The Israel National Cyber Directorate on Wednesday launched an extensive campaign to raise public awareness of the dangers of ransomware attacks and provide individuals and businesses with guidance about how to defend themselves.
“Ransomware attacks have recently become the most popular and common cyber-attacks in the world against organizations and companies, with particularly attractive targets being small businesses and technology companies,” the directorate said in a statement.
The campaign, launched on radio and digital platforms, is based on testimonies and real cases of businesses that were attacked and significantly damaged, with a loss of business days, expenses to recover the data, loss of customer information and the inability to charge payments. The business owners taking part in the campaign, some using their full identities, agreed to tell their story to help other businesses prepare and defend themselves, the statement said.
A ransomware attack, usually for financial extortion, locks and encrypts information on computer systems and demands a sum for its release. An analysis of the attacks shows that most often they begin with an email that contains a phishing message, getting users to click on a link. Sometimes the attacks take place by intruding via weakly protected access points to the internet, particularly remote access interfaces such as remote desktop protocols, or enterprise VPN equipment, as well as web servers, the statement said. Sometimes the hackers attack the internet provider and move on to its customers from there, the statement said.
According to data published by Statista, there were a total of 304 million ransomware attacks globally in 2020, a 62% rise compared to a year earlier period, and the highest figure since 2016, when a record 638 million attacks were recorded.
“Not only have ransomware attacks become more common, they have also become more blatant and daring,” said Yuval Segev, head of the Center for Advanced Technologies at the directorate. “Attackers not only encrypt enterprise computer systems, but also steal documents and information and threaten to publish them online. An organization that has already been attacked and not pre-prepared with effective backup will have a very hard time recovering.”
Businesses around the world rushed earlier this month to contain a ransomware attack that paralyzed their computer networks, a situation complicated in the US by offices lightly staffed at the start of the Fourth of July holiday weekend. Late last year, hackers published sensitive client information stolen from Israel’s Shirbit Insurance, after the company refused to pay the approximately $1 million ransom.
Basic cyber-hygiene steps could have prevented most of the attacks in Israel, said the Cyber Directorate’s Segev. Ransomware attacks have become easier to deploy and their speed of attack is faster, with encryption happening in a matter of hours rather than days, which makes it harder to identify an attack before the damage is done, he added.
Malicious players can also buy “ransomware attacks as a service” on the dark web, the directorate said, requiring them to have only a basic to medium understanding of these kinds of attacks, the statement said.
Having backups of all of the materials in computers is crucial but not enough, the directorate said, recommending that businesses hire a professional to implement appropriate cybersecurity defenses. It also provides five relatively simple steps as preventative measures:
• Close unnecessary interfaces with the company’s systems, and use secure interfaces for remote access. VPN technology should be integrated with strong identification mechanisms — two-stage and even multi-stage identification pathways, especially in light of the transition to remote work.
• Pay attention to email imposters and phishing messages — if in doubt, contact the sender directly through another means of communication, the statement said. Pay attention to the attachments in the email, and beware of opening files with the following extensions: EXE, .VBS, SCR. Also beware of duplicate extensions such as AVI.EXE, DOC.SCR, which try to disguise malicious files.
• Install antivirus software and “firewalls” and set up automatic software updates for all technology systems.
• Make backups — in ransomware attacks, restoring the information from a backup will help the firm or people to recover relatively quickly and return to functionality. A backup is a copy of the digital information that is not stored on the computer but in a separate location. When backing up in cloud software, it is recommended to set up two-step verification, the statement said.
• Prepare an action plan in case of an attack, setting out steps of who should be contacted and what should be done in case of an attack.
Anyone who is concerned about a cybersecurity attack can anonymously contact the 119 cybersecurity hotline, run by the directorate’s Computer Emergency Response Team, which is based in Beersheba, the statement said.