For cyber terrorists, business has been booming during Covid pandemic

Representational image | Photo: Flickr

Text Size:

As the pandemic trashes the world economy, one business is booming. The number of ransomware attacks, where hackers encrypt a user’s data files and then demand payment to restore access, climbed by 20 per cent in the first half of the year to reach 121.4 million assaults, according to data security firm SonicWall.

Many of the victims chose to pay up. In June, the University of California said it paid $1.14 million to extortionists who’d besieged servers at its medical school. CWT, a travel-management company, handed over $4.5 million worth of Bitcoin last month to resolve a hack, Reuters reported. Garmin Ltd., which sells portable devices linked to global positioning systems, suffered outages in the final week of July it said were due to a cyber attack. While the company hasn’t commented on how it solved the interruptions, various media reports put the ransom demand at $10 million.

In the past four years, Kivu Consulting has been involved in more than 700 ransomware incidents. Last year, the cyber security firm was the agent for 143 payments worth more than $17 million. So what should you do when the email arrives saying you’ve been hacked, your data has been compromised and if you don’t pay a ransom, your servers will remain frozen? I caught up with Winston Krone, Kivu’s global managing director, to find out. The following is a lightly edited transcript of our telephone conversation this week.

Mark Gilber: The number of ransomware attacks has climbed substantially this year. Is lockdown having an impact?

Winston Krone: We’re in the middle of a huge wave of attacks right now. Companies are coming back to work, employees are bringing infected computers back into the organization. Attackers have waited. The value of a ransomware attack is much bigger now that companies have gotten through the worst part of Covid and have the money to pay. It’s all about business interruption, that’s why people pay a ransom. If the company’s not working, if it’s hobbling along, a ransomware attack is not going to have the impact it would if the company was going full blast. We had attacks a couple of months ago where the victim of the attacks said, “We’re not sure we’re gonna be in business, we’re not paying a ransom because we’re not sure we’re gonna make payroll next month.”

MG: Given that companies are reluctant to admit to being hacked or paying ransom, how big is the iceberg that we only see the tip of?

WK: I would suspect the ratio is about 10/1, based on our metrics in the past four years where we know the number of ransomware attacks we were involved in that went public. There are very few unreported cases for publicly traded companies these days. Four years ago there was a huge embarrassment factor, now there’s no incentive to keep it secret. If anything, there’s quite a bit of sympathy for public companies that are hit with ransomware attacks. Of course, it’s different for private companies.

We are deeply grateful to our readers & viewers for their time, trust and subscriptions.

Quality journalism is expensive and needs readers to pay for it. Your support will define our work and ThePrint’s future.