Ransomware Attacks Becoming More Widespread, Destructive, Expensive

After more destructive attacks globally against critical infrastructure, the stakes are growing for the public and private sector regarding ransomware. Let’s explore the latest malware, including LockerGoga.

by / March 31, 2019

More ransomware attacks made news headlines this month, with the most notable being the Oslo, Norway-based aluminum manufacturing Norsk Hydro being shut down by ransomware.

The company manufactures aluminum products, manufacturing close to half a million tons each year, and is also a significant provider of hydroelectric power in the Nordic state.

The LockerGoga malware was used to disrupt operations at one of the largest global aluminum manufacturers. According to Techcruch, “Employees were told to ‘not connect any devices’ to the company’s network.”

Wired magazine offered this Guide to LockerGoga, the ransomware that is crippling industrial firms.

Here’s a quote from the Wired article: “Since the beginning of the year, LockerGoga has hit a series of industrial and manufacturing firms with apparently catastrophic consequences: After an initial infection at the French engineering consulting firm Altran, LockerGoga last week slammed Norwegian aluminum manufacturer Norsk Hydro, forcing some of the company's aluminum plants to switch to manual operations. Two more manufacturing companies, Hexion and Momentive, have been hit by LockerGoga—in Momentive's case leading to a "global IT outage," according to a report Friday by Motherboard. And incident responders at security firm FireEye tell WIRED they've dealt with multiple LockerGoga attacks on other industrial and manufacturing targets they declined to name, which would put the total number of victims in that sector at five or more.”

The Cost of Ransomware

At the beginning of 2019, Digital Guardian chronicled the history of ransomware attacks in this article, which does a good job of defining terms, describing the effects of ransomware, explaining how the fraud works, and projecting future trends, but also underestimates the costs of ransomware, in my view.

Why?

Because the research lists that ransomware costs are under $2.4 million (US), but the cost already associated with the Norsk Hydro event alone are reported to be at least $40 million — with costs still growing.

HealthITSecurity offers an article with the headline, 71% of Ransomware Attacks Targeted Small Businesses in 2018. Here’s an excerpt: “About 70 percent of ransomware attacks in 2018 targeted small businesses, with an average ransom demand of $116,000, according to a recent report from Beazley Breach Response Services.

Beazley researchers analyzed 3,300 ransomware attacks against their clients last year and found the highest ransom demand was $8.5 million. The highest demand paid by one of their clients was $935,000. …”

According to Coveware’s recently released 2018 Q4 Ransomware Marketplace Report, we’re seeing scary trends in ransomware attacks:

  • Ransoms have increased by an average of 13% over Q3 in 2018 to $6733
  • Attacks on backups as part of the ransomware attack have increased by 39% over Q3 2018
  • The average victim company size has risen from 38 to 71 employees

Ransomware Attacks on Governments Continue

In the past few days, the city of Albany, N.Y., was attacked by ransomware, according to their mayor.

Over the past year, there were numerous cities, counties and state government agencies hit by ransomware.

Back in 2017, I wrote this piece of ransomware attacks in government up to that time. And since 2017, attacks have only accelerated.

If you think insurance will take care of any costs, you may need to think again. I was surprised to read that some insurers are not paying if they can claim “an act of war.” Consider this article:

Citing “Act of War” Clauses, Insurers Refusing to Compensate Firms Hit in Ransomware Attacks — “Global insurance firm Hiscox is the now second insurance firm known to have refused to pay out a company damaged in a NotPetya cyberattack, Verdict reports. …

Danish shipping giant Maersk has reportedly claimed that NotPetya malware, whereby hackers encrypt data and will not release it unless a cryptocurrency ransom is paid, resulted in losses of $378 million to the company.

FedEx subsidiary TNT Express pegged NotPetya losses at $374 million.

The other insurer that has reportedly used “Act of War” provisions to refuse to make NotPetya payout is Zurich, insurer of Mondelez, a large American food company.

Mondelez is now suing Zurich for $100 million. Mondelez says that 1700 servers and 24000 laptops were destroyed in its NotPetya hack.”

Closing Thoughts

At the beginning of 2019, many predictions were made about the growing spread of ransomware, and growing amounts of destructive malware. Those predictions are happening before our eyes.

One year ago, I wrote a blog on the difficult decision that many governments face regarding whether to pay the ransom or not when they are infected – especially if they don’t have adequate backups. I urge tested data backups as an important step to protecting your organization from an attack. Also, prepare for cyberincidents in advance with these helpful tips from NIST.

What is clear is that our ransomware problems are getting worse, and the stakes are getting higher, with more destructive malware being used against critical infrastructure every day.

Platforms & Programs