent strain of hazardous software that wreaks havoc on mobile devices and computers and quite often spreads to other devices all through the network.
After targeting a system, the software encrypts all the data available in the device. It then flashes a ransom message to the user, asking for an exorbitant sum to be paid online in cryptocurrencies like bitcoin. Only on payment of the ransom would it return the decryption keys for restoring the encrypted files.
Why is Russia being pulled up?
There is a strong suspicion of Russia being behind these attacks, and UK’s foreign secretary Dominic Raab has recently warned Russia to not give shelter to people behind these attacks. He said that the miscreants might not be directly linked to the state, but that it had a responsibility to prosecute them. He also said that the UK had to delay the reopening of 80 universities and schools because of these attacks.
The UK National Cyber Security Center has come up with certain guidelines that could help in mitigating ransomware attacks. It says that there is no way to ensure complete protection of any organization against hazardous malware but having proper layers of defense at each step is a good way to attempt to protect devices.
The guidelines say that having defense layers would help in the detection of malware and prevent it before it manages to impact an organization. It also suggests creating backups regularly, preventing malware from being spread to other devices and running on them, as ways by which an organization could recover from an attack.
The RTF submitted its findings to the US government where it said that the problem of ransomware has become a public safety concern and would be a national security threat in a matter of just a few years. It argues that much is at stake because of this issue, and not just money. RTF co-chairman Jen Ellis said that this issue was having a huge impact on the economy. It is restricting ordinary people from accessing critical services.
What has the RTF found?
The RTF has also observed that the money collected from paid ransoms is then used in funding different kinds of organized crimes like child exploitation and human trafficking.
The UK National Cyber Security Center has said that 2020 saw three times the ransomware incidents that the organization dealt with in the year before.
In 2017, a ransomware attack, WannaCry, that hit companies globally impacted more than 200,000 computers across 150 companies. It costed the UK alone £92 million while globally, the damages were £6 billion. In the same year, another variant—NotPetya ransomware—hit several public organizations and businesses across the world. It was such a strong attack that despite victims coughing up ransom money, it created damages that could not be recovered. The Bad Rabbit outbreak in the autumn of 2017 damaged systems across the European Union, Russia, and Ukraine.
In 2020, GrandCrab was the first of such attacks that asked for payment through DASH cryptocurrency. It spread through spam mails and fooled users into opening ZIP archive files contained emails, which were nothing but a script to download and execute the ransomware.
Colonial Pipeline, a US company, is still trying to deal with a huge attack that led to the shutting down of a pipeline that met half of the East Coast’s fuel demand. The attack is suspected to have been carried out by the Russia-based DarkSide. Though the US government has not yet formally accused the Russian government, its intelligence officials have said that it was not possible for such groups to carry out operations without the tacit support of political leaders of Russia’s intelligence departments.
How has the UK been hit?
UK’s educational institutions were hit by such attacks, which prevented them from resuming offline classes. UK has also argued that through these cyberattacks, a clash between democratic and authoritarian states is being played out. The government has warned that such attacks expose those states that are using technology to sabotage and steal. There has also been a rise in cases of criminal ransomware where people’s data are being held captive till payment.
The government has said that the associated stigma and secrecy makes it extremely difficult to have a true assessment of the costs of such attacks. According to the FBI, as many as 2,400 US companies, schools, local governments, and healthcare facilities have been afflicted by the plague.
According to RTF researchers, huge attacks were perpetrated globally last year. Countries like Brazil, Germany, Australia, the UK, South Africa, and Saudi Arabia were victims of such attacks last year. Emsisoft, a cyber security company, said that the global cost of ransomware, including ransom payments and business interruptions, was at least $42 billion in 2020 and could be as high as $170 billion.
A survey conducted by Veritas Technology has found that 66% of ransomware attack victims have admitted to paying either a part or the full ransom amount.
According to an estimate, UK companies had to pay £346 million every year for such attacks. Another study has found three out of four companies that have been attacked go without access to their files for two days or more and 30% lose access for over five days.
However, Raab conveyed the UK’s commitment towards continuing to expose such predatory activities. He said that the UK would target countries and organizations that attempt to harm it. The UK has also created a new National Cyber Force, which will conduct operations to identify such criminals, choking them off from access to infrastructure and undermining their network.
How to protect your data?
Experts have been advising victims to not pay up the ransom money, which has also led to the rate of total such attacks increasing. Criminals are now targeting law enforcement agencies and healthcare divisions that are keener on paying the amount due to the life-and-death consequences of computer and data outages in their profession.
The beginning to prevention and safeguarding of personal and public data from such attacks would be to educate employees, companies, and government establishments on the techniques used by these attackers. Everyone must be careful not to click on the links that pop up in online advertisements. It is also essential to have a strong backup procedure by keeping various copies of the same data saved locally on the cloud or offsite.
Frequent and routine backup of data seems to be the only way to tackle this menace. If a system is compromised, it can be restored from the backups created before the attack and by identifying when the attack happened.
It is becoming increasingly imperative for countries to unite globally on the threat of ransomware. All countries on a foreign policy level should create pressure on any country that even tacitly supports such cyberattacks. In today’s age, as data is the new oil, countries must pay urgent attention to such huge data breaches.