A New Era of Ransomware

For months, Costa Rica has been on the frontlines of unprecedented ransomware attacks that have impacted just about every aspect of life. Essential services have been crippled, teachers have been unable to collect their paychecks, doctors have been prevented from tracking the spread of COVID-19, all while international trade has ground to a halt. 

The chaos in Central America is not an isolated incident, however. Instead, it’s the culmination of a recent rise in ransomware attacks across the globe. So, with threat levels increasing what can governments and private sector organizations learn from these attacks and how can they avoid ending up in cyber criminals’ crosshairs themselves?

Beware Vulnerability Windows

Ransomware attacks are rarely the acts of individuals sitting at their computers and randomly deciding when to strike. Instead, they’re meticulously planned. The culmination of weeks, often months of threat actors accessing systems and planting the seeds of their assault so that they can cause the maximum possible disruption. 

As a result, you often see ransomware attacks targeted during times of instability or uncertainty. We’ve experienced that with the handover of power from one government to another; but we’ve also seen attacks coincide with other world events such as the start of the war in Ukraine and the onset of COVID-19, distractions that make it easier for cyber criminals to not only access systems but cause the most damage. 

These disruptions don’t even need to be massive geopolitical events like wars or pandemics. Change in any form brings with it risk. Indeed, in previous years, we’ve seen ransomware attacks targeted to coincide with national holidays, Christmas and even long weekends. The aim of the attackers is to catch their targets off balance when people’s attention might be elsewhere. 

We call these “vulnerability windows” and in order to effectively protect themselves organizations, whether they’re governments or businesses, need to proactively monitor their risk and deploy resources accordingly. 

Practice Good Cyber Hygiene

People might view ransomware attacks and think that they’re the result of a massive security breach or organizations not having stringent enough controls, but more often than not this kind of event is simply the result of poor cyber hygiene. 

The concept works in exactly the same way as personal hygiene, in that people who maintain their health by taking preventative measures are less likely to get sick while those who don’t put themselves at a greater risk. 

When it comes to organizations, poor cyber hygiene creates chinks in your security architecture that attackers can exploit. That’s why practicing good cyber hygiene is so important. Simple steps like using strong passwords, multi-factor authentication, updating software regularly and securing backups all go a long way to keeping your security infrastructure intact. 

Watch Out For Insider Threat

Recently we’ve seen a growing number of attempts by groups like Lapsus and Conti to actively recruit individuals from within governments and businesses to sell remote access credentials. There are advertisements all over the internet with groups overtly asking for this kind of access and offering good money for it.

It’s not just money that can motivate insider threats either, sometimes the intent can be malicious. Perhaps an individual doesn’t agree with the politics and policies of the organization they work for. Or they’re leaving, so take access with them or leave back doors open for attackers to get in after they’re gone. 

Whatever their motivation may be, monitoring is vitally important in order to protect from this kind of insider threat. Fortunately, the behavioral analytical heuristics that are now set within security programs are specifically designed to spot unusual activity. Used in conjunction with good cyber hygiene, organizations can help to protect themselves from attacks wherever they originate from. 

How Can Governments Combat The Rise Of Ransomware? 

It’s easy to look at recent attacks and think this is trouble in a faraway land. But the simple truth is that attacks can and do happen everywhere. In fact, our most recent Check Point report shows that Latin America is facing the same level of threat as those of us here in Europe.  

The problem is that we’re not doing enough to ensure that organizations, whether private or public sector, are protected from the rise of ransomware. Indeed, while governments have worked to implement stringent measures in areas like data privacy the same can’t be said for ransomware. 

So, where there should be strong compliance or mandates in place to ensure that organizations are adequately protected, there are instead guidelines and best practices that businesses can choose to follow. It’s a crazy situation. After all, in other areas of life like driving a car, for example, you need to reach a certain level of qualification or capability before you’re given a license. But you don’t need any specific qualification or certification to be given the task of securing a business. And until ransomware is treated as seriously as other areas, organizations across the world will be put at risk. 

Don’t Get Complacent

Cybersecurity can't just be another tick box exercise and governments must act to set standards and enforce compliance in order to ensure that organizations are adequately protected. 

It’s time we started to adopt a risk management framework that ensures organizations are as protected from ransomware as they are from other threats facing their operations. We’ve got to become more proactive, conducting regular exercises, threat assessments and testing to ensure that we know our systems will stand up to attack.

Because the biggest lesson we can take away from the plight of Costa Rica is that ransomware attacks can and do happen to anyone. 

Deryck Mitchelson is Global Chief Information Officer at Check Point

You Might Also Read: 

Ransom: Prepare For The Worst:

 

« Iranian Hackers Try Intercepting Israeli & US Government Emails
Two Million Extortion Emails Blocked Every Day »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

TrustInSoft

TrustInSoft

TrustInSoft develops solutions that validate mission-critical software and eliminate attack vectors.

NITA Uganda (NITA-U)

NITA Uganda (NITA-U)

NITA-U has put in place the Information security framework to provide Uganda with the necessary process, policies, standards and guideline to help in Information Assurance.

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) - Afghanistan

Information System Security Directorate (ISSD) is the Directorate of MCIT responsible for the security of critical information infrastructures in Afghanistan.

CARICERT

CARICERT

CARICERT is the National Cyber Emergency Response Team of Curacao in the Caribbean.

Trustonic

Trustonic

Trustonic is a leader in the device security market. Our mission is to protect apps, secure devices & enable trust.

Tecnalia Research & Innovation

Tecnalia Research & Innovation

Tecnalia is the largest center of applied research and technological development in Spain, a benchmark in Europe and a member of the Basque Research and Technology Alliance.

Angoka

Angoka

Angoka provide hardware-based solutions for managing the cybersecurity risks inherent in machine-to-machine communication networks.

OurCrowd

OurCrowd

OurCrowd is a leading equity crowdfunding platform for investing in global startups.

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute builds on the strength of its members in the area of network and communication security, artificial intelligence, big data and cyber physical systems.

Venustech

Venustech

Venustech is a leading provider of network security products, trusted security management platforms, specialized security services and solutions.

Zaviant Consulting

Zaviant Consulting

Zaviant Consulting is a leading data security and privacy consulting firm assisting organizations comply with constantly evolving security frameworks and privacy regulations.

Noerr

Noerr

Noerr is one of the top European law firms with 500 professionals in Germany, Europe and the USA. We provide solutions to complex and sophisticated legal matters including cyber risks.

Aembit

Aembit

Aembit is the Identity Platform that lets DevOps and Security manage, enforce, and audit access between federated workloads

Jericho Security

Jericho Security

Jericho Security is on a mission to defend the world from the new threats of generative AI cyber attacks.

Xygeni

Xygeni

Xygeni is a leader in Application Security Posture Management (ASPM). Our advanced technology detects malicious code in real-time to prevent malware infections.

Bonfy.AI

Bonfy.AI

Bonfy.AI prevents incidents in the use and communication of AI and human generated content, providing visibility and proactive risk mitigation of confidentiality, privacy, and compliance.