Ransomware is back!March 15, 2017 | By:
Today, where we live, food trucks are the hype. So were burger shops a few years back. We don’t know what would be the next trend coming up but we know for sure that, Ransomware is all the hype when it comes to Cyber Security.
The proliferation of Bitcoins made it easy to make money on the Internet. In the last few years threat actors were nation states rather. However, now financial motives are main reason of cybercrimes.
Currently, ransomware is evolving fast and the number of attacks nearly doubles each year. The Middle East will not see the decrease in ransomware attacks anytime soon but few simple solutions can improve the impact dramatically.
History of Ransomware
It is interesting to know that ransomware was around for a good few years, as a matter of fact, the first ransomware in history appeared in 1989, and it was called AIDS Trojan. It was spread via floppy disks, and the ransom involved sending $189 to a post office in Panama.
The first functional ransomware with public encryption keys was introduced in 1996 by Adam L. Young and Moti Yung. During the next decade, ransomware wasn’t particularly popular as there were other, more attractive types of malware at the time.
The malware gained attraction in 2006 when it started using sophisticated RSA encryption, resulting in the exponential growth of the discovered ransomware every year since. The rise of Bitcoin and other hardly traceable digital currencies made the ransomware extortion easier than ever, and it’s definitely one of the main reasons for its rise in popularity among malicious users.
Cyber criminals are looking to infect targets with valuable data that are more likely to pay the ransom. The businesses are often targeted as well as public institutions such as Government sectors, schools, and hospitals. The reasons for infecting these targets are simple:
- high-income targets are more prone to paying the ransom
- major business disruption increases chances of getting paid
- major organizations tend not to report the attacks due to fears of reputation-related consequences
Impact on the Middle East
Simply put – ransomware can destroy a business in a day. Without access to the irreplaceable data, businesses will feel the ransomware impact from the moment of infection. Knowing that ransomware takes victims offline for at least a week, and in some cases months, the impact on income can be significant. The ransomware lock itself is not the cause of these long blackouts, but the effort needed to clean the system up and restore the networks to its pre-attack state.
When it comes to the Middle East – solely in 2016, there were over 130,000 ransomware infections, and over 100 country code top-domain level (ccTLD) infections.
Back in November 2016, a second wave of Shamoon attacks was spotted targeting organizations in the Middle East, especially Saudi Arabia. The new wave includes a fully functional ransomware that was designed to run as an encryptor. This module is currently inactive but could be utilized in future attacks.
Ransomware infection rates are much higher in regions where there are raised levels of political protests and unrest. This means that cyber security issues are not linked solely to the networks, but also to a variety of different socio-economic factors. In 2015, Saudi Arabia ranked first impacted country for ransomware in the Middle East and Africa with around 41 attempts per day measured. These alarming figures show that ransomware continues to evolve with more destructive and aggressive style seeking any network connected device to infect.
Accordingly, Organizations should increase their cyber security awareness. Empowering employees to understand risks and raising their cyber security training is a key solution to defend against evolving threats.
Also, when it comes to ransomware, the Best approach is to Back up everything, everywhere. Performing regular backups will mitigate the risk of ransomware attacks by taking away the leverage that attackers use to get paid.
Ransomware is still a significant threat, but as long as users are educated and prepared, the risks associated with such threat can be minimized and contained.