Regístrese ahora para una mejor cotización personalizada!

Reported ransomware attacks are just the tip of the iceberg. That's a problem for everyone

Ago, 02, 2022 Hi-network.com
Image: Getty

The level of reported ransomware incidents doesn't paint an accurate picture of what's really going on, as many victims remain unwilling to talk about what happened, the European Union's cybersecurity agency has warned. 

Following an analysis of 623 ransomware incidents between May 2021 and June 2022, the ENISA threat landscape report for ransomware attacks warns that "the findings are grim" as ransomware becomes more efficient and is causing more devastating attacks. 

Security

  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

Ransomware presents a massive cybersecurity challenge, with many victims feeling as if they've got no other choice but to pay potentially millions in Bitcoin to free their data. But very few victims ever talk about what happened, with ENISA noting "publicly reported incidents are only the tip of the iceberg". 

SEE: Ransomware: Why it's still a big threat, and where the gangs are going next

According to ENISA, it wasn't possible to confirm whether a ransom was paid in 94.2% of all the incidents they analysed, something that the agency says "limits our understanding and thus our ability to perform a proper analysis and mitigate the threat of ransomware". 

That isn't the only aspect of ransomware that is going underreported and it's making tracking incidents difficult as the report warns that many victims just don't report they've been a victim of a ransomware attack because they "prefer to deal with the problem internally and avoid bad publicity".  

That leads to a lack of reliable data when it comes to painting a true picture about the state of ransomware attacks. 

"The lack of reliable data from targeted organisations makes it very hard to fully understand the problem or even know how many ransomware cases there are," warns the report, which suggests the most reliable sources for finding out who has been a victim of a ransomware attack are the leak sites of cyber-criminal ransomware groups who publish data stolen in the attack. 

This lack of transparency also means that it's difficult to investigate, analyze and learn lessons about how attacks work, hampering efforts to help protect other businesses from falling victim to similar incidents. 

Public statements on what happened during attacks are rare, and in the few cases that are spoken about publicly, they often don't include details.  

"Ransomware is thriving, and our research shows that threat actors are conducting indiscriminate attacks. Companies of every size across all sectors are affected. Anyone can become a target. We urge organisations to prepare for ransomware attacks and consider possible consequences before attacks occur," the ENISA paper said. 

Steps that organisations can take to help protect their network from ransomware and other cyber threats include ensuring that users aren't using easy-to-guess common or default passwords, as well as providing all users with multi-factor authentication, so in the event that a password is stolen or a network is breached, it's harder for an intruder to abuse that access. 

It's also recommended that security updates are applied as soon as possible to prevent cyber criminals from exploiting unpatched vulnerabilities to help launch ransomware attacks. 

MORE ON CYBERSECURITY

  • This company was hit with ransomware, but didn't have to pay up. Here's how they did it
  • The unrelenting threat of ransomware is pushing cybersecurity workers to quit
  • These ransomware hackers gave up when they hit multi-factor authentication
  • Ransomware: 1.5 million people have got their files back without paying the gangs. Here's how
  • Ransomware is hitting one sector particularly hard, and the impact is felt by everyone

tag-icon Etiquetas calientes: tecnología seguridad

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.