A focus on cybersecurity as 76% fear cybercrime

76% of Europeans believe they are facing an increasing risk of falling victim to cybercrime, according to European Union Agency for Cybersecurity. New ransomware and cyberattacks are among top worries for executives globally, according to research firm Gartner. Organization the No More Ransom initiative that coordinates tools to unlock hostage computers celebrates six years this summer. The European Parliament’s website in a summary stresses the importance of increased cybersecurity.

The parliament says digitalization is creating opportunities as well as challenges. By 2030, 125 billion devices could be connected to the internet, up from 27 billion in 2017. 22.3 billion of internet of things devices are estimated to be in use by 2024. The annual cost to the global economy for cybercrime doubled in the five years 2015 – 2020 to estimated Euro 5.5 trillion.

NEW EU RULES

The European Parliament and the European Council Presidency earlier this summer agreed on rules requiring EU countries to have stricter supervisory and enforcement measures and to harmonise their sanctions regimes. This means tighter cybersecurity obligations in terms of risk management, reporting obligations and information sharing. The requirements include incident response, supply chain security, encryption and vulnerability disclosure, among other provisions.

More entities and sectors will have to take measures to protect themselves. “Essential sectors” such as the energy, transport, banking, health, digital infrastructure, public administration and space sectors would be covered by the new security provisions.

During negotiations, MEPs insisted on the need for clear and precise rules for companies and pushed to include as many governmental and public bodies into the scope of the directive.

“Ransomware and other cyber threats have bullied Europe far too long. We need to act and make our businesses, governments and society more resilient to hostile cyber operations” said lead MEP Bart Groothuis (Renew, NL).

CONTINUED ATTACKS

“This European directive is going to help about 160.000 entities to tighten their grip on security and make Europe a safe place to live and work. It will also enable information sharing with the private sector and partners around the world. If we are being attacked on an industrial scale, we need to respond on an industrial scale” he said.

The European Union Agency for Cybersecurity (ENISA) highlights that cybersecurity attacks have continued to increase through the years 2020 and 2021, not only in terms of vectors and numbers but also in terms of their impact. The COVID-19 pandemic has also had an impact on the cybersecurity threat landscape.

The original EU cybersecurity directive was set up in 2017. However, EU countries implemented it in different ways, thereby fragmenting the single market, which led to insufficient levels of cybersecurity.

UNLOCKING FILES

“Ransomware attacks have been growing in number and severity for years, with headlines focused on ransom demands that have climbed to amounts once unthinkable”, Europol says.

The project No More Ransom provides keys to unlocking encrypted files as well as information on how to avoid getting infected by cyber crooks.

Launched by IT security companies, Europol and the Dutch National Police, the No More Ransom portal initially offered four tools for unlocking different types of ransomware in English. This has now grown to136 free tools for 165 ransomware variants, including often mentioned Gandcrab, REvil/Sodinokibi, Maze/Egregor/Sekhmet.

Over 188 partners from the public and private sector have joined the scheme, regularly providing new decryption tools for the latest strains of malicious software, Europol says.

SECURITY TIPS

”To date, the scheme has so far helped over 1.5 million people successfully decrypt their devices without needing to pay the criminals. The portal is available in 37 languages”, Europol said.

However, the best cure against ransomware remains diligent prevention, Europol says recommending:

• Regularly back up data stored on your electronic devices.
• Watch your clicks – do you know where a link will take you?
• Do not open attachments in e-mails from unknown senders, even if they look important and credible.
• Ensure that your security software and operating system are up to date.
• Use two-factor authentication (2FA) to protect your user accounts.
• Limit the possibility to export large amounts of corporate data to external file exchange portals.

If you despite this are victim of an attack, do not pay! Report the crime and check No More Ransom for decryption tools! Europol said in a statement in connection with the six year anniversary.

A new report from the EU Agency for Cybersecurity shows that ransomware criminals stole about 10 terabytes of data each month between May 2021 and June 2022. 58.2% of the data stolen included employees’ personal data.

PAYING RANSOM

“Information about the disclosed incidents is quite limited since in most cases the affected organisations are unaware of how threat actors managed to get initial access. In the end, organisations might deal with the issue internally (e.g. decide to pay the ransom) to avoid negative publicity and ensure business continuity.”

“However, such an approach does not help fight the cause – on the contrary, it encourages the phenomenon instead, fueling the ransomware business model in the process”, the report says.

The agency analysed a total of 623 ransomware incidents across the EU, the UK and the US from May 2021 to June 2022. The data was gathered from governments’ and security companies’ reports, from the press, verified blogs and in some cases using related sources from the dark web.

FINDINGS:

• Between May 2021 and June 2022 about 10 terabytes of data were stolen each month by ransomware threat actors. 58.2% of the data stolen included employees’ personal data.
• At least 47 unique ransomware threat actors were found.
• For 94.2% of incidents, it is not known whether the company paid the ransom or not. However, when the negotiation fails, the attackers usually expose and make the data available on their webpages. This is what happens in general and is a reality for 37,88% of incidents.
• The report therefore concludes that the remaining 62,12% of companies either came to an agreement with the attackers or found another solution.
• Companies of every size and from all sectors are affected.
• The total number of attacks is impossible to capture since too many organisations still do not make their incidents public or do not report on them to the relevant authorities.

The report says ransomware attacks either Lock, Encrypt, Delete or Steal the target’s assets. Targeted assets can be anything such as documents or tools from files, databases, web services, content management systems, screens, master boot records (MBR), master file tables (MFT).

RECOMMENDATIONS:

• Strengthen your resilience against ransomware by taking actions such as:

• keep an updated backup of your business files & personal data;
• keep this backup isolated from the network;
• apply the 3-2-1 rule of backup: 3 copies, 2 different storage media, 1 copy offsite;
• run security software designed to detect most ransomware in your endpoint devices;
• restrict administrative privileges; etc.

• If you fall victim of a ransomware attack:

• contact the national cybersecurity authorities or law enforcement for guidance;
• do not pay the ransom and do not negotiate with the threat actors;
• quarantine the affected system;
• visit the No More Ransom Project, a Europol initiative.