This is a machine translation of the original press release published in Spanish
In 2021 there was no shortage of reports of cyber attacks that crippled the operations of large companies for several days. This global trend was caused by malicious programs called ransomware, a threat that is becoming increasingly selective in its victims. According to the latest analysis by Kaspersky security specialists, this criminal activity, which focuses on financially healthy companies, has maintained triple-digit growth in Chile, registering a 400% increase over the past year compared to 2020.
The analysis is based on attempted attacks blocked by Kaspersky technologies connected to its cloud protection network (Kaspersky Security Network) between January 2019 and the end of November 2021, and considers only “targeted” ransomware such as Conti, Darkside, Lockbit , Ransomexx , Revil (aka Sodinokibi or Sodin), Ryuk and Wastedlocker. “As we outline in the overview of ransomware attacks in Latin America, this new wave of attacks is planned. There are no more ‘soldiers shooting indiscriminately’ to see how many casualties they fall. Today, the cybercriminal launches his attack like a professional sniper: one shot, one victim,” explains Claudio Martinelli, General Manager for Latin America at Kaspersky.
According to business experts, this new trend makes it difficult to compare traditional attacks between months or years, as malicious activity does not exhibit a constant frequency. However, when comparing periods of peak activity in Chile (June 2021 vs. September 2020), Kaspersky Technologies saw a 400% growth of targeted ransomware blocks in the country.
For ransomware victims, an incident represents a financial loss as they become inoperable for days or weeks and require a “ransom” to unlock computers, servers and systems. In some cases, this sum can amount to several millions. Aside from the financial aspect, what worries business leaders most is the impact on the company’s reputation. “No CEO wants to see their company’s name in the news in connection with a cyber attack. The impact on businesses is huge, and this is exactly why groups specialized in this type of threat are proclaiming their success in infecting their victims. as the intense pressure from customers and regulators will create an urgent need that will ultimately increase the possibility of receiving the ransom payment,” Martinelli explains.
As modern ransomware uses strong encryption programs to block access to critical data and systems, the executive emphasizes that prevention is the only possible solution to avoid breaking news. “Once you know how a scam works, it’s easy to prevent, right? Theoretically yes. Our research team has detailed how the ransomware works to approve budgets,” explains the board.
Martinelli points out that cybercriminals plan their attacks on target companies well, so it is enough for a single part of the cybersecurity strategy to be misplaced for the attack to take place. “Have you ever tried to protect your surroundings from mosquitoes that keep you up at night? They use repellent lotion, an electric diffuser, mosquito nets on all windows: the implementation of all this creates a sense of security. But one mistake is enough – forgetting to plug in the diffuser or a small hole in the mosquito net – to wake up with a sting. Similarly with ransomware, cybercriminals have the time and will to find a way to break into the corporate network is to find a weak password, a misconfigured system, or an ineffective protection solution to achieve their goal.”
Considering the main mistakes, Kaspersky recommends the following steps to avoid becoming a victim of ransomware:
- Find out about the possible errors in your systems, your network and your structure.
You can conduct an internal audit or evaluate external security diagnostic services such as phishing simulations or digital risk reports on attack vectors related to an organization’s overall digital footprint.
- Evaluate the knowledge of your employees.
Ensure your security team has the information they need to assess ransomware defenses and plan incident response actions to prevent an incident from being successful. If you don’t have specific knowledge, training is available. Also assess whether employees generally have the basic knowledge to avoid becoming a victim of fraud. One click can give the criminal access to the network. In addition, a safety training routine should be maintained for all employees, with modules tailored to specific needs.
- Check regularly whether your immune system is functioning optimally.
Today there are several technologies that you can use to act proactively to prevent an attack, for example:
● Threat Intelligence reports detailing the detection, what’s done, and how to identify any new ransomware entering the organization’s infrastructure.
● EDR technologies that provide advanced detection of malicious activity.
● Ongoing attack detection services that conduct a thorough examination of systems, networks and devices to assess vulnerabilities in enterprise defenses. This diagnostic can be performed annually or when malicious activity is suspected.
● Verify benchmark tests or conduct internal analysis to ensure real protection. The AV-Test lab recently published a dedicated ransomware protection report.
● Check backups regularly. It is common for companies to make backup copies and the next moment of the process the file is intact. Unfortunately, mistakes are common and there may be a faulty copy. Make sure the files are okay to allow for a quick resumption of operations.