A New Era of Ransomware

For months, Costa Rica has been on the frontlines of unprecedented ransomware attacks that have impacted just about every aspect of life. Essential services have been crippled, teachers have been unable to collect their paychecks, doctors have been prevented from tracking the spread of COVID-19, all while international trade has ground to a halt. 

The chaos in Central America is not an isolated incident, however. Instead, it’s the culmination of a recent rise in ransomware attacks across the globe. So, with threat levels increasing what can governments and private sector organizations learn from these attacks and how can they avoid ending up in cyber criminals’ crosshairs themselves?

Beware Vulnerability Windows

Ransomware attacks are rarely the acts of individuals sitting at their computers and randomly deciding when to strike. Instead, they’re meticulously planned. The culmination of weeks, often months of threat actors accessing systems and planting the seeds of their assault so that they can cause the maximum possible disruption. 

As a result, you often see ransomware attacks targeted during times of instability or uncertainty. We’ve experienced that with the handover of power from one government to another; but we’ve also seen attacks coincide with other world events such as the start of the war in Ukraine and the onset of COVID-19, distractions that make it easier for cyber criminals to not only access systems but cause the most damage. 

These disruptions don’t even need to be massive geopolitical events like wars or pandemics. Change in any form brings with it risk. Indeed, in previous years, we’ve seen ransomware attacks targeted to coincide with national holidays, Christmas and even long weekends. The aim of the attackers is to catch their targets off balance when people’s attention might be elsewhere. 

We call these “vulnerability windows” and in order to effectively protect themselves organizations, whether they’re governments or businesses, need to proactively monitor their risk and deploy resources accordingly. 

Practice Good Cyber Hygiene

People might view ransomware attacks and think that they’re the result of a massive security breach or organizations not having stringent enough controls, but more often than not this kind of event is simply the result of poor cyber hygiene. 

The concept works in exactly the same way as personal hygiene, in that people who maintain their health by taking preventative measures are less likely to get sick while those who don’t put themselves at a greater risk. 

When it comes to organizations, poor cyber hygiene creates chinks in your security architecture that attackers can exploit. That’s why practicing good cyber hygiene is so important. Simple steps like using strong passwords, multi-factor authentication, updating software regularly and securing backups all go a long way to keeping your security infrastructure intact. 

Watch Out For Insider Threat

Recently we’ve seen a growing number of attempts by groups like Lapsus and Conti to actively recruit individuals from within governments and businesses to sell remote access credentials. There are advertisements all over the internet with groups overtly asking for this kind of access and offering good money for it.

It’s not just money that can motivate insider threats either, sometimes the intent can be malicious. Perhaps an individual doesn’t agree with the politics and policies of the organization they work for. Or they’re leaving, so take access with them or leave back doors open for attackers to get in after they’re gone. 

Whatever their motivation may be, monitoring is vitally important in order to protect from this kind of insider threat. Fortunately, the behavioral analytical heuristics that are now set within security programs are specifically designed to spot unusual activity. Used in conjunction with good cyber hygiene, organizations can help to protect themselves from attacks wherever they originate from. 

How Can Governments Combat The Rise Of Ransomware? 

It’s easy to look at recent attacks and think this is trouble in a faraway land. But the simple truth is that attacks can and do happen everywhere. In fact, our most recent Check Point report shows that Latin America is facing the same level of threat as those of us here in Europe.  

The problem is that we’re not doing enough to ensure that organizations, whether private or public sector, are protected from the rise of ransomware. Indeed, while governments have worked to implement stringent measures in areas like data privacy the same can’t be said for ransomware. 

So, where there should be strong compliance or mandates in place to ensure that organizations are adequately protected, there are instead guidelines and best practices that businesses can choose to follow. It’s a crazy situation. After all, in other areas of life like driving a car, for example, you need to reach a certain level of qualification or capability before you’re given a license. But you don’t need any specific qualification or certification to be given the task of securing a business. And until ransomware is treated as seriously as other areas, organizations across the world will be put at risk. 

Don’t Get Complacent

Cybersecurity can't just be another tick box exercise and governments must act to set standards and enforce compliance in order to ensure that organizations are adequately protected. 

It’s time we started to adopt a risk management framework that ensures organizations are as protected from ransomware as they are from other threats facing their operations. We’ve got to become more proactive, conducting regular exercises, threat assessments and testing to ensure that we know our systems will stand up to attack.

Because the biggest lesson we can take away from the plight of Costa Rica is that ransomware attacks can and do happen to anyone. 

Deryck Mitchelson is Global Chief Information Officer at Check Point

You Might Also Read: 

Ransom: Prepare For The Worst:

 

« Iranian Hackers Try Intercepting Israeli & US Government Emails
Two Million Extortion Emails Blocked Every Day »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Shavlik Protect

Shavlik Protect

Shavlik Protect is an easy-to-use security software solution that discovers missing patches and deploys them to the entire organization.

Cyber DriveWare

Cyber DriveWare

DriveWare analyzes new traffic in the I/O layer and blocks malware and cyber attacks which organizations have no means to protect against.

PrivateCore

PrivateCore

We protect data-in-use from hackers trying to steal data such as encryption keys, certificates, intellectual property.

Silverfort

Silverfort

Silverfort introduces the first security platform enabling adaptive authentication and identity theft prevention for sensitive user, device and resource throughout the entire organization.

CERT NZ

CERT NZ

CERT NZ supports businesses, organisations and individuals affected by cyber security incidents, and provide trusted and authoritative information and advice.

IAC

IAC

IAC is a specialist Irecruitment consultancy covering Internal Audit, Risk, Controls, Governance, IT Audit, and Cyber Security roles.

SkillCube

SkillCube

SkillCube is one of the pioneers in India focusing on Cyber Security Skill Development Solutions.

SAIFE

SAIFE

SAIFE has adapted a Software Defined Perimeter approach and paired it with a Zero Trust model that defines access by the user, their device, and where they are located.

Security Management Partners (SMP)

Security Management Partners (SMP)

Security Management Partners (SMP) is a trusted partner to financial services, healthcare and businesses that need to manage their information, securely.

Bfore.ai

Bfore.ai

Stop future attacks, today. Bfore.ai is an operational threat intelligence feed to add predictive technology to your security infrastructure.

Private Client Cyber Security (PCCS)

Private Client Cyber Security (PCCS)

PCCS provides enterprise-grade cybersecurity consulting and services to professional practices, executives, athletes, and high net worth families.

MIS Solutions

MIS Solutions

MIS Solutions is a managed cloud and IT security partner making technology work for you.

Xeol

Xeol

Software free of vulnerabilities, built and distributed by trusted entities. Our mission is to help customers secure their software from code to deploy.

Reach Security

Reach Security

Reach is the first generative AI platform purpose-built to empower enterprise security teams. With Reach, organizations measure, manage, and improve their enterprise security posture at scale.

Athena7

Athena7

Athena7 is a dedicated assessment practice committed to helping organizations understand how their infrastructure, backups, and security controls will withstand the latest threat actor tactics.

Strobes Security

Strobes Security

Strobes is among the world’s first cybersecurity platforms specifically designed for end-to-end continuous threat exposure management.