May 12, 2021
Ransomware Attacks on the Rise
Promo products firms need to be on alert to avoid business-crippling attacks.
Promotional products companies take note: Authorities say ransomware attacks are on the rise, a troubling trend expected to accelerate in the months and years ahead.
Ransomware hackings have been making headlines in the wake of a cyberattack that put a pivotal U.S. gasoline pipeline out of commission through what the operator, Colonial Pipeline Co., says could be at least the end of the week of May 9. The idle line is leading to a run on gas along the East Coast and threatening to increase fuel prices.
Sadly, cyber security experts say, the attack and its society-disrupting effect is a direct result of the growing sophistication, reach and effectiveness of ransomware offensives perpetrated by digital age criminals who are highly skilled at their illicit trade.
Data illustrates the threat. In 2020, the FBI received almost 2,500 reports of ransomware attacks – up 66% from the prior year. The actual number of cases is likely far higher. Meanwhile, ransomware victims paid cyber crooks four times more in cryptocurrency ransom payments in 2020 than they did in 2019 – some $350 million, according to Chainalysis, a firm that specializes in blockchain analysis. The estimated total cost to the U.S. economy of ransomware hackings reportedly tallies in the billions each year.
“The reason why ransomware is exploding is because it’s scalable, predictable and lucrative,” Antony P. Kim, a partner with the law firm Orrick Herrington & Sutcliffe LLP’s cyber, privacy and data innovation practice, told The Wall Street Journal.
The cy¬ber¬at¬tack that knocked off¬line an es¬sen¬tial U.S. gaso¬line pipe¬line shows that a dan¬ger¬ous, hack¬ing-for-ran¬som threat is wors¬en¬ing, spread¬ing rapidly and plagu¬ing com¬pa¬nies, schools, hos¬pi¬tals and other in¬sti¬tu¬tions. #ransomware https://t.co/lpEyz3CMH0
— Tawnell Hobbs (@Tawnell) May 11, 2021
The Journal elaborated: “Hackers have grown adept at communicating about vulnerabilities on the so-called Dark Web, a network of computers that can share information anonymously. The ability to demand payment in cryptocurrency limits law-enforcement tracking capabilities. And the growth in insurance policies that cover ransomware payments has helped seed an increasingly professionalized ransomware industry.”
Similarly, Forbes noted that “the sophistication of threats (has) increased from the application of emerging technologies such as machine learning, artificial intelligence, and 5G, and especially from greater tactical cooperation among hacker groups and state actors.”
The promotional products industry has experienced high-profile hackings in recent years. Alphabroder (asi/34063), the second-largest supplier in promo, paid a ransom to hackers after the firm was snared in a ransomware trap. In early 2020, Top 40 supplier Bag Makers (asi/37940) sustained a crippling attack. In extreme cases, certain smaller promo companies have been driven out of business.
What are the lessons that we can and should learn from a cybersecurity major incident or event that will help us all to get better?
— Tripwire (@TripwireInc) May 10, 2021
Gary Hibberd looks at how organisations can reduce the risk.#cybersecurity #infosechttps://t.co/e61IZbIoHI
In a ransomware assault, hackers launch malicious software that encrypts the content of computers, preventing the devices from being used and denying access to the information they contain. The criminals then demand that victims pay them a ransom in exchange for a decryption key, which is used to free computers. Some hackers also threaten to release private information found on the computers, especially if victims refuse payment. Businesses often pay, as they see that as a better option than the effects of the extended downtime from being inoperable and potential release of sensitive information into the public sphere.
So-called phishing scams are popular means of launching ransomware attacks. These schemes center on tricking unsuspecting victims – like a business’ employees – into downloading or clicking something that is infected with malware. The malware then spreads rapidly throughout an entire system, encrypting it.
Cyber security experts say educating employees about phishing scams is essential to helping prevent ransomware attacks. Having backup copies of your systems that you can draw on in the case of an attack is another means of staying operational if malware infects, experts say.
Cyber security specialists at Tripwire offer 30 tips to protect against ransomware here.