May’s ‘this month in cybersecurity’ is somewhat of a ransomware news special. In addition to a ransomware attack on Costa Rica and the continued expansion of BlackByte, this month also marks the fifth anniversary of WannaCry, perhaps the most damaging malware attack the world has seen.
Ransomware remains hugely prevalent, but is an attack likely to happen again on this scale? And if it did, how many organizations out there would be fully prepared?
(Un)Happy Anniversary, WannaCry
Anniversaries are often a cause for celebration, but sometimes a reason for reflection instead. That’s definitely the case this month, which marks five years since the WannaCry malware first emerged to such devasting effect.
It began as a spillover from a North Korean cyberattack and infected approximately 200,000+ machines in more than 150 countries. It caused billions of dollars worth of damages and affected some of the world’s biggest and best-known organizations.
So, have lessons been learned? Perhaps not, as WannaCry is still a major threat, and it did not kickstart a significant shift in how organizations assess and mitigate cybersecurity risks. Cybercriminals still using WannaCry have come back with reworked and updated versions, so it’s arguably more dangerous than ever.
Ransomware is still one of the most common ways an organization can be attacked. How prepared are you?
Related Reading: Ransomware Attacks on Small Businesses: How to Mitigate
BlackByte Continues to Go Global
In further ransomware news, it was revealed in May that ransomware group BlackByte has continued its global expansion. It has redesigned the website from which it leaks stolen data and targeted fresh victims from North America to Colombia, the Netherlands, China, Mexico, and Vietnam.
The warning came from analysts at Talos, Cisco Systems' threat intelligence group, which has been monitoring BlackByte since the FBI and US Secret Service issued a joint cybersecurity advisory in February 2022.
BlackByte first appeared in the summer of 2021, targeting critical infrastructure sectors in the US and Europe. It works by exfiltrating an organization’s data and then threatening to leak it on the dark web unless a ransom is paid.
Ransomware is a constantly changing and evolving threat, with toolkits continually being improved to make data exfiltration faster and more effective. There’s no quick fix to defending against ransomware, but a combination of people, processes, and technology will set you on the right path.
Related Reading: What is Ransomware-as-a-Service (RaaS)?
Paying the Ultimate Price for a Data Breach
The consequences of a cyber-attack or data breach can be devastating. Operations can grind to a halt. There might be a significant financial impact, whether from a fine or paying a ransom demand, or customers may decide their data will be safer with another organization.
It is rare for a company to have to shut down entirely, though, but that’s what happened to one healthcare start-up recently after a data breach that exposed the personal health information of its users. Patients’ demographic information was accessed, but also medical histories, health insurance details, and a whole host of other health-related data.
To learn about data breaches and how best to avoid them, our on-demand webinar, How to Prevent Data Breaches with GoAnywhere, is a great place to start.
Energy Sector Must Be Quicker in Addressing Cyber Threats
Cybersecurity is industry neutral. Criminals don’t care too much which sectors they target and disrupt, although it’s fair to say that some are more vulnerable than others. Amid a global energy crisis, energy is near the top of the list.
New research from risk management firm DNV has revealed that energy industry professionals think they can do better in responding to attacks. In the survey, 85 percent of respondents believe a cyber-attack on the energy industry will likely cause operational shutdowns and 84 percent damage to energy assets and critical infrastructure. Yet six in 10 also believe that their organization is more vulnerable to an attack now than ever.
Despite this, 35 percent said their company would need to be impacted by a serious incident before investing in their defenses. It’s a curious strategy. Cybersecurity is too important to ‘wait and see’ in energy or indeed any sector.
Related Reading: GoAnywhere Industry Expertise
Ransomware Group Conti Targets Costa Rican Government
Rounding off our ransomware special in May, is this example of how ransomware groups are getting more ambitious in scope. Conti recently threatened to overthrow the Costa Rican government after demanding the country pay $10 million to unlock key government systems affected by a cyber-attack.
The attack was initially thought to have affected only the treasury, leaving it without digital services and working manually to get things done. But it’s since been revealed that up to 27 government institutions were impacted. The ransomware group has since upped its ransom demands to $20M and urged the citizens of Costa Rica to take to the streets and demand that the government pays up.
Further proof, if it were needed, that ransomware gangs can and will target anyone they believe to be vulnerable.
Related Reading: 5 Ways Government Can Improve Cybersecurity Resilience
MFT and Ransomware Prevention
Keeping an organization safe against ransomware requires several different elements. However, one of the most important is managed or secure file transfer. GoAnywhere MFT is the market-leading solution here. Book a 15-, 30- or 60-minute demonstration to learn more about GoAnywhere and how it can help.
