Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Liege Ransomware Attack. Show all posts

Retail Industry Suffered the most By Ransomware Attacks

 

The "Sophos state of Ransomware in Retail 2021" report issued by the software and hardware giant Sophos recently, examines the magnitude and consequences of ransomware attacks in the international retail sector during 2020, especially due to the ongoing Covid-19 situation - which started then started

Including the primary findings, retailers and the education industry have suffered the greatest ransomware attacks in 2020, with 44 % of firms affected (compared to 37 % across all industry sectors). It was also found that perhaps the entire price for remedying a ransomware attack was US$ 1.97 million on an estimate, compared to a cross-sectoral average of US$ 1.85 million, taking into account downtimes, people's time, equipment costs, networking cost, wasted opportunity, ransom payments, and much more. 

Retailers were highly susceptible to a modest but burgeoning new trend: extortion-only attacks. Whilst such instances, programmers of ransomware don't encrypt data rather they threaten to publish stolen information online if ransom requests are not being fulfilled. 

More than half (54 %) of the retail industry impacted by Ransomware stated that the attackers were able to encrypt their data. The ransom was paid by one-third (32%) of individuals whose data is encrypted. The average payment for recovery was US $147,811 (below that of the world average of US $170,404). Furthermore, individuals who have paid only retrieved two-thirds (67%) of their data on an average, which leaves a third still inaccessible; and only 9% had all their encrypted data back. 

The relatively large proportion of targets affected by data theft attacks is not wholly unexpected. The service industries such as the retail sector hold data that is often subject to legal data protection legislation, and threat actors are only prepared to exploit the victims' fear of data breach fallout concerning penalties and harm to their brand image, selling and customer confidence, Wisniewski said. 

“The retail sector has always been an attractive target for cyberattacks, with its complex, distributed IT environments, including a multitude of connected point-of-sale devices, a relatively transient and non-technical workforce, and access to a wide range of personal and financial customer data.” Chester Wisniewski, a principal research scientist at Sophos, is quoted in a press release. “The impact of the pandemic introduced additional security challenges that cybercriminals were quick to exploit.” 

Researchers urge IT teams, to defend the IT networks for retailers from Ransomware and other cyber attacks, to spend resources on three key areas: the creation of comprehensive cyber threat defenses; security skill development for users, especially part-time and temporary personnel, whenever possible and investing in more robust infrastructure.

Ryuk Ransomware Hits City of Liège

 

Liege, the third biggest city in Belgium, was hit by a ransomware attack resulting in the disruption of the municipality’s IT network and online services. As a precautionary measure, IT staff shut down its network to avoid the malware from spreading. The Liège officials launched an investigation into the attack with the help of international security experts and are currently working to restore the operations. 

The officials also published a non-exhaustive list of services that have been affected. These include the bookings for town halls, birth registration, wedding, burial services, collection of passports, driving licenses, identity cards, and other important documents. Online forms for event permits and paid parking are also down. 

“The City of Liège, surrounded by experts of international competence, analyzes the scale of this attack and its consequences, in particular in terms of duration on the partial unavailability of its IT system. It is doing everything to restore the situation as soon as possible. Services to the public are currently heavily impacted,” reads the status page published by the city.

The city officials only reported the incident as a “computer attack”. However, two Belgian media outlets, a radio station, and a TV station claimed that the attack may have been conducted by a group using Ryuk ransomware. Recently, the National Cybersecurity Agency of France (ANSSI) identified a new variant of Ryuk. It possesses worm-like capabilities and can spend weeks or even months inside a victim’s network, conducting reconnaissance and quietly moving ransomware to important systems, often using standard Windows administration tools.

The attack against the Liege municipality is not a one-time attack. Threat actors often target local city networks because many cannot afford top-of-the-line security nor new IT gear, often running severely outdated servers and workstations with a small IT staff. The list of targeted municipalities includes the City of Tulsa, City of Saint John, Albany, Atlanta, Baltimore, Florence, Knoxville, Lafayette, New Orleans, and more. 

According to the latest report by Ransomware Task Force, in 2020 average ransom payments raised 170 percent year-on-year, and the total sum paid in ransom increased 310 percent. It is estimated that ransomware gangs collected at least $150 million in ransoms, with one victim paying $34 million to restore their systems