The impacts generated by cyber attacks have gained in volume and variations in recent years, worrying companies around the world. What was once treated as isolated action has become a highly profitable, pulverized, and easily accessible business for malicious people, including individuals with cursory knowledge of technologies applied in the development of this malicious software.
In the year 2017, attacks that focus on the sequestration of data have gained representativeness in a world scenario, considering occurrences that have generated financial damages to companies of various sizes and segments in several countries.
Ransomware attacks encrypt user data and request redemption under penalty of deletion or disclosure of information. These attacks have become very common in recent years, Brazil being one of the main targets in Latin America, concentrating 92.31% of attacks with these characteristics.
In this blog post, it will be presented statistical data on the latest Ransomware attacks with reflections in Brazil and worldwide, including estimation of financial losses, business segments hit and variations of attacks.
Ransomware attacks circulate on the Internet since 2012, and since then they have received updates becoming more sophisticated and efficient over the years. Reveton, Mamba, WannaCry and Petya are just a few examples of Ransomware variations that have affected corporations worldwide over the past five years.
On May 12th2017, a Ransomware-type attack started, which was called WannaCry, literally “I want to cry”. There were about 200,000 victims in 150 countries, the rescue message being translated into 28 languages, making cyberattack one of the most representative in recent years.
The incident affected countries differently, with greater representation in Russia, Ukraine, Taiwan and India. Brazil was the fifth country with the highest number of detections, according to a report published by Avast (2,114 detections).
The main impacts generated by WannaCry in Brazil are associated with the unavailability of the website of the Court of Justice and the Public Prosecutor’s Office of São Paulo. According to these organizations, the systems were not affected by the attack, but the unavailability was a preventive attitude, faced with the prospect of more serious problems. In Rio de Janeiro, the attack affected Social Security and INSS systems. At the time, computers were also shut down as a precaution. At Petrobras, employees were instructed to save jobs and shut down computers for approximately 15 minutes.
Although the attacks did not capitalize large financial volumes on cybercriminals, the overall damage of the incident is estimated to be approximately US $ 4 billion. This estimate involves payment of redemptions, unavailability of services, damages to the image of companies among other items associated with financial losses.
Another variation of Ransomware that caused concern in 2017 was cryptomalware ExPetr, which also received other denominations, such as Petya and PetrWrap. The great difference of this attack was the specificity in the selection of the targets, targeting critical infrastructures, such as airports, power generation plants, whose unavailability generates impacts of greater proportions.
ExPetr’s performance model evidences insights from security experts around the world, checking the main purpose of some incidents that make use of cryptomalwares. According to Kaspersky Lab researcher Juan Andres Guerrero Saade, in the specific case of ExPetr the attack ends up having characteristics of sabotage, receiving a kind of disguise, when associated with data hijacking. This placement is mainly supported by the fact that ExPetr uses a randomly generated key to encrypt equipment, which is not stored, making it highly unlikely that the user will be able to rescue the data contained in the infected device.
The specialized press reports new incidents, associated with Ransomware, every day. Now, crackers from around the world are devoting their time to developing cryptomalwares, aimed at securing financial benefits, or corporate sabotage/espionage throughout the world.
If you think these cybercriminals are concentrated only in Europe, Asia or in overdeveloped countries, you are completely mistaken. There are already records of variations of Ransomware being created in our country, as is the case of Xpan that brought damage to a number of users earlier this year.
Brazil is, and will continue to be, the target of virtual attacks of varying proportions. Every day a number of companies go through this kind of problem regardless of their size and segment. Current reports and research also reveal that most of these attacks are opportunistic, that is, they do not have a specific target, exploiting vulnerabilities of systems and companies with low maturity in information security.
Although the highest concentration of these attacks occur in developed countries, as is the case of Germany, USA, among others, it is of great relevance to pay attention to Ransomware variations focused on mobile devices. Faced with this fact, it is worth mentioning that between 2014 and 2015 Brazil ranked 10th in the ranking of countries most affected by this problem, inspiring care about the issue.
Occurrences associated with data hijacking on mobile devices skyrocketed in the first quarter of 2017, with 218,625 Trojans installation packages of this type. The data in question represents a 3.5 increase when compared to the previous quarter. The focus of attackers are countries with well-developed financial and payment infrastructures that do not yet have sufficient protection resources to avoid this kind of threat.
Between 2015 and 2016, Germany was the country with the highest percentage of attacks of this type (almost 23%), taking into account users who suffered attacks by any type of malware on mobile devices. Then came Canada (almost 20%), UK and USA, which exceeded 15%.
This picture changed in 2016-2017; the US moved from fourth to first place (almost 19%). Canada and Germany remained in the top three, with nearly 19% and more than 15%, respectively. The UK was fourth, with more than 13%.
Regardless of the mode and variance of Ransomware attack, it is important that people and companies awaken to this type of occurrence. The maintenance of the alignment between technological resources and good practices for the use of the Internet, characterize the first steps that must be taken to avoid accidents associated with data sequestration.
If your company does not have internal knowledge to deal with information security guidelines, the search for specialized professionals is aimed at structuring measures that prevent/reduce the impacts caused by these attacks. Keep reading about data hijacking in the post 5 key tips to prevent data hijacking.
[latest_post type=’boxes’ number_of_posts=’3′ number_of_colums=’3′ order_by=’date’ order=’ASC’ category=’solution-appreciation’ text_length=’100′ title_tag=’h4′ display_category=’0′ display_time=’0′ display_comments=’0′ display_like=’0′ display_share=’0′]