Cybercriminals don’t take vacations and the list of cyber attacks and ransomware keeps increasing throughout the year. The latest big victim in July was the tech service provider Kaseya, whose systemic flaws left the data of estimated 2.000 companies exposed and elevated the ransom payments to US$ 70 million. But it seems that this action triggered a most powerful response from the White House to tackle the cyber threat, and the company managed to get access to the key to decrypt all their files before the end of the month, on July 23rd.
How did they get it remains a mystery. Previously the CEO hasn´t been clear whether his company were willing to pay or negotiate with the hackers, according to Reuters.
The responsible for the attack was the collective REvil, who also aimed for JBS, the meat processor company, getting US$ million for returning their data. REvil is another Russian hacker group attacking US companies, as Darkside, whose ransomware attack on gas pipeline company Colonial also made the news last May. The crescent tension reached the White House and the Biden press office stated that US officials would discuss with Russian diplomats how to cooperate on the ransomware threaten. Apparently, the action was effective, although no one knows exactly what happened to REvil's website, which went offline on July 13th, and whose responsible also disappeared from Internet forums, having their cyber accounts for ransom payment also shut down.
Briefly said, a ransomware attack happens when a hacker invades a company or institution's computer system, steals and encrypts its data files - normally including its customers' data, or student's personal information - and demands a ransom for decrypting those files, in order for the organization to regain access to them.
According to Coveware Ransomware Reports, the average ransom payment has climbed 43% from the last quarter in 2020. Other studies conducted by private cybersecurity institutions proclaim that it could still increase 15% each year, until 2025, reaching the cipher of U$ 10,5 trillion, which is almost China's current GDP, the second biggest in among all economies.
A long list of cyber-attacks and cyber vulnerabilities
Santa Clarita (California) Schools
The latest member of this victims list were 10 schools in the Newhall School District in Santa Clarita, California, USA, whose system is kept hostage since July 14th. The event is still ongoing by the time this news is being updated, and an estimate of a potential 6,000 elementary school student's data could have been compromised. The district had internal firewalls and updated policies for phishing prevention.
A group of Russian hackers, known as Darkside, managed to penetrate the gas pipeline that supplies most of the south-eastern United States, on May 6th, 2021, becoming one of the biggest cyber attacks to date. Around 100 GB of customer data were stolen and a ransomware attack - the encryption of their files and the following demand for a ransom – took place the next day. Colonial, the company responsible for the pipeline, had to shut its pipeline down for six days and had a gradual process of restoring its operations to normal.
The attack was the most significant on US oil infrastructure in history, forcing President Biden to declare a state of emergency and take extraordinary measures to avert a major supply crisis. Biden's latest move was the enactment of an Executive Order to strengthen the cybersecurity infrastructure of US institutions and improve the protection of the federal government's network.
Likewise, in early May a cyber-attack on an Asturian cloud services company left many Spanish national institutions, such as the Spanish Foundation for Science and Technology (FECyT), the Court of Auditors, or the Nuclear Safety Council (CSN), as well as some Spanish City Halls, without external IT services.
The Irish healthcare system was also under cyber-attack in May, which caused cancellations on their services.
In March 2021, SEPE (the Spanish State Public Employment Service) suffered a cyber-attack that knocked down its entire network infrastructure, leaving its system inactive for four days, almost causing a delay in the payment of unemployment benefits of thousands of unemployed people.
This list of recent incidences shows that strong and trustworthy cybersecurity protection is essential to today’s society and to the continuity of businesses and governments around the world.
The relevance of a robust system and the need of true random numbers
Global companies are making efforts to improve the level of security of all IT systems, as those on post-quantum cryptography and quantum key distribution.
In response to that, at Quside we design, engineer, and manufacture high-speed quantum random number generators to power existing and emerging cryptographic systems.
Our FMC 400 randomness module provide the needed high-performance randomness generation to power next-generation security solutions. A key element to prevent cyber attacks like the one described above from happening.
As cyber vulnerabilities are a reality right now and the advances in quantum computing and AI will accelerate this problem, any company or organization should think about elevating their cybersecurity. Especially, if you are dealing with critical data such as in health, banking, corporate, government and defense you should be on your journey to be quantum-ready.