Cyber Crime Gangs and Ransomware

Kāpiti Business: Richard Andrewes warns of the latest cyber crime – ransomware.

Cyber crime gangs are still out in force and Kāpiti’s risk management expert Richard Andrewes says the public and businesses need to be aware of the latest problem Ransomware.

“There has been a fast-moving trend in the ransomware scene,” says Mr Andrewes. “We have seen eCrime gangs targeting single endpoints and entire networks are being compromised.

In the last quarter the average ransom has increased 33% to $173,000.00.”

He says in the bigger picture, in the last two years there has been a large increase in the average ransomware payments. The reason for the increase is a change in strategy, called the ‘double-tap’.

Before encrypting the network, the attackers will first steal the sensitive data. They will prove ownership and then use this to put pressure on the victim to pay a ransom.

“Every industry from finance, critical infrastructure and healthcare is now a target and threat actors do not care if your business supports essential services, they are still a viable target,” says Mr Andrewes.

He says they have seen organisations like Mersk, FedEx, Toll Group, Lion Brewery and VetEnt being targeted.

“InPhySec New Zealand have responded to numerous ransom attacks from global exporters, clothing boutiques and panel beating workshops.

“You may believe that businesses which transact millions of dollars a year or keep sensitive data are the main target, but this is not always the case.,” he says.

Who are eCrime gangs? The names of the big players and types of malware they drop varies each month and to name them just adds credibility to their group, but knowing their tactics is the best way to defend your organisation.

Mr Andrewes of Andrewes Risk Management says Remote Desktop Services are the most common ransomware breach with over 50% of the attacks occurring to these services.

“The best approach for your organisation is to ensure you have remote access solutions to support your business and staff functions, and these include a VPN and a Two-Factor Authentication.”

He says Email phishing is the second most common breach vector for ransomware gangs.

“The way to help alleviate this threat is having a secure gateway that scans emails, attachments, security awareness, training for staff and patch management for software vulnerabilities.”

There is always risk even with strong email hygiene, remote access solutions and solid patch management that your system for your organisation can still be breached.

“The best security investment for your organisation is to buy the most powerful End point Detection and Response (EDR). An EDR has the ability to detect both known and unknown attack behaviour, which means the ransomware is easily identified and can be terminated before damage is done to your system. Make sure your EDR capabilities are as strong as possible and are supported by specialists who care about your organisation.”

Mr Andrewes says if you have not put Cyber Liability Insurance in place, now is the right time to do as this should be a key part of your risk strategy.

He says Cyber Insurance protects you against liabilities arising from data protection laws, consequences of losing data and management of personal data. It also covers loss of income and additional expenses if you are unable to run your systems.

For more: