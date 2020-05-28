Rodrigo AlonsoFOLLOWMadrid

Updated: 05/28/2020 14:27

The “ransomware»For many years it has been among the most important threats to the economy and security of companies. This type of virus, which has been behind some of the most notorious cyberattacks against hospitals in these times of pandemic, aims to hijack the data and devices of a company to subsequently ask the victim for a ransom. According to a recent report by cybersecurity firm Sophos, in which 5,000 IT managers from companies in 26 countries around the world participated, During 2019, 51 percent of companies suffered an attack of this type.. Figure that grows in the specific case of Spain to reach 53 percent.

«A” ransomware “attack has many implications. On the one hand, economic. The cost of regaining control is at $ 730,000 on average worldwide. So the economic impact is great. Then, obviously, it also represents operational and reputational problems for the company that suffers it, ”Ricardo Mate, CEO of Sophos Iberia, explains to ABC.

And is that a threat of this type can completely paralyze the activity of the infected company. At the end of 2019, the security company Prosegur suffered an attack of this nature that forced “restrict communications with customers to prevent the spread” of the virus for more than 24 hours. The “ransomware” used in this action was Russian Ryuk, one of the most popular among cybercriminals today. “It has been active since 2018 and is very sophisticated. It is used in very specific attacks. Once a computer is compromised, it tries to move laterally to the other devices that share a domain. It uses social engineering to trick the user into downloading it, “” hacker “Deepak Daswani explains to ABC.

The solution may be worse than the disease

In most cases, the objective pursued by a criminal when he infects a company’s network with such a virus is payment of a ransom; normally in the form of Bitcoinsas they are more difficult to track. However, according to the Sophos report, the fact that a company gives in to pressure and pays, does not imply that you are going to save money. Nor that you will necessarily regain control of your information.

“Of the companies that saw their data encrypted globally, 26 percent acknowledged that they paid. The thing changes in the case of Spain, which is the country of the report in which a smaller number of companies acknowledged having paid, only 4 percent. Logically, it is one thing to recognize it and another that it is indeed so. It must also be said that the cost paid by those who have agreed to the rescue has been double the cost of those who have not paid it, “says the CEO of Sophos.

As explained in the report, companies that suffered such an attack, but refused to pay, had average global losses of $ 730,000. In the case of those who ended up accessing the payment, the figure rose to $ 1.2 million. Regarding the main objectives of companies, the Sophos report highlights that, worldwide, the media are one of the favorite sectors of cyber criminals.

“Globally, the media or entertainment are the ones that suffer the most attacks of this type. They are followed by energy companies and other critical infrastructures and information technology. In Spain we have seen that the public administration has also been quite affected. Something curious, because if we speak in global terms it is usually the one that suffers the least from these types of threats. Although the health sector is not broken down as such in the report, in the last year we have also seen how it suffers many attacks, “says the CEO of the cybersecurity company. Mate recalls, in this sense, the “ransomware” attack suffered by Prisa Radio, in Spain, at the beginning of November last year.

The present and future of the threat

In times of pandemic, criminals are redoubling efforts to take advantage of the enormous number of users who are connected to the network at all hours of the day. According to Google, its security teams detected 18 million daily cyberattack attempts in April. In what refers, in particular, to “ransomware” both the Police and the Civil Guard have notified attempts of infection of health centers during the last months. Something that could be, if possible, especially serious at a time like today.

“Obviously, an attack on a health center can be as dangerous as one imagines. It can cost human lives. There are some sectors that are like this. It is also true that we are seeing a trend when it comes to attacks on hospitals. Both in Spain and in other countries, ”Juan Santamaría, director of the Spanish cybersecurity company Panda Security, told this newspaper last week.

José de la Cruz, chief technology officer for security company Trend Micro, tells ABC that currently “ransomware” attacks they are becoming increasingly sophisticated and therefore more dangerous: «Before there were two types of” ransomware “attack. One was generic and worked just like a spam campaign. The more users clicked, the better, but it was not intended to infect a specific user or company. The other was directed, which is the one that is destined to affect someone in particular ».

“The third derivative is the one that affected, for example, Everis or Cadena Ser. We have been seeing it gain importance in recent months and now, of course, it continues. These are combined attacks using three types of viruses. First they launch a massive campaign to affect as many companies as possible. Once this is done, instead of hijacking the data and asking for a ransom, what the cybercriminal does is auction the infection on the “dark web” for anyone to exploit, »continues De la Cruz.

Mate, for his part, points out in this regard that “we are seeing a number of attacks that are much more targeted and increasingly intelligent. In fact, we have found new variants of “ransomware” that what they do is steal the information before encrypting it. With this theft, they can ask for bigger ransoms, threatening to make the data public. Recently, the EDP company in Portugal suffered an attack of this type thanks to the use of the Ragnar Locker ransomware ”.

Likewise, Lorenzo Martínez, director of the IT consulting firm Securízame, points out that this threat has not stopped evolving over the years. In turn, he explains how a company should act to combat it: «” Ransomware “is one of the biggest enemies I have had in my life. I’ve been dealing with him since 2012. His evolution has been brutal. The former allowed to recover deleted files and information from Windows restore points. Today they are very well designed. They are much more effective and sophisticated. My recommendation is to prevent, but many security tools can be saved by cyber criminals, so it is important to have backup copies. And for this, you must have a good back up system. The only effective solution is that it is also “ransomware” proof, specifically ».

