Hacking Rises in Smaller Companies, So Does the Ransom Price

by

At the end of 2018, an employee of Pormade, a door company from Paraná, received an email about foreign trade from a colleague. Opening that message would trigger a crisis in the next few hours: the file was a ransomware attack.

This type of attack encodes device data through malicious software, making it impossible to read documents, and asks for a ransom for the kidnapped information – usually in cryptocurrency, so as not to leave any records. In industry parlance, malware encrypts files.

“It felt like being robbed”, recalls the company’s IT coordinator, Everson Holovaty.

He explains that the employee received a malicious email and, without knowing what it was, forwarded it to the responsible sector. There, they did not suspect the security of the message, which, after all, had been sent by a colleague. By clicking on the link, the malware was installed on the machine and the hacker gained access to the system. At the time, the backup routine, to save files, was done at night. The only loss was a test application.

Since the Pormade incident, the practice has gone from anonymity to one of the biggest security threats in business.

According to a report by the British group NCC, which provides cybersecurity services, ransomware attacks grew by 92.7% in 2021 compared to 2020 and accounted for 65.4% of all incidents handled by the company last year.

The number of such attacks in 2022 is unlikely to be the same as last year, says the company – in October, total ransomware attacks dropped by half compared to the same month in 2021.

The most constant threat, however, continues to be Lockbit, malicious software used in incidents of the kind, which prevents access to the computer. It accounted for 30% of attacks last month, according to the NCC.

The digitization promoted by social isolation in the pandemic explains this phenomenon, according to experts, because it was not restricted to people.

“Companies were also forced, in a very short space of time, to adapt”, says Donato Cardoso, CEO of Access Run, a cybersecurity platform. “The user, who is the main bottleneck of cybersecurity, went to a home environment, completely unprotected and inhospitable for security policies.”

As in a market, hackers saw a window of opportunity opening up — and small and medium-sized companies were the main target.

According to BrightCloud’s threat report, businesses with less than a thousand employees were the target of 82% of ransomware attacks in 2021. Those with less than a hundred concentrated 44% of the attacks. The profile does not soften the redemption price, which has increased nearly 48 times in three years, reaching $322,168 at the end of 2021.

In the case of Pormade, a medium-sized company, the ransom was around R$500,000, according to Holovaty, and was not paid.

The reasoning behind choosing this profile is: without a cybersecurity service, smaller businesses are more likely to pay the required amount —an attitude that is not encouraged by experts, as it has the potential to motivate criminals.

In addition, services from large companies reach more people and receive more visibility. The chances of having consequences are greater.

One of the hackers responsible for the Colonial Pipeline attack, for example, was arrested in January of this year, according to the White House, eight months after making the largest pipeline network in the United States suspend operation for days.

The wave has motivated the search for cybersecurity. According to a PWC survey, 69% of organizations predicted an increase in cyber spending in 2022 — in Brazil, the number was even higher: 83%.

Increased demand can drive up service prices, which poses yet another hurdle for small and medium-sized businesses. Even so, the experts consulted say it is essential to have a partner that provides cybersecurity for the business.

Trained employees and protection system are among the measures

In addition to seeking expert care, there are basic steps you can take, according to Jonas Schuler of NordVPN.

The first one is to educate employees. “The vast majority of attacks are via social engineering,” she says. It refers to deceptive messages pretending to be companies the victim has recently done business with, for example, or emails with unsafe links.

Good protection software can help in the second case, as it helps identify malicious websites. It also performs security scans on the device.

Finally, having well-defined backup processes helps not to depend on a ransom to recover information.

After the ransomware, Pormade hired a security service and took extra care.

On the day, it was 18 minutes from the start of the attack until the team realized what was happening. But they were stopped for six hours — time they needed to investigate.

“Being attacked, making a backup and returning to normal life is simple. The problem is learning from mistakes”, says Holovaty, one of the employees. “The most difficult task is to identify how it happened.”

Since then, a lot has changed in the company. Now the backup routine is every hour, the system requires complexity in creating passwords, the email server is in the cloud and the computer operating system is more secure.

The experience made Pormade go through the pandemic with less turbulence, when the attacks broke out.

In 2020, at the beginning of the home office, Holovaty’s biggest concern was how the collaborator would access company data. Was he going to use the same computer that his son uses to play video games, for example?

“The concern I had at the company, I made sure they had it at their homes too”, he says. And the care continues. “As we improve security, the hacker is also working on the technology to break in. It’s a game of chess, you always have to anticipate the moves.”

You May Also Like

Recommended for you