Ransomware is a rapidly growing threat that has recently become a global disaster. As a result of using such programs, hackers block computer systems by encrypting the data, and then demand payment to unlock the system. According to US news agencies, these programs have affected everyone in recent years, from banks and hospitals to universities and municipalities. Last year alone, nearly 2,400 organizations in the United States fell victim to such attacks. But experts say attackers are increasingly targeting the industrial sector because those firms are more willing to pay to regain control of their systems.
Ransomware is not just a software product that leads to financial extortion, it is a crime that ignores business, government, academia and geograph boards. The activities of such products also affected the health sector during the COVID-19 pandemic, and became the result of the closure of schools, hospitals, police stations, government organizations, and U.S. military facilities. It is a crime that directs both private and public funds to global criminal organizations. Proceeds from extortion can fund illicit activities, ranging from human trafficking to the development and proliferation of weapons of mass destruction.
Statistics for May 2021:
In March this year, Acer was attacked by hackers. Using the REvil extortionist program, the attackers demanded from the Taiwanese manufacturer the largest known ransom to date – $ 50 million.
In the beginning of May, the representatives of the American fuel company Colonial Pipeline, which supplies fuel to the US East Coast, were forced to suspend some systems in order to localize the threats posed by a large-scale cyber attack. Colonial Pipeline transports about 2.5 million barrels of refined fuel daily, accounting for 45% of all fuel consumed on the East Coast of the United States. As a result of the shutdown of the largest fuel operator, Colonial Pipeline, the US government declared a regional emergency in 18 states[1]. According to the subject matter experts and journalists, hackers of the DarkSide group, which allegedly operates from the territory of the Russian Federation, may be involved in this cyberattack.
Despite the published statement, which was made in May 10 by DarkSide as to apolitical approach and non-involvement in any government organization, attacks on critical infrastructure are part of a hybrid war waged under the controlled “non-interference” of intelligence officials.
Prior to that, in February this year, the representatives of the hacker group DarkSide were involved in cyberattacks on Brazilian energy companies[2].
It is noteworthy that the victims of extortion programs are mostly organizations or companies from the United States, Great Britain, Australia and Brazil[3]:
Based on the results of the study of recent events that led to the interference in the operation of computer systems using extortion programs, the Global Cyber Cooperative Center (GC3) has developed the following recommendations:
[1] https://www.coveware.com/blog/ransomware-marketplace-report-q4-2020
[2] https://blog.emsisoft.com/en/37314/the-state-of-ransomware-in-the-us-report-and-statistics-2020
[3] https://blog.chainalysis.com/reports/ransomware-ecosystem-crypto-crime-2021
[4] https://unit42.paloaltonetworks.com/ransomware-threat-assessments
[5] https://www.securitylab.ru/news/519856.php
[6] https://www.securitylab.ru/news/516288.php
[7] https://securityandtechnology.org/wp-content/uploads/2021/04/IST-Ransomware-Task-Force-Report.pdf
Senator business center, 32/2, Dukes of Ostrozhsky, Kyiv
+38 (050) 428 44 68 (Ukraine), +1 (786) 755 8398 (USA)© 2023 GLOBAL CYBER COOPERATIVE CENTER (GC3). All rights reserved