Home » News » ‘Ransomware’, the powerful cyberattack that has America on alert

‘Ransomware’, the powerful cyberattack that has America on alert

– “Ransomware”, a criminal modality with which information of a company, government or user is kidnapped to collect a ransom, has the American continent on alert, before a wave of attacks that has tested its relatively immature cybersecurity systems .

After the 2021 crisis in the United States due to cyberattacks that affected more than a thousand companies and that led the Government to convene an international summit to take action, “ransomware” now has systems in Latin America flashing red, a region that In recent months, it has faced a series of high-impact break-ins in places such as Brazil, Peru and Costa Rica, the latter country where a national emergency was even declared.

“‘Ransomware’ tripled its profitability during the pandemic and, although the technical essence remains the same, its operating model has drastically evolved to become large and sophisticated criminal organizations,” Kerry-Ann Barrett, director of the Program, explains to Efe. of Cybersecurity of the Organization of American States (OAS).

A LUCRATIVE AND DANGEROUS BUSINESS

Ransomware uses a malicious program that prevents users from accessing their system or files and demands payment of a ransom in order to access them again.

Although most organizations do not report these extortions, the Ransomwhere platform, which has been tracking ransoms for a year, calculates that only payments to criminals in cryptocurrency already exceed 120 million dollars, of which almost 17 million have been delivered in 2022.

For Marc Rivero, a researcher at the Russian cybersecurity giant Kaspersky, this explains the “great advance of this crime, since it can move more money than human trafficking or the sale of weapons.”

The 2022 Cyber ​​Threat Report from the US firm SonicWall shows a 105% rise in data hijacking last year, exceeding 623 million attacks worldwide -almost twenty attempts per second-, with the United States second. head (421 million or 67.5% of the total).

On the Latin American side, Brazil (33 million attacks and fourth in the world), Colombia (11.3 million, sixth) and Mexico (7 million, tenth) are among the ten countries most affected by this type of extortion, in a list in which Canada also appears, which ranks fifth, with 24.2 million attacks.

The fact that Brazil is the main Latin American country attacked by this type of program is attributed to its greater availability of internet services, a situation that was triggered by the restrictions imposed by the pandemic.

Meanwhile, in Mexico, the growth in the last year was close to 700% in attempted cyberattacks on companies and up to 1,000% in government agencies, explains Jesús García, Quest Software’s manager for Mexico.

And, in the case of Chile, the Government’s Computer Security Incident Response Team (CSIRT) mentions that cyberattack attempts against institutions last April were around half a million and they were looking for vulnerabilities in web sites and systems to steal the information of the State and its citizens.

However, “it is very difficult to know how many ransomware attacks there are in Chile, since the affected institutions or companies do not always reveal that they have been compromised. And the cases that people suffer are even less known, ”they inform Efe in this organization.

A “WAR” IN A VULNERABLE REGION

“We are at war and that is not an exaggeration,” declared the president of Costa Rica, Rodrigo Chaves, on May 16, just eight days after assuming the Presidency, referring to the group of Russian origin Conti, author of a series of “ransomware” type attacks against some thirty state entities.

That same group assured in early May that it had attacked emails from the General Directorate of Intelligence of the Ministry of the Interior of Peru and revealed the monitoring of public officials and virtual activities of different ministries.

For experts, these experiences show that criminals are turning to a region that they consider potentially profitable and with relatively immature cybersecurity defenses.

“As the United States and Europe have increased their protection, it is a little easier for a cybercriminal to look for markets or places where the level of protection is lower,” Belisario Contreras, who led the Program for more than a decade, describes to Efe. Cybersecurity at the OAS and has been co-chair of the Global Council for the Future of Cybersecurity of the World Economic Forum.

“Costa Rica got it this time, but it could have been any other institution from any other country in Latin America and the Caribbean. The region needs a higher level of cybersecurity maturity,” adds Contreras, currently senior director of global security and technology strategy at Venable LLP.

As an example of this fragility, days ago the Association of Banks of Peru warned the Government of a “security gap” in State agencies that left the personal data of citizens at risk on social networks.

Meanwhile, in Mexico, says Quest Software, the government has increased the use of open source (software whose source code is available to everyone), which represents another source of vulnerability.

TARGETS AND OBJECTIVES

According to Barrett, all institutions are at risk given the degree of sophistication of the “ransomware-as-service (RAAS)” structures, which are “groups of 30 to 60 people with departments of human resources, marketing, negotiators and developers. , who are dedicated 24 hours a day to studying potential targets and planning attacks.”

And although in its recent irruptions in Peru, the Conti group has assured that it works “exclusively” for money, according to the director of the OAS Cybersecurity Program, there is also a media interest in “disseminating confidential information or interrupting or paralyzing services” massively. .

In the case of the Americas, SonicWall and Kaspersky experts have found that recent high-profile attacks have targeted strategic energy or consumer companies, governments, educational institutions and hospitals.

Along these lines, the United States was the target last year of several cyber blackmails against important infrastructures and companies, such as Colonial, the largest oil pipeline network in the country, and JBS, the world’s leading meat processor.

Another high-profile attack in the region compromised the notification system of the Immunization Program of the Brazilian Ministry of Health at the end of 2021, at the height of a new wave of the pandemic, and was taken over by the Lapsus group with the message: “contact us if you want to recover the data”.

The barrage has also affected a dozen public entities in Colombia over the last year, the most serious of these attacks was against the National Administrative Department of Statistics (DANE) and took its website off the air for almost ten days, although much part of the violated information was restored by the “backups” that the entity maintained.

Also in Ecuador – a country that, according to Kaspersky, is one of the main targets of cybercriminals in Latin America, along with Brazil, Mexico, Peru and Colombia – several companies and large institutions have been attacked in recent months, including the National Agency for Transit, the National Telecommunications Corporation, Banco Pichincha -the largest in the country- and the Municipality of Quito.

BACKUPS AND INFORMATION SEGMENTATION

After the emergency in Costa Rica and one year after the Colonial Pipeline case, considered the largest successful cyberattack on oil infrastructure in US history, experts insist that preventive measures must be taken.

In this regard, it is considered key to segment computer systems, to isolate the different components in the event of a cyber attack.

“Another very important factor is the backups, the “backups” that make it possible to go back online immediately. A solution for this is in the cloud, which allows for decentralized backups”, underlines Belisario Contreras.

While Kerry-Ann Barrett, from the OAS, suggests that since 81% of successful attacks use emails as vectors, double authentication models should be implemented in personal and corporate accounts.

Diana Marcela Tinjacá

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.