Cybercriminals have adapted their tactics to take advantage of vulnerabilities exposed by the pandemic and extorting more money than ever before.
A global report by United States-based cybersecurity firm Palo Alto Networks said there was a 65 percent increase in ransomware incidents in 2020 over 2019, as organisations moved operations to remote workplaces.
“Cybercriminals are making and demanding more money than ever,” the Ransom Threat Report said.
The ransomware operators had adapted their tactics to include the use of malicious emails containing pandemic-based subjects and even malicious mobile apps claiming to offer information about the virus.
“In 2020, ransom demands were an average of $US847,344, often requested in the form of bitcoin or Monero cryptocurrency,” the report says, adding the total cost of a ransomware incident was typically much more than the demand itself.
A couple of New Zealand organisations working in the manufacturing and professional and legal services sectors were among more than 300 victims who found their data published on the dark web, where victims faced ransom demands ranging from $US100,000 to $2 million in bitcoin.
Unit 42, the threat intelligence team at Palo Alto, said the New Zealand firms were attacked by the Nefilim and NetWalker ransomware groups.
“While we are not aware of the exact dollar amount which was asked by the actors, both these gangs have been known to target mid to large enterprises with ransom demands well over million USD,” the unit said.
New Zealand was among 15 countries involving 113 organisations who were subjected to targeted attacks by the NetWalker ransomware group, which accounted for about a third of the attacks in the year ended January.
The attacks had been delivered to organisations via phishing emails or by exploiting weak network or password credentials.
“It’s worth noting that the US Department of Justice announced in January 2021 it had co-ordinated international law enforcement action to disrupt the NetWalker ransomware gang,” the report says.
“The dark web domain managed by the NetWalker operators, which hosted leaked data, is no longer accessible.”
Manufacturing, professional and legal services, construction, high tech, wholesale and retail, energy, transportation and logistics and healthcare, real estate and aerospace and defence where the top 10 targeted sectors.
“Ransomware operators were brazen in their attacks in an attempt to make as much money as possible, knowing that healthcare organizations – which needed to continue operating to treat Covid-19 patients and help save lives – couldn’t afford to have their systems locked out and would be more likely to pay a ransom.”