Ransomware has become amazingly widespread over the Covid period with numerous and global companies being impacted . When a medium to large infrastructure service company informed the Cabinet office they had been the successful target of Ransomware the response was “not you as well!”
The reasons behind this plethora of successful attacks are multifaceted but here are some of the main ones. The primary reason is that “IT PAYS generously” and there have been numerous of undisclosed successful demands and payments made to hackers.
The others are more a sign of the times and with so many people working remotely the initial steps of entry or attack vector are much easier then 12-15 months ago as employees now expect to be communicated through email and links and do not have their colleagues to hand to validate and check before proceeding. Therefore systems and file shares that are not protected by MFA (Multi factor authentication) are a much easier target without careful risk mitigations.
It is interesting that the same Infrastructure company whose IT department was so heavily praised for getting people to work remotely in such a short period of time pre the first Covid lockdown did not take a step back and consider the “Risks” but rather were bent on demonstrating the “shinning knight syndrome” and then is there any surprise when then hit by Ransomware 8 months later. They maintained they were hit by “zero day” malware which considering the rich pickings elsewhere this is unlikely rather than looking at their own set-up and configurations. The only saving grace for the team was they were not alone.
To List a few and these are those that have disclosed in the last 6 months are:
CD Projekt; Baltimore County public schools district; Garmin; Blackbaud, Intersever, Amey ; SEPA, Redcar; Hyundai; Hospitals at Dax and Villefranche-sur-SaƓne; Serco, UKRI; MHN; California DMV and the list goes on.
Ransomware has been so successful over the last 12-15 months there have been calls to make ransomware payments illegal. Further posts will look at why some organisations are susceptible and others are NOT
