Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label ransom payments. Show all posts
Technology
Energy Oil ransom payments Ransomware Technology

Securing the Grid: How Ransomware is Targeting Energy and Oil Sectors


According to a new analysis from cybersecurity firm Sophos, ransomware attacks are hitting the energy and oil and gas sectors harder, costing utilities more in recovery time and money as victims appear to be more inclined to pay ransom demands.

Ransomware Attacks: A Growing Threat

The report examines ransomware's impact on critical infrastructure firms and is based on more than 200 responses from a larger survey of 5,000 cybersecurity and IT leaders conducted in January and February. Sophos reported that the global ransomware attack rate appears to be decreasing. Still, researchers discovered that recovery times for energy, oil and natural gas, and utilities have been gradually growing since at least 2022.

This slowness could represent the increased complexity and severity of attacks, needing more recovery labor. According to the paper, this also implies a rising lack of recovery planning.

Vulnerabilities in the Energy Sector

According to the report, more than half of energy, oil and gas, and utility ransomware victims required more than a month to recover, up from 19% in 2022.

The Biden administration has spent recent months warning about Chinese-backed infiltrations into sensitive civilian and military critical infrastructure. Security officials have stated that the "Volt Typhoon" hackers may attempt to impair essential infrastructure serving people to influence public opinion as tensions rise in Taiwan. 

Researchers cautioned that cyberattacks on IT infrastructure, such as bill payment systems, can influence operations and services, implying that even if an attack solely impacts the IT side of the business, key functions such as energy generation and transmission may be affected.

"There's a preponderance of older technologies configured to enable remote management without modern security controls like encryption and multifactor authentication," Chester Wisniewski, global field chief technology officer at Sophos, said in a news statement. "Like hospitals and schools these utilities are frequently operating with minimal staffing and without the IT staffing required to stay on top of patching, the latest security vulnerabilities, and the monitoring required for early detection and response."

The Cost of Ransomware Attacks

As reported by Sophos, nearly half of all successful assaults were caused by an unpatched or untreated vulnerability, with compromised credentials accounting for slightly more than a quarter. According to the researchers, the energy, oil and gas, and utilities sectors are the "most likely to fall victim to the exploitation of unpatched vulnerabilities."

Furthermore, that same group is more inclined to pay a ransom to restore encrypted data rather than relying on backups.

According to the report, this is the first time that energy, oil/gas, and utility firms have reported a higher propensity to pay the ransom rather than employ backups.

The Rising Tide of Ransomware

While the survey highlights how ransomware remains one of the most disruptive to critical infrastructure operations, the general lack of information in the larger threat picture due to low reporting rules suggests that the true cost of ransomware could be significantly greater. 

The Cybersecurity and Infrastructure Security Agency is now working on a rulemaking process that will require many critical infrastructure businesses to report significant cyber events, with the final rule likely early next year.

Read more »
victim response
Coveware Cyber Threats Cybersecurity Data Breach Data Recovery industry collaboration Law Enforcement ransom payments Ransomware victim response

Increasing Number of Ransomware Targets Opting Against Ransom Payments

 

For an extended period, ransomware groups have instilled fear in various organizations, including businesses, schools, and hospitals. However, there is a positive shift as an increasing number of victims are now rejecting ransom demands.

In the fourth quarter, the percentage of victims succumbing to ransom payments reached an all-time low, standing at a mere 29%, according to cybersecurity provider Coveware, specializing in assisting companies against ransomware attacks. 

This decline is not an isolated incident but part of a growing trend that commenced approximately three years ago when around 60% of victims yielded to ransomware demands. Coveware attributes this change to the enhanced capabilities of the industry in responding to successful ransomware incidents. Despite these attacks having the potential to encrypt entire networks and pilfer sensitive information, many companies are now able to recover using their own backups.

Moreover, there is a heightened awareness among victims that paying a ransom provides no assurance of data deletion. Instead, there is a risk that the stolen data might be traded clandestinely to other cybercriminal groups, and the ransomware gang could exploit the information to target the victim again.

Coveware notes, "The industry continues to get smarter on what can and cannot be reasonably obtained with a ransom payment. This has led to better guidance to victims and fewer payments for intangible assurances." 

However, on the downside, ransomware groups are still extracting substantial funds from those who choose to pay up. In Q4, the average ransomware payment soared to $568,705, up from $408,644 a year earlier. Simultaneously, the number of data breaches in 2023 set a new record at 3,205 publicly known compromises, as reported by the Identity Theft Resource Center.

Coveware emphasizes the need for a united front against the ransomware menace, urging the industry to establish stronger collaborations with law enforcement on a continuous basis rather than seeking assistance only during a ransomware attack. 

The company highlights that less than 10% of victims contacted by law enforcement for further assistance in the aftermath of a ransomware incident actually continue to collaborate. This lack of follow-through impedes law enforcement efforts, as proper evidence collection from victims is crucial to concluding investigations. Coveware's data reveals that the majority of ransomware victims are small to medium-sized businesses with employee headcounts below 1,000 people.
Read more »
Subscribe to: Posts (Atom)