2 min read

Ransomware is online threat number one

GCHQ cybersecurity boss sounds alarm over extortion by hackers who are mostly based in former Soviet states.

The Guardian reports on a warning that Ransomware is biggest online threat the British face.

As far as Cert, the government’s cyber security team, is concerned, the incident reports show that’s not officially the case in New Zealand.

And yet, the severity of the recent ransomware attack on Waikato DHB suggests it causes widespread havoc.

Ransomware is when online criminals take control of data, encrypt it, then demand payment before unlocking. Except they don’t always unlock the data. Or, if they do, they may strike again later.

Professional ransomware

Lindy Cameron, chief executive of the UK’s National Cyber Security Centre, says it is escalating and being increasingly professional. Criminal gangs make most of their money from large profitable businesses that can’t afford to lose data or suffer downtime.

The Guardian says:

Gangs often scout their targets and will tailor their demands to the size of the customer: there are examples of small firms such as hairdressers being targeted and payments of £1,500 being demanded. But most of the targets are large businesses, which are disabled by the attacks.

Travelex, a UK-based provider of foreign exchange services, paid $2.3m last year to regain control after hackers shut down its networks. The company subsequently fell into administration and had to be restructured with the loss of 1,300 jobs.

It reports Cameron calling for insurance companies to stop paying out for ransoms. At the moment paying is legal in the UK if there’s no link to terrorism.

Phishing and credential harvesting

In New Zealand, Cert’s biggest concerns are phishing and credential harvesting. For the first quarter of 2021 Cert recorded 652 phishing or credential harvesting incidents. In comparison, Cert recorded 12 ransomware cases.

It’s possible many New Zealand ransomware incidents go unreported. We know for sure some do.

Cert puts the ratio between the phishing and ransomware categories at over 500 to 1. You chance of a ransom demand is relatively small.

Given this ratio, why does the headline on this post say ransomware is ‘threat number one’?

Devastating

That’s because when it hits the damage from ransomware can be devastating. Four weeks after the Waikato DHB attack, the health authority’s computer systems are not back to normal. Hospitals have cancelled surgeries. The DHB is not treating some sick people.

The attack caused chaos in the health system. Last month the Irish health system went through a similar incident. In the US ransomware attackers shut down a vital fuel pipeline.

Companies have gone out of business because of ransomware.  The attacks are escalating. Criminals target organisations like hospitals knowing putting people’s lives at risks increases the pressure on victims to pay up.

Sonicwall, a security company, says there has been a 62 percent increase in ransomware attacks since 2019. One way to protect against ransomware is to make careful backups.