‘Wannacry ushered in a new security era’

On May 12, 2017, the biggest ransomware attack to date took place: Wannacry. The wave of attacks in which cybercriminals took files hostage and demanded ransom spread quickly around the world. The consequences: more than 200,000 infected Windows computers in 150 countries and a financial loss of billions of dollars. Check Point Software security engineer and expert Zahier Madhar explains how Wannacry heralded a new era in cybersecurity.

Security expert Zahier Madhar (Check Point Software).

Madhar: “Over the last five years, ransomware operations have evolved from randomly sent emails to targeted attacks on millions of companies.” He concludes that Wannacry set the trend for similar attacks as NotPetya, REvil, Conti and DarkSide. These are targeted and sophisticated attacks that affect organizations in all industries.

A major trend the security expert at Check Point has seen since WannaCry is ransomware attacks with double and even triple extortion. In these increasingly sophisticated attacks, in addition to demanding ransom for stolen files, cybercriminals threaten to disclose private information. In the case of triple extortion, they threaten to reveal not only data from the infected organization, but also data from customers, partners and suppliers. This triple extortion is also called triple extortion. ‘

Madhar points out that remote and hybrid work coupled with accelerated cloud adoption has given ransomware attackers access to new opportunities to infiltrate systems. He notes that cybercriminals are also increasingly providing ransomware-as-a-service. Ransomware is then offered as a service and ‘customers’ can then buy an attack on order via the dark web. These are also increasingly attacks on the supply chain. They must ensure maximum disruption to business operations. The required ransom is also increasing.

Attacks on governments

Check Point also sees attacks on the critical infrastructure of states and governments in the wake of Wannacry. “Recently, there were two ransomware attacks in Costa Rica and Peru, both allegedly carried out by the infamous Contiransomware gang. The attacks resulted in the Costa Rican government declaring a state of emergency and estimating a loss of $ 200 million from paralysis of customs and government agencies. and even to a power outage in one of its cities due to the failure of a major energy supplier. ”

One of the most high-profile ransomware attacks on critical infrastructure in recent years, which the IT security guard mentions, was on the US oil pipeline system Colonial Pipeline.

Increase

According to the ICT Security Officer’s research arm, in the first quarter of 2022, on average, one in 68 organizations in Europe was affected each week, an increase of 16 percent on an annual basis (one in 80 organizations in the first quarter of 2021). In the Netherlands, an average of 82 organizations were affected by ransomware each week.

Every business a goal

“In the current climate, a cyber attack is only a matter of time”

“While governments and large corporations often make headlines, ransomware players are arbitrary and will target companies of all sizes across all industries,” Mudhar said. To protect themselves, IT teams need to prioritize prevention. “The current threat landscape requires vigilance for network trojan signs, regular antivirus software updates, proactive patching of relevant remote desktop protocol (RDP) vulnerabilities.” The use of two-factor authentication and additional controls such as special anti-ransomware solutions that constantly search for ransomware-specific behavior, identify it, and encrypt and quarantine files in a timely manner are also ways to make things more secure. “With these security measures, organizations can be better prepared when they are attacked, as an attack in the current climate is only a matter of time.”

Finally, Mudhar claims that the WannaCry attack wave five years ago has changed the cybersecurity domain forever. ‘Not only because of the influence, but also because of the influence of so-called state actors.’ In particular, this influence from countries marks a turning point in the cybersecurity environment, according to Check Point. “It inspired actors all over the world and affected the entire threat landscape for the next five years.”

Leave a Comment