Alas, Alas Ransomware!
There is a lot of news about ransomware these days. It’s surprising how few people know what this means and what might happen if attacked. Since ransomware is an extremely deep and technical subject, we wouldn’t have said much even if we wrote it here for pages. The purpose of this article is not to overwhelm the reader with extremely scientific statements, but to raise awareness with a short article in the style of conversation. In this context, first of all, I would like to briefly define “Ransomware”.
Ransomware is a form of malware that is used to try to make money from victims through ransomware. Most programs are designed to sit quietly on your system and slowly encrypt your files. After they finish encrypting, they leave you a fatal note — either pay the ransom or lose your files forever.
It is noteworthy that the large-scale damages caused by ransomware attacks internationally have increased even more in the last year. For example, according to reports from various government agencies and professional cybersecurity companies, global ransomware attacks in 2020 increased by 150 percent compared to the previous year. In addition, it was determined that there was an increase of up to 300 percent in the ransom payments made by the victims of the attack.
Global ransomware attacks on critical infrastructures, companies and public institutions also increased dramatically in the first quarter of 2021. With the intensification of the attacks, there was a large increase in the amount of ransom demanded by the attackers from the victims. Especially due to the increase in the value of Bitcoin, the ransoms paid by giant companies to attackers reached tens of millions of dollars.
In ransomware attacks that took place in 2021, some changes are observed in terms of quality and method compared to previous periods. For example, while there were attacks known as “phishing” and carried out over e-mails in the past, in addition to this method, supply chain attacks, 0-day (zero-day) vulnerabilities and various cyber infrastructure vulnerabilities are used in the new period.
On the other hand, the victim’s data, which is usually the target in previous attacks, was encrypted and the attackers demanded a certain amount of ransom to give the encryption keys. In the new period, the data is leaked to various platforms, sometimes partially or completely, together with encryption, and shared in the “dark web” environment, where cybercriminals operate intensively.
In addition, the fight becomes more difficult as ransomware variants become increasingly sophisticated and attackers use various methods of operation. In addition, threat actors who are state-supported or who once took office in government institutions and then step into this “dark market” can also hide their real targets because they act purely with economic motivation. At this point, it should be noted that even if the actors are not affiliated with the state, they may cooperate and sell their data due to financial motivation. Thus, it is possible for cyber threat actors to give more weight to this “dark market”.
Even the most powerful states of the world can be vulnerable to ransomware attacks, which are on the rise among cyber threats. One of the main reasons here is that cyber threat actors are becoming more professional and using more sophisticated methods. In general, it can be seen that some steps were taken after all states were unable to resist the attacks and suffered heavy losses as a result. Although the responsibility belongs to the companies here, the governments have important duties as the state is damaged in some way as a result of the attack.
In the latest attack, which is described as one of the biggest ransomware attacks in history, the company “Kaseya”, which provides technology services to thousands of companies, was targeted. The “Coop” supermarket chain in Sweden, which was indirectly affected by the cyber-attack, had to suspend its operations for a day because it could not operate its cash registers. It should not be forgotten that every minute of all these developments causes a heavy loss of money on behalf of the aggrieved companies, but more importantly, a serious loss of prestige.
In fact, although many companies or institutions know the steps that can be taken to protect themselves from ransomware threats, they are often not done. Although the victims of the attack start to take measures to minimize the damage, sometimes this does not help. A proactive approach should be adopted in this regard, possible security vulnerabilities should be evaluated and necessary precautions should be taken in cooperation with government institutions and the sector. Still, it’s not too late for anything…
Sources :
