“Ransomware”, the cyberattack that puts America in check

The “ransomware”, a criminal modality with which information from a company, government or user is kidnapped to collect a ransom, has the American continent on alert, before a wave of attacks that has tested its relatively immature security systems. cyber security.

After the 2021 crisis in the United States due to cyberattacks that affected more than a thousand companies and that led the Government to convene an international summit to take action, ransomware now has systems in Latin America flashing red, a region that in the In recent months, it has faced a series of high-impact break-ins in places such as Brazil, Peru and Costa Rica, the latter country where a national emergency was even declared.

“‘Ransomware’ tripled its profitability during the pandemic and, although the technical essence remains the same, its operating model has drastically evolved to become large and sophisticated criminal organizations,” Kerry-Ann Barrett, director of the Program, explains to Efe. of Cybersecurity of the Organization of American States (OAS).

LOOK: Europe prepares its cyber security systems to defend its health network

A LUCRATIVE AND DANGEROUS BUSINESS

Ransomware uses a malicious program that prevents users from accessing their system or files and demands a ransom payment in order to access them again.

Although most organizations do not report these extortions, the Ransomwhere platform, which has been tracking ransoms for a year, calculates that only payments to criminals in cryptocurrency already exceed the $120 millionof which almost 17 million have been delivered in 2022.

For Marc Rivero, a researcher at the Russian cybersecurity giant Kaspersky, this explains the “great advance of this crime, since it can move more money than human trafficking or the sale of weapons.”

The 2022 Cyber ​​Threat Report from the US firm SonicWall shows a 105% rise in data hijacking last year, exceeding the 623 million attacks worldwide -almost twenty attempts per second-, with the United States in the lead (421 million or 67.5% of the total).

On the Latin American side, Brazil (33 million attacks and fourth in the world), Colombia (11.3 million, sixth) and Mexico (7 million, tenth) are among the ten countries most affected by this type of extortion, in a list in which Canada also appears, which ranks fifth, with 24.2 million attacks.

LOOK: The Falklands: the computer lab behind the theft of a cell phone

The fact that Brazil is the main Latin American country attacked by this type of program is attributed to its greater availability of internet services, a situation that was triggered by the restrictions imposed by the pandemic.

Meanwhile, in Mexico, the growth in the last year was close to 700% in attempted cyberattacks on companies and up to 1,000% in government agencies, explains Jesús García, Quest Software’s manager for Mexico.

And, in the case of Chile, the Government’s Computer Security Incident Response Team (CSIRT) mentions that the cyberattack attempts against institutions last April were around half a million and they were looking for vulnerabilities in web sites and systems to steal the information of the State and its citizens.

However, “it is very difficult to know how many ransomware attacks there are in Chile, since the affected institutions or companies do not always reveal that they have been compromised. And the cases that people suffer are even less known, ”they inform Efe in this organization.

A “WAR” IN A VULNERABLE REGION

“We are at war and that is not an exaggeration,” declared the president of Costa Rica, Rodrigo Chaves, on May 16, just eight days after assuming the Presidency, referring to the group of Russian origin Conti, author of a series of Ransomware-type attacks against thirty state entities.

That same group assured in early May that it had attacked emails from the General Directorate of Intelligence of the Ministry of the Interior of Peru and revealed the monitoring of public officials and virtual activities of different ministries.

LOOK: The shocking real testimony of a cell phone thief: animated video of El Comercio

For experts, these experiences show that criminals are turning to a region that they consider potentially profitable and with relatively immature cybersecurity defenses.

“As the United States and Europe have increased their protection, it is a little easier for a cybercriminal to look for markets or places where the level of protection is lower,” Belisario Contreras, who led the Program for more than a decade, describes Efe. Cybersecurity at the OAS and has been co-chair of the Global Council for the Future of Cybersecurity of the World Economic Forum.

“Costa Rica got it this time, but it could have been any other institution from any other country in Latin America and the Caribbean. The region needs a higher level of cybersecurity maturity,” adds Contreras, currently senior director of global security and technology strategy at Venable LLP.

As an example of this fragility, days ago the Association of Banks of Peru warned the Government of a “security gap” in State agencies that left the personal data of citizens at risk on social networks.

Meanwhile, in Mexico, says Quest Software, the government has increased the use of open source (software whose source code is available to everyone), which represents another source of vulnerability.

LOOK: When a simple QR code can be a bridge for you to be scammed and robbed

TARGETS AND OBJECTIVES

According to Barrett, all institutions are at risk given the degree of sophistication of the “ransomware-as-service (RAAS)” structures, which are “groups of 30 to 60 people with departments of human resources, marketing, negotiators and developers. , who are dedicated 24 hours a day to studying potential targets and planning attacks.”

And although in its recent irruptions in Peru, the Conti group has assured that it works “exclusively” for money, according to the director of the OAS Cybersecurity Program, there is also a media interest in “disseminating confidential information or interrupting or paralyzing services” massively. .

In the case of the Americas, SonicWall and Kaspersky experts have found that recent high-profile attacks have targeted strategic energy or consumer companies, governments, educational institutions and hospitals.

Along these lines, the United States was the target last year of several cyber blackmails against important infrastructures and companies, such as Colonial, the largest oil pipeline network in the country, and JBS, the world’s leading meat processor.

Another high-profile attack in the region compromised the notification system of the Immunization Program of the Brazilian Ministry of Health at the end of 2021, at the height of a new wave of the pandemic, and was taken over by the Lapsus group with the message: “contact us if you want to recover the data”.

LOOK: FluBot, the malicious program that stole bank accounts with a single SMS

The barrage has also affected a dozen public entities in Colombia over the last year, the most serious of these attacks was against the National Administrative Department of Statistics (DANE) and took its website off the air for almost ten days, although much part of the violated information was restored by the “backups” that the entity maintained.

Also in Ecuador – a country that, according to Kaspersky, is one of the main targets of cybercriminals in Latin America, along with Brazil, Mexico, Peru and Colombia – several companies and large institutions have been attacked in recent months, including the National Agency of Transit, the National Telecommunications Corporation, the Pichincha Bank -the largest in the country- and the Municipality of Quito.

BACKUPS AND INFORMATION SEGMENTATION

After the emergency in Costa Rica and one year after the Colonial Pipeline case, considered the largest successful cyberattack on oil infrastructure in US history, experts insist that preventive measures must be taken.

In this regard, it is considered key segment computer systemsto isolate the different components in the event of a cyber attack.

“Another very important factor is the backups, the “backups” that make it possible to go back online immediately. A solution for this is in the cloud, which allows for decentralized backups”, underlines Belisario Contreras.

While Kerry-Ann Barrett, from the OAS, suggests that since 81% of successful attacks use emails as vectors, double authentication models should be implemented in personal and corporate accounts.

Source: Elcomercio

James

I have worked as a journalist for over 10 years and have written for various news outlets. I currently work as an author at 24 News Recorder, mostly covering entertainment news. I have a keen interest in the industry and enjoy writing about the latest news and gossip. I am also a member of the National Association of Journalists.