In April 2022, the Costa Rican government was heavily infected with ransomware, drastically affecting its operations and the services they provide to citizens. Are US targets (like your business) just as vulnerable?
Earlier this year, Earl Foote, CEO, and BriAnn Rachele, Director of Strategic Development, appeared on PCTV to talk about the devastating ransomware attack that took place in Costa Rica:
On April 17th, 2022, the infamous Russian cybercriminal group Conti launched a cyber attack on 30 institutions connected to the Costa Rican government. They extensively infected the government’s systems with ransomware, resulting in a near-total shutdown of the nation’s finance industry.
During the downtime, the government could not manage taxes, payroll, social security payments, and other citizen-based financial needs. At the same time, Costa Rican citizens began receiving WhatsApp spam messages to threaten their security further.
During the government’s shutdown, they lost an estimated $30M USD daily.
“We’re seeing this organized nation-state attack, similar to what happened just before Russia invaded Ukraine,” says Earl. “It’s very intriguing and scary to see what’s happening.”
Conti demanded a $10M USD ransom from the Costa Rican government and threatened to leak private citizen data if their demand was unmet. Numerous countries, including the US, offered technical assistance during this downtime.
To make matters more complicated, the Costa Rican government was also going through an election. When the new President, Rodrigo Chaves Robles, took office, he declared a national state of emergency and classified cybercriminal action as a terrorist activity.
Months later, Costa Rica is still reeling from the attack. They have suffered follow-up attacks by other cybercriminals on other institutions, such as the Costa Rican Social Security Fund and the healthcare system, and continue to recover and remedy.
The government has refused to pay the ransom and has worked continually to provide critical services in light of systemic IT issues stemming from the attacks.
“The evolving reality of what is our world now,” says Earl. “Cyber warfare is becoming something we have to be aware of.”
Often originating in Asian and Middle Eastern countries, nation-state cyber attacks are unique in their danger. They are often executed with greater resources and near total immunity from any sort of justice compared to garden variety, US-based hacks.
For example, in mid-2019, Microsoft warned over 10,000 users that their personal data might have been affected by nation-state attacks in Iran, North Korea, and Russia. 84% of these attacks targeted businesses, and the remainder went after individual accounts.
Many respondents in a report by Radware noted anxiety in using newer networked devices and smart technologies that are not necessarily as secure as conventional onsite IT environments.
According to Sophos’ annual State Of Ransomware Report, this popular weapon in use by cybercriminals around the world is only becoming more common:
There are five primary ways that hackers trick targets into downloading ransomware:
Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. Phishing attacks are often mass emails that include ransomware as an attachment.
Hackers have found vulnerabilities in many popular, modern browsers like Google Chrome and Mozilla Firefox.
They spam users with official-looking pop-ups informing them of an “infection” or “security alert,” prompting them to download a file or click a link. That’s where ransomware comes into play. As with so many of these methods, it just comes down to getting the user to interact with malware in some way without knowing it.
Remote Desktop Protocol
RDP is a known infiltration point for cybercriminals, especially for unpatched systems.
Many cybercriminals are attacking third-party remote-control tools as they know that once they can gain access to a remote control tool, they will have access to several machines that can be infected.
Out Of Date Hardware
Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix and protect the users.
“What we call the cyber threat landscape is evolving rapidly,” says Earl.
A few years ago, ransomware wasn’t a big concern.
While high-profile incidents like the WannaCry attack on the NHS were concerning, they were far and few between. If you had a recent backup of your data, you could rely on that to replace your data if it was encrypted by ransomware.
Since then, however, the way cybercriminals use ransomware has evolved. They have improved their tactics and capabilities, allowing them to do much more damage, and demand much more money.
Characteristics of modern ransomware attacks include:
Sophisticated attackers sneak ransomware into a breached network and then lay dormant for weeks or months, ensuring their entry method isn’t discovered immediately.
This gives them time to embed themselves, steal data, and more, all before they activate the ransomware and infect the systems.
Without undertaking extensive forensic processes, an infected business won’t know how far back they need to go to back up their systems. Or, even worse, it will be so far back that they’ve already expunged those backups to make room for more recent versions.
Modern forms of ransomware can even target and infect backup hard drives and cloud-based data if the connections are left unsecured. That’s why cybersecurity professionals are now recommending digitally-air-gapped backups as well.
Given the effectiveness of modern ransomware attacks, defensive methods and best practices from just a few years ago are already losing feasibility. All of this is to say that you can’t assume you won’t be infected at some point.
No matter how strong your defensive capabilities are, ransomware may still get through. That’s why you must plan how to respond to an attack.
What can you do when you’re unsure if you have the skills or knowledge to get the job done? Consult with cybersecurity professionals like those on the Nexus IT Consultants team.
The cybersecurity professional’s job is to manage your cybersecurity, simple as that.
Instead of needing an employee or internal team to keep your tech and data secure, you let someone else with the skills and knowledge do it for you:
“We don’t talk about these things to be fearmongers. We talk about these things to educate,” says Earl.
Nexus IT Consultants offers comprehensive cybersecurity services to help you properly protect your organization against modern cyber threats, including nation-state attacks.