Let’s start with the basics: a ransomware is a type of malicious software from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. If payment is not received, you can expect to never see your data again.
The first ransomware attacks took place in 1989 and, against all odds, nowadays some security experts expect the problem will continue to get worse.
This data was release on the celebration of Sophos Day 2017, an event that put together more than 400 professionals of cybersecurity in the Palco de Honor of the Santiago Bernabéu Stadium in Madrid, Spain. A stage where prestigious experts analyzed the latest trends in cyberthreats, diversity and hacking tools, and got deep into the Synchronized Security, an innovative vision of the manufacturer that has revolutionized the market of business cybersecurity.
The CEO of Sophos Iberia, Ricardo Maté, opened the event by recounting the last massive Ransomware attacks, such as Wannacry and Petya, which have affected companies worldwide, and whose economic impact in 2017 could be between 3 and the 6 billion dollars, figures that show the rapid growth of these cyberthreats since, in 2016, the impact was just one billion dollars.
The truth is that according to the latest SophosLabs 2018 Malware Forecast Report, malware has transcended operating systems, and nowadays the main ransomware targets are Android, Mac, Windows and Linux users. Currently, a wave of ransomware powered by the RaaS (Ransomware-as-a-Service) is running, a business that consists of marketing Ransomware cyberattacks within the dark web, selling them as packages to the highest bidder. This avalanche of attacks has also been amplified by the resurgence of computer worms, which are those malwares that have the ability to duplicate and make the infection of the equipment fast and fulminant.
And the consequences are not only economic, as was explained by Maté, but at the business level as well, due to the capacity these cyberattacks have of paralyzing all equipment and preventing the normal operations of the affected company; and at a reputation level, because of the bad image projected by some companies which, after being attacked by Wannacry, took weeks to be fully operational, affecting thousands of its customers.
Healthcare is an example of the industries that are targeted by cybercriminals. According to the SophosLabs 2018 report, since 2016, ransomware attacks began to focus on the industries most likely to pay, such as healthcare, government, critical infrastructure, education and small businesses. The health sector remains the most important objective. This year, the Hollywood Presbyterian health center paid $17,000 to retrieve electronic medical records, access to scanned x-rays and CT information, as well as access to computers.
In the Sophos Day it has also been specified that ransomware is still a big problem for Android users. According to an analysis conducted by SophosLabs, the number of malicious applications has increased steadily in the last four years. In 2013, just over half a million were malicious. By 2015, it had increased to just under 2.5 million. For 2017, the amount is almost 3.5 million.
On the other hand, Maté stressed the importance of having a Synchronized Security solutions to adapt to the new General Regulation of Data Protection of the European Union (GDPR) and thus avoid security breaches such as those experienced by companies like Equifax, whose impact affected 87 million dollars and the dismissing of its senior managers; or Unicredit, which due to an attack left the data of 400,000 clients exposed.
At the event, John Shier, security expert at Sophos Corp, gave the keys to the evolution of threats and new security challenges for 2018, while Kevin Lemieux, VP Sophos Cloud at Sophos Corp, addressed the Sophos Central news, the console unified management in the cloud. In addition, Miguel Ángel Arroyo and Eduardo Sánchez, two prestigious security analysts, responsible for Hack & Beers and the Qurtuba Security Congress, made live demonstrations of cyberattacks and ethical hacking.
In addition, Berta Balanzategui, Senior Privacy Counsel of General Electric Power and DPO in GE Switzerland, explained the role of the Data Protection Officer against the new Data Protection of the European Union; Alberto R. Rodas, Sales Engineer at Sophos Iberia, demonstrated how to combat advanced threats with synchronized technologies, and finally, Abanca, Acciona, Cortefiel and the Social Security Information Technology Management, participated in a round table discussion on the current threat landscape in strategic sectors of our business and public fabric