Advisen Front Page News
- Wednesday, April 15, 2020
Reported ransomware cases 'only the tip of the iceberg': CyberCube
Advisen
Reported ransomware cases 'only the tip of the iceberg': CyberCube
Ransomware-as-a-service emergence increases risks
By Erin Ayers, Advisen
The ransomware attack that shut down Travelex on New Year’s Eve offers just a glimpse at the costly and far-reaching effects that such cyber threats will have in the future, as according to a new report from CyberCube.
“The business model for cyber crime is evolving rapidly. Threat actor groups are conducting campaigns and adjusting their models to extract greater value from a smaller number of attacks. Recently, we’ve seen some very sophisticated and aggressive organized criminal groups conduct carefully targeted ransomware attacks, which mark a move away from the traditional high volume, low-value approach,” said Oliver Brew, CyberCube’s head of client services and an author of the firm’s new report titled Understanding Ransomware Trends.
Reports indicated that Travelex paid $2.3 million in bitcoin after a demand of $6 million, and the event shut down the currency exchange firm for over two weeks. It’s unlikely cybercriminals have any intention of stopping -- CyberCube’s research indicates that hackers are shifting to targeted social engineering attacks on senior executives with access to corporate bank accounts.
Since the 2017 WannaCry attack, where the average demand was over $1,0000, ransomware has expanded in both scale and sophistication. Demands for decrypting systems have risen and hackers more frequently exfiltrate data from systems before launching a ransomware attack to gain leverage over their targets. CyberCube’s research suggests that hackers favor public services like cities, schools, and healthcare providers as targets for increasingly more advanced campaigns and higher ransom demands.
“Criminals are realizing that ransom demands of millions of dollars are achievable when the target becomes a corporation rather than lots of consumers,” said Yvette Essen, CyberCube’s head of content. “The danger now is that the coronavirus outbreak is creating the ideal conditions for ransomware attacks to flourish. With widespread working from home, increased internet traffic, increasing use of technology for what were face-to-face transactions, corporations must increase their vigilance.”
CyberCube also warned that organizations – and their insurers – need to fully understand the full scope of the ransomware threat. The evolution of ransomware-as-a-service will introduce new players to the field, as more established hackers – the “big-game hunters” of the business -- develop and sell malware to others.
“The amount of ransomware cases that have been paid and make the public domain is only the tip of the iceberg - many incidents are only reported if they involve sensitive proprietary information and reputational damage,” said the authors of the CyberCube report. They warned that calls for transparency on attacks is likely to increase in the future.
The ransom represents only a portion of the overall cost of these attacks, CyberCube explained.
“The sources of financial loss include the cost of paying the ransomware itself, legal and related forensic investigation costs, as well as the clean-up and potential rebuild costs in the event that the decryption keys are not effective to regain access to the encrypted files. The financial cost is only one aspect of the impact of ransomware – the disruption to services and operations can be very significant, and it can take weeks or months to fully recover,” the authors of the report said.
