Ransomware Thrives with Focus Directed Elsewhere

Jessica Wong

For more than a year, the pandemic has been consuming most of the bandwidth that people have for “things to worry about.” Consequently, the risk of ransomware seems to have fallen somewhat off the radar, suggests a new study by Unisys. But such attacks haven’t slowed much, and retailers are […]

For more than a year, the pandemic has been consuming most of the bandwidth that people have for “things to worry about.” Consequently, the risk of ransomware seems to have fallen somewhat off the radar, suggests a new study by Unisys. But such attacks haven’t slowed much, and retailers are seemingly still vulnerable, as indicated by attacks in April on premium men’s wear brand Boggi Milano and a Canadian hardware chain with 1,050 stores, Home Hardware Store, Ltd.

In the latter case, the DarkSide ransomware group posted a sampling of the corporate data it had copied from the retailer, which it threatened to release publicly unless the company contacted the attackers to arrange payment for decryption keys. A company spokesperson acknowledged the attack in an email to ITWorldCanada.com but wouldn’t say how much the ransom was for. The stolen documents were reported to include the privately held retailer’s financial reports, as well as documents relating to a recent acquisition.

The attack on Boggi Milano, which operates approximately 200 shops in 38 countries, was carried out by a hacker group called Ragnarok. It claimed that its attack on company servers included theft of 40 gigabytes of corporate data including human resource files such as salary information, and the company confirmed it was the victim of a cyberattack.

Both attacks reflect a trend in ransomware attacks since 2019. Hacker groups not only lock-up their targets’ systems and deny them access to files, but they exfiltrate data as well. The strategy has proved effective, forcing many organizations—even ones capable of recovering their systems through backups—to still pay attackers to prevent the publishing of their data online.

It is that backdrop that makes results from the 2020 Unisys Security Index worrisome. While remote work and data sharing persist, people generally are growing complacent about internet security, the results suggest. Overall concerns around internet security—including computer viruses and hacking—dropped 13 points from 2019 levels in the survey’s zero to 300 index. This, despite a significant increase in the number of cyberattacks in 2020.

Mat Newfield
Mat Newfield

The company’s analysts suspect that a laxer attitude toward online security is because people have been so focused on health and personal well-being. Complacency is especially evident in the US—24 percent of Americans are less likely to say they’re concerned about a data breach during the pandemic than the global average. “It’s not surprising to see people’s level of concern for their personal safety jump in light of the global health crisis,” said Mat Newfield, chief information security officer at Unisys. “However, the fact that it is not only matched by, but exceeded by, a drop in concerns around hacking, scamming, or online fraud reflects a false sense of consumer security.”

Individuals seem to be paying a price for their diverted attention. The number of online crimes reported to the FBI’s Internet Crime Complaint Center has jumped nearly 400 percent during the pandemic, with up to 4,000 incidents per day. But individuals’ lack of focus can also impact retailers and other employers, warn Unisys analysts. According to Newfield, the survey results underscore the need for businesses “to ensure they are placing a clear and concerted emphasis on proper training for their employees working from home and adopting a Zero Trust security architecture that leverages best practices like encryption and micro segmentation.”

The Darkside ransomware group announced their Ransomware-as-a-Service (RaaS) in August of 2020 via a “press release,” according to security firm Varonis, and have since become known for their professional operations and large ransoms. “They provide web chat support to victims, build intricate data leak storage systems with redundancy, and perform financial analysis of victims prior to attacking,” according to the firm’s Snir Ben Shimol.

The professionalization of ransomware attacks has caught the attention of the Department of Justice, which created a new task force last month to combat the growing threat of ransomware. An agency memo, obtained by CNN Business, describes 2020 as the worst year ever for ransomware attacks, and said the new task force will unify efforts across the federal government to disrupt ransomware attackers. Outreach to the private sector for insight into ransomware and extortion threats will be part of the government’s effort.

Tom Patterson
Tom Patterson

Tom Patterson, chief trust officer at Unisys, praised the DoJ’s initiative and suggested the private sector needs support to combat the threat. “Ransomware is being launched with impunity from criminals around the world, and more needs to be done to change the economics of the attack— to make it more costly to attack than defend,” he said.

Eva Velasquez
Eva Velasquez

Eva Casey Velasquez, president and CEO of Identity Theft Resource Center, said there has been a shift among cybercriminals away from collecting data on individuals to perpetrate identify fraud toward defrauding businesses of all sizes with ransomware attacks and phishing schemes. The ITRC also said it expects the recent shift to be a long-term trend.

Retail organizations are faced with one of the more complex threat footprints of any industry, according to the NTT 2020 Global Threat Intelligence Report. Retail organizations manage a wide variety of valuable information and “the complexity of the retail environments and complexity of the data retail manages helps make retail the focus of complex attacks,” the report concludes. Ransomware isn’t the primary threat vector— accounting for 42 percent, DoS/DDoS attacks are the single largest type of attack against retail organizations—but the success rate of targeted ransomware attacks is still high and the single most detected malware in the Americas is the WannaCry ransomware, according to the firm.

Additionally, the retail industry has the second lowest overall cybersecurity maturity score, warned the firm. “If retail wants to make significant progress towards their goal, they should emphasize data and system classification and management, focusing on the impact security will have on their business operations.”

Next Post

Airline complaints spike as travel begins to recover from COVID-19 pandemic

FOX Business’ Grady Trimble on how the airline industry is responding to the recent surge in travel.  Although the travel industry is slowly bouncing back as pandemic worries start to fade, the effects of the coronavirus on U.S. domestic air travel will have a lingering impact for years to come. […]