Successful Attacks By Ransomware Slowing Down In 2020 Amid COVID-19: Study

Successful Attacks By Ransomware Slowing Down In 2020 Amid COVID-19: Study

By RTTNews Staff Writer | Published: 4/22/2020 9:38 AM ET

Early indicators in 2020 show that ransomware attack numbers would be similar to or worse than 2019, but the number of successful attacks reduced considerably now amid the coronavirus (COVID-19) crisis, according to cybersecurity firm Emsisoft Malware Lab. It is now at a level not seen in several years.

Cybercriminals use software vulnerabilities to launch ransomware attacks on organizations and demand payments in cryptocurrencies such as Bitcoin to restore their systems back to normal. They are also distributing malware disguised as other products to steal personal information.

A total of 89 organizations were impacted by ransomware in the first quarter of 2020, with 38 on government entities, 26 on educational institutions and 25 on healthcare entities.

There were a total of 113 attacks on government entities in 2019 for an average of 28.25 per quarter and 89 attacks on educational establishments for an average of 22.25 per quarter, disrupting operations at up to 1,233 individual schools. In the first quarter of 2020, it disrupted operations at up to 422 individual schools.

There were also a total of 764 attacks on healthcare providers in 2019 for an average of 191 per quarter.

In 2019, a total of 966 government agencies, educational establishments and healthcare providers in the U.S. were impacted by ransomware for an average of 241.5 per quarter.

While the number of successful attacks on the public sector has decreased, attacks on the private sector have remained largely unchanged during the COVID-19 pandemic.

The downward trend is continuing into the second quarter with only a relatively small number of successful attacks having occurred between April 1 and 20, with 3 attacks on government entities, 2 on educational institutions and 2 on healthcare entities.

This marked decrease in attacks can be attributed to the suspension of non-essential services during the COVID-19 pandemic as they may have effectively reduced organizations' attack surfacing. The work-from-home aspect may also have created challenges for ransomware groups.

The decline in successful attacks, and especially attacks on healthcare providers, is obviously a positive, but the relief is likely only temporary. Once organizations resume normal operations, the number of attacks could return to their previous levels.

The reduction may also be due to the fact that many companies are financially distressed.

A recent report by Chainalysis stated that ransomware attacks or, at least, ransomware payments, have decreased significantly since the COVID-19 crisis intensified in the U.S. and Europe in early March.

For comments and feedback contact: editorial@rttnews.com

ecosystem for entrepreneurs
Markethive Advertisement

Article written by an RTT News Staff Writer, and posted on the RTT News.com website.

Article reposted on Markethive by Jeffrey Sloe

CTI League Formed To Fight Cyberattack On Medical Sector Amid COVID-19

CTI League Formed To Fight Cyberattack On Medical Sector Amid COVID-19

By RTTNews Staff Writer | Published: 4/3/2020 11:10 AM ET

A group of Cyber Threat Intelligence (CTI) experts, incident responders, and industry experts formed a CTI League to prevent or neutralize cyber threats at the time of COVID-19 pandemic. There has been a surge in cyberattacks on healthcare agencies that are fighting in curbing the spread of the COVID-19 pandemic.

The league members work to identify, analyze and neutralize all threats, especially the attacks against front-line medical resources and critical infrastructure of medical or health-related organizations.

The CTI League volunteers would help the medical sector with takedown, triage or escalate the relevant cyber attack, malicious activity or critic vulnerable to law enforcement agencies and the national computer emergency response teams (CERTs).
CTI experts will also help boost the cyber defense capabilities of various companies and train the employees on how to identify and thwart such attacks.

The league will help ensure hospitals and clinics protect their internal systems and databases for patients, healthcare workers, and volunteers. Reports claim that there has been a 150 percent increase in healthcare cyberattacks in the last two months, including phishing emails and ransomware.

Cybercriminals are using software vulnerabilities to launch ransomware attacks on healthcare facilities and demanding payments in cryptocurrencies such as Bitcoin to restore their systems back to normal. They are also distributing malware disguised as coronavirus-related health care products to steal personal information.

This international league spans more than 40 countries and consists of about 400 cybersecurity volunteers to counter hacking campaigns, including senior professionals from Microsoft, ClearSky Cyber Security, Okta and Amazon. This league is claimed by some to be a cyber version of the Justice League.

According to the CTI League, the goal of this platform is to foster a positive community, dedicated to sharing information and protecting end-users from COVID-19 cybersecurity threats. However, it is purely for threat intelligence work and not to be exploited as a for-profit resource.

ecosystem for entrepreneurs
Markethive Advertisement

Article written by an RTT News Staff Writer, and posted on the RTT News.com website.

Article reposted on Markethive by Jeffrey Sloe

Ransomware Group Hit Five US Law Firms Demand Ransom in Bitcoins

Ransomware Group Hit Five US Law Firms Demand Ransom in Bitcoins

By RTTNews Staff Writer | Published: 2/4/2020 9:20 AM ET

Five U.S. law firms have been hit by a dangerous ransomware group called Maze, stealing their data and then encrypting it, a modus operandi they are known for, according to cybersecurity firm Emsisoft. Maze is reportedly demanding a ransom in bitcoins to restore or delete their data with them.

At least three of these law firms have been affected within the last 72 hours, and it is feared that Maze could target more law firms in the days to come. Though currently only U.S. firms have been hit, firms in other countries are also at risk.

Emsisoft believes malicious email attachments were used to infect the networks of the affected law firms. Ransomware can be delivered in a variety of formats, including PDF, ZIP, Word document, Excel spreadsheet and more.

Maze generally extracts a ransom from their targeted victims in return for the deletion of the data stolen from them. For proof, they initially name the victims, and if that does not work, they publish a small portion of their data online.

If the ransom is still not paid, Maze will go ahead and post the remainder of the data on its websites, sometimes on a staggered basis.

In the current attacks, Maze has already posted a portion of the stolen data of at least two of the firms, which includes client information. Maze claims that the stolen data will be deleted upon payment.

Attacks that steal data are considered to be data breaches which, under U.S. law, are treated very differently to malware infections. These data breaches could also lead to the affected firms facing legal action from aggrieved customers.

Emsisoft warns that opening a malicious attachment may deploy the ransomware immediately, or it may enable attackers to remotely execute the ransomware in future. The attachments are delivered via phishing emails.

Phishing is a very common attack vector in which threat actors pretend to be a legitimate entity in order to elicit an action from the target.

Around 400 servers of the Colorado Department of Transportation (CDOT) were affected and the whole computer network was hung in a ransomware attack in 2018.

For comments and feedback contact: editorial@rttnews.com

Article written by an RTT News Staff Writer, and posted on the RTT News.com website.

Article reposted on Markethive by Jeffrey Sloe