Targeted ransomware attacks on the rise in the era of remote working

Working online has become the new norm as a result of Covid-19, and instances of cybercrime are on the rise.

Modern-day cybercriminals are now favouring ransomware – a type of software designed to cause damage to a computer, server, network or client – to hack their targets and block access to systems until an exorbitant sum of money is paid. Healthcare organisations, government agencies, companies and others have fallen victim.

IT security company Sophos released shocking findings in its State of Ransomware 2021 global survey report, revealing that the average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761 106 (around R10.75 billion) in 2020 to $1.85 million (more than R26 billion) in 2021.

This can be closely associated with the mass movement to remote working in the corporate world on account of Covid-19 and observing social distancing protocols.

Paying up doesn’t mean the problem is over

The global findings show that although more organisations opted to pay the ransom, only 8% managed to get back all their data after payment, with 29% getting back no more than half of their data.

The most common ransom payment is above R140 000, while the highest payment made among the businesses surveyed was over R44 million.

“The findings confirm the brutal truth that when it comes to ransomware, it doesn’t pay to pay,” says Chester Wisniewski, principal research scientist at Sophos.

“Despite more organisations opting to pay a ransom, only a tiny minority of those who paid got back all their data.”

In South Africa, the average cost of remediating a ransomware attack is over R6 million, with 24% of respondents having reported a ransomware attack in the last 12 months.

Rebuilding after an attack

“Recovering from a ransomware attack can take years and is about so much more than just decrypting and restoring data,” says Wisniewski.

“Whole systems need to be rebuilt from the ground up and then there is the operational downtime and customer impact to consider, and much more. Further, the definition of what constitutes a ‘ransomware’ attack is evolving.”

It seems targeted ransomware is the newer and more sinister type of malware.

It is becoming highly sophisticated, with some variants now able gain access into a computer system without connecting to the internet at all, making its source virtually untraceable.

The pressure of desperation

The profitable and fast pay-off, combined with its stealth and the relative anonymity of the transactions, has made this type of cyberattack increasingly attractive to criminals. This is according to Deloitte’s Taking data hostage: The rise of ransomware report.

“We’ve seen attackers move from larger scale, generic, automated attacks to more targeted attacks that include human hands-on-keyboard hacking,” says Wisniewski.

“While the overall number of attacks is lower as a result, our experience shows that the potential for damage from these more advanced and complex targeted attacks is much higher.

“Such attacks are also harder to recover from, and we see this reflected in the survey in the doubling of overall remediation costs.”

No one is immune

Among its recommendations to defend against ransomware and related cyberattacks, Sophos says individuals should assume that they will fall victim. No sector, country or organisation is immune from the risk.

“In short, it is more important than ever to protect against adversaries at the door, before they get a chance to take hold and unfold their increasingly multi-faceted attacks.”

Palesa Mofokeng is a Moneyweb intern.