In 2021 the number of ransom requests following ransomware attacks grew by 144% globally (Unit 42 / Paloalto Networks data). The trend is also growing rapidly in Italy: in the first quarter of 2022 there were 554 attacks of this type, against 448 in the same period.
I study
Investing costs money but it is necessary to defend against cybercrime: the warning from Clusit
by Arturo Di Corinto
In June they registered high profile bindings to the University of Pisa, with a ransom request of 4.5 million dollars, and to the administration of the Municipality of Palermo, which had to deactivate its systems as a precaution during the election weekend of 12 June. A few days ago, moreover, the claim of a ransomware attack on an important Italian company in the IT sectorwhich adds up to the 31 security “incidents” recorded globally in the last week alone.
I study
Italian industry under attack must invest in cyber-resilience
by Arturo Di Corinto
In a ransomware attack, attackers don’t just steal data from affected systems but also proceed to encrypt them in whole or in part. To obtain the key needed to decrypt them, victims are asked to pay a ransom (ransom, in English), usually in Bitcoin or another cryptocurrency. The groups that conduct the attacks tend to publicly claim their attacks more prominent and often distribute portions of the stolen data with the dual purpose of confirming the attack and intimidating affected companies or institutions into paying.
Ransomware: Better not to pay
While the temptation to give in to cybercriminals’ requests in these cases can be strong, especially if critical functionality needs to be restored quickly, experts agree that it is always better not to.
“Our advice is? to be prepared for a ransomware attack and a never pay the ransom. ” explains Marco Ramilli, CEO of the security agency Yoroi (Tinexta group) ”. If it’s? an adequate backup has been made, can the company or the affected entity restart normal activities ?, while the authority? judicial will provide? to do his job “.
IT security
Cyberattacks in Italy: Word and Excel files favorite phishing channels
by Simone Cosimi
Five reasons not to pay the ransom
According to Yoroi experts, there are at least five reasons for not paying.
First of all, “there is never the certainty that after the first payment the criminals will give up the cryptographic key”, needed to unlock the data held hostage. In other words, it cannot be ruled out that the bad guys can raise if they see that the victim is ready to pay easily.
Secondly, the hypothesis that data “released” after payment can be corrupted. In that case you will find yourself having paid to end up with compromised and unusable systems anyway. As a third aspect it must be considered the tendency to repeat attacks on the same victim. Also in this case, as for the first point, paying means applying for the role of easy prey, which cybercriminals will therefore have an incentive to attack again. Fourth, the possibility that the various cybergangs share with each other (or buy on the darkweb) casualty lists from the easy purse. Even in this case, paying will therefore not free us from the concrete risk of repeated attacks in the future, perhaps by other gangs of digital jackals.
The guide
What the EU is doing to regulate cryptocurrencies
by Giacomo Barbieri
Finally, the fifth reason is the availability of various free “decryptors”, which allow you to get rid of malware without having to pay anything. Before proceeding with the payment, in other words, it is good to contact experts to analyze the situation and understand if the malware that attacked us is or is not vulnerable to the “antidotes” existing software. An example is that of the Hive ransomware, which also hit the Ferrovie dello Stato site in the past, blocking ticket offices throughout Italy. KISA, the South Korean cybersecurity agency, has released a decryptor that works from versions 1 to 4 of the ransomware. But the cat and mouse game continues: the software is currently unable to decrypt the data encrypted by version five of the malware.
Too many prefer to pay
Even experts at Veeam, a company that deals with backup, management and data recovery solutions, agree that paying ransom money to cybercriminals is not the right solution to the problem of ransomware. Unfortunately, however, the numbers are disheartening, especially in the case of small and medium-sized enterprises. According to a study conducted by the US company of 1000 IT executives globally, 76% of companies have paid a ransom at least once to get rid of ransomware quickly. To confirm that this is not the way to go, only 52% of those who paid were able to get their hands on their data and solve the problem.
Prevention is better than cure
As with many other aspects of the IT security, even in the case of ransomware the best solution is prevention. Since 100% secure systems do not exist and the human factor (the weak link in the IT chain) cannot be eliminated, it is good to prepare for the worst with structured “business continuity” and “disaster recovery” solutions suited to the criticality of the operations. In other words, making a normal backup is not enough. In fact, in the vast majority of cases, ransomware software tries to locate system saves and to destroy them to prevent the victims from resolving the attack by restoring the systems.
To effectively defend against ransomware, you need “air-gap” solutions, in which data is backed up even on systems that are completely disconnected and inaccessible via the main corporate network or via the internet. For many companies the most effective solution is still archiving to tape today, associated with several different levels of security, with redundant backups distributed on different systems. Also important is the use of security software that allows you to perform a “clean” reinstallation, ie identifying the presence of any malware or flaws before proceeding to restore the data.