22.09.2022

Ukraine War and Ransomware Exacerbate Tense IT Security Situation

  • eco Association launches ransomware initiative and names ten precautions that protect against extortion Trojans
  • Presentations and discussions on the topic on the agenda of the ISD (Internet Security Days) on 29-30 September at Phantasialand Brühl

During the war in Ukraine, the cyber threat situation has intensified. In particular, companies and public authorities are suffering from so-called ransomware attacks. According to the BSI ( German Federal Office for Information Security), such cyber extortions are becoming the biggest IT security threat. This is confirmed by a study by the IT security company Sophos: around 67 per cent of the companies surveyed in Germany (globally 66 per cent) were affected by ransomware in 2021, compared to only 46 per cent in 2020. The study “The State of Ransomware 2022″ puts the average ransom paid at EUR 253,160 – twice as much as the year before.

“Organised ransomware crime earns billions with attacks,” says Prof. Norbert Pohlmann, Board Member for IT Security at eco – Association of the Internet Industry. “Cyber criminals are currently exploiting people’s general uncertainty to penetrate IT systems via phishing attacks.” Many of the professionally organised hacker groups operate from China or Russia. “This also applies in general to critical infrastructures. Due to the current crisis in the energy markets, the electricity, gas and mineral oil sectors are of exceptional relevance, and they must be particularly protected from cyber attacks,” says Prof. Pohlmann.

The BSI assesses the security situation as tense to critical, with some sectors on red alert.

The attack vectors of the attacks are similar. The hostage-takers mainly target administrators, whose passwords are compromised. This is usually done via phishing attacks, i.e. via an email with a dangerous attachment or link. Using publicly accessible information on websites and social media, the criminals scout out in advance how to reach and best deceive the employees of the IT department.

If the attackers gain access to the company systems, they first act inconspicuously and prepare the encryption of all data and systems or copy data from customers with the aim of using them as leverage. On the day of the attack, they then strike, encrypt the data and deliver a ransom demand.

Many hacker groups operate from Russia and China

The BSI recommends not paying the ransoms demanded. But 42 per cent (globally 46 per cent) of German companies whose data was encrypted paid the ransom anyway to get their data back, the Sophos study shows. One insurer in the US reportedly paid up to $40 million to regain control of its own systems. “Don’t agree to ransom payments, says BSI President Arne Schönbohm in the eco podcast Das Ohr am Netz. “Those who have paid once will pay repeatedly and encourage copycat offenders.”

The IT security law requires companies that operate critical infrastructure to report cyber incidents. BSI President Arne Schönbohm also appeals to all other companies to contact the BSI immediately in the event of cybersecurity incidents: “Anyone who becomes the victim of a ransomware attack needs help quickly – we can provide support. Becoming the victim of a criminal offence is not something to be ashamed of.” The BSI treats such reports confidentially.

However, it is best to do everything possible to minimise the risk of a successful ransomware attack in the first place. Sophos, Microsoft and Rhode & Schwarz have joined forces to form the Ransomware Initiative under the umbrella of eco – Association of the Internet Industry with the aim of providing practical assistance in this regard. The initiative strongly recommends these technical and organisational precautions:

  • Create cybersecurity awareness among your employees. Phishing, whether by email or by phone, is one of the most successful tools used by cybercriminals.
  • Use strong passwords and, where possible, strong multi-factor authentication.
  • Allow external connections to internal systems only from specified IP addresses or via VPN.
  • Be frugal with the granting of user rights. Administrator rights, in particular, should be reserved exclusively for expert IT staff.
  • Only allow apps to be installed from trusted sources.
  • Unusual network activities are a clear alarm signal; react to warnings from your monitoring software.
  • Disable scripting environments and macros from external sources. The majority of malware is introduced via Office files.
  • Install updates for the software and operating systems used as soon as possible upon release.
  • Review your business continuity management (BCM) and IT contingency plans and prepare to be temporarily without external service providers in the event of a large-scale cyber attack.
  • Review and test your backup strategy. Backups of all business-critical systems should exist, and the restoring of the same should be tested.

 

We cordially invite journalists to participate in the Internet Security Days (ISD) at Phantasialand Brühl on 29-30 September 2022.

 

All information on the eco Ransomware Initiative

eco Association: German constitutional court calls for limits to the use of state Trojans – constitutional complaint remains a success for civil rights and IT security