See how ransomware attacks can hit businesses

The pandemic boosted an offensive of hacker attacks on companies, among which ransomware (hijacking software) stands out, a method that already generates billions in losses.

With the digitization promoted by remote work, employees were more susceptible to scams and increased the chances of cybercriminals accessing internal systems and harming the functioning of companies.

In the last year, large companies such as Renner, JBS, Fleury and public institutions such as the Ministry of Health, the National Treasury and the Supreme Court of Justice (STJ) were targeted by ransomware.

This type of cyberattack happens when criminals use a program to break into systems, lock databases, backups or credentials, and then demand a ransom in exchange for granting access. In the case of companies, this can mean interruption of operation for days.

“[A pandemia] has meant that IT departments are often forced to prioritize the delivery of functionality over security and data management”, says Gustavo Leite, country manager at Veritas in Brazil.

“This introduced a thunder and lightning effect, where first we saw the lightning of innovation and then we had to wait for the thunder of protection to follow. The in-between period remains the biggest window of opportunity for failure, during which organizations are exposing themselves to ransomware and other data-related risks,” he said.

Intrusion can take many forms, but the most common targets the weakest links in cybersecurity: the people themselves.

Because many employees use the same weak passwords to access common websites and corporate systems, if a data leak occurs, or if the user is a victim of phishing, the company’s network can be immediately compromised.

Once this malicious software resides on an employee’s device or is injected directly into a company’s internal network, it begins to spread silently, which can take hours to months.

After this period, ransomware, powered by artificial intelligence and sophisticated algorithms, finds servers, databases and backups and hijacks them.

“The initial effect is the inability to conduct business as usual — or do nothing — because the attackers have encrypted critical data. Depending on the size of the company, it can lose millions of dollars in revenue while not being able to do business,” explains Leite. .

Extortion works in a dual way, because in addition to the initial ransom, required to restore operations and return access, criminals can also demand payment for not leaking the data they have access to, which can be crucial to the reputation of companies. .

Ransomware relies on characteristics such as annual profit, number of employees and revenue to determine how much the company will have to pay to receive the key that will decrypt the system.

While some companies pay $10 million to $20 million, most pay more modest amounts, around $100,000.

The average ransom price paid in 2021 was $327,000, according to Marco DeMello, CEO of cybersecurity firm PSafe.

He assesses that in terms of lost productivity, impact to customers and blocking of operations, in many cases it is more advantageous for large companies to pay the ransom than not paying and relying on backups, which may be outdated.

As in most cases payment is required in cryptocurrencies, tracking becomes almost impossible. According to DeMello, the percentage of cases where the amount paid is recovered is less than 1%.

For him, during the pandemic there was a ten-year growth in six months in the sophistication and volume of virtual attacks, which raised the alarm not only among large companies, but also among small and medium-sized ones. “Today there is no longer this distinction between large, medium or small companies, they are all targets”, evaluates DeMello.

“In the US, most medium and small businesses that were hijacked in 2020 went bankrupt in 2021, because the impact of ransomware is very difficult for them to absorb,” said the expert.

“For these companies, prevention is just as important as it is for large companies, because it’s about the survival of the business. Its ability to stay alive depends on it.”

A report produced by Veritas suggests that, on average, organizations need to spend R$12.7 million and hire 27 full-time IT staff to fill the vulnerability gaps created by the digital transformation of the last two years.

“It’s always important to be prepared to deal with the aftermath of a successful attack with tried-and-true backup and recovery capabilities so you can get back to business without significant downtime and without paying the ransom,” the company representative said. in Brazil.

The same survey shows that between 2020 and 2021, companies suffered an average of 2.57 ransomware attacks that led to downtime.

“The impact on the economy is devastating. Ransomware generated more than US$ 25 billion in losses in 2021 alone, and is forecast to increase by at least 50% in 2022. These are companies that go through delicate situations, which can go bankrupt . The only solution is prevention”, evaluates DeMello.

HOW TO PROTECT YOURSELF FROM RANSOMWARE

For businesses

• Keep backups running
• Invest in AI-powered cybersecurity solutions
• Structure incident response and business continuity plan
• Provide digital security guidance to employees
• Adopt a DLT (data loss prevention) system
• Keep networks and operating systems up to date

for individuals

• Have a security solution installed on your device
• Change personal passwords frequently, preferably stronger ones with special characters
• Avoid clicking on links from unknown sources, especially those shared via messaging apps like WhatsApp and social media
• Use two-factor authentication
• Create the habit of doubting the information shared on the internet and never report sensitive data on links of dubious origin
• Use virtual credit cards with every new purchase on the internet
• Keep device operating systems up to date
• Always try to confirm the veracity of the information on the official pages and websites of the companies
• Make sure a link is trusted on the dfndr lab website, PSafe’s cybersecurity lab