Malicious programs that seize the data of a device asking for a ransom to make them accessible again: this is what ransomware are, computer viruses widely used by cybercriminals to finance their illicit activities
Between February 2020 and mid-May 2021, more than 600 European companies have been affected by ransomware attacks which, in addition to creating the temporary discomfort due to a computer system completely paralyzed, they have often served as a diversion for the theft of valuable data. Compared to the first quarter of 2020, attacks of this type, in the same interval of 2021, have scored a 422% increase.
These numbers are the result of a research conducted by the cybersecurity company FireEye and make it clear how cybercriminals are favoring ransomware attacks. The use of this type of computer virus began to take hold more and more starting from about mid-2019. Started as a broad-spectrum threat and generically aimed at increasing the number of victims, ransomware has been used more and more until they become much more reasoned and targeted activities.
But what is ransomware? The answer lies in the word itself which is composed of the word ransom – ransom in English – and the suffix -ware which identifies it as a malicious program. In fact, this type of malware is used by cybercriminals for take hostage one or more devices on the network, encrypting their data and demanding a ransom to make them usable again.
32 years after the discovery of the first ransomware known as Trojan Aids o PC Cyborg the ransom demanded by cybercriminals has increased as the technologies used have evolved. If in 1989 the Trojan Aids he asked $ 189 ransom to unlock the encrypted files on the hard drive now the figures are much higher and dollars have given way to cryptocurrencies.
Cybercriminal groups often employ their ransomware in extensive attack campaigns with the aim of raising enough payments to finance their criminal activity.
To deliver ransomware to victims, cybercriminals prefer to use a hugely popular and sadly effective attack vector: he phishing. Fake e-mails disguised to the point of being authentic by inducing the user to click on a link contained in them, are the main gateway to computer systems target. In fact, a simple click on a malicious link is enough to start the download of the ransomware which, in a few moments, is able to encrypt the entire system making the infected device completely unusable.
As the cybercriminal ecosystem follows global economic trends, economic performance and perceived level of development are two indicators that explain why the UK, France and Germany are the most targeted nations in Europe. Italy is in fourth place in this ranking drawn up by FireEye with numbers absolutely comparable to those of Germany and with ransomware attacks that not only affect large companies such as Campari, Luxottica O Geox but they also target small and medium-sized businesses and individual users.
Unlike large companies that increasingly invest in cybersecurity, perhaps the private user does not invest in high-level protection and, moreover, more easily falls victim to a phishing attack. Although valuable trade secrets are not often stored on a private device to be stolen, by encrypting photos and documents that are sentimentally important, users are more likely to pay small amounts to get their data back. Small amounts that multiplied by thousands of attacked computers result in one hefty source of income for cybercriminals. Precisely for this reason cybersecurity experts recommend make regular backups and, above all, of do not pay the ransom asked by cybercriminals.
In recent years, however, criminal groups have begun to target increasingly large companies, even reaching attack and paralyze entire cities. However, these groups of attackers often carry out attacks without considering any risks to communities going as far as hit the systems of a pipeline, paralyzing half the east coast of the United States, then to apologize after realizing the discomfort caused.
Another indicator showing how cybercriminals are following global trends is the recent trend a hit healthcare facilities with this type of malware causing serious damage to hospitals and, above all, to hospitalized patients.
“My concern is that groups operating through ransomware attacks they will continue to grow until we start addressing the problem at the political level”Explains Jens Monrad, FireEye’s Director and Head of Mandiant Intelligence (EMEA) at Wired. “Slowing down these criminal activities will require a level of political involvement that we have never seen before. Cybercrime is a global challenge and we need to report and act against countries that offer protection to cybercriminals or that passively accept their actions until these attackers hit the host country or protect them”, conclude Monard.