February 2024 is said to be a month of complete chaos in cyberspace when there are consecutive ransomware attacks. Economic losses from cyber attacks and data loss reach billions of dollars. Even large businesses that are supposed to invest in information security are confused
Ransomware is appearing every day, every hour
According to statistics, 2023 is the year of “explosion” of ransomware attacks: the total amount of money paid by victims exceeded 1 billion dollars, 10% of organizations were targeted by ransomware. It can be seen that ransomware attacks on businesses are still a common trend and Vietnam is no exception to that trend, besides attacks on common users are gradually leveling off.
In recent times, LockBit Ransomware – LockBit 3.0 has also become the most serious threat that businesses are facing. This threat marks a significant advance in the field of ransomware, characterized by its sophisticated tactics and comprehensive capabilities. LockBit 3.0 not only demonstrates a superior ability to adapt to evolving cybersecurity defenses, but also demonstrates a higher level of organization and coordination. LockBit accounted for 27.93% of all known ransomware attacks between July 2022 and June 2023. This number highlights the group’s exceptional performance and efficiency in carrying out attacks network, demonstrating a level of precision activity that sets this group apart in the field of malicious cyber activity.
What sets LockBit 3.0 apart from its counterparts is not merely its popularity but also its methodological evolution. The team continuously refines its tactics, incorporates cutting-edge technologies, and adapts to the ever-changing cybersecurity landscape. This agility has allowed LockBit 3.0 to outperform traditional defense mechanisms, posing a persistent challenge for organizations of all sizes. Therefore, this line of malicious code is being used by many attackers.
Who are the real victims of Ransomware?
According to VSEC statistics, all economic sectors have been “visited” by Ransomware. In 2023, the healthcare field is ranked Top 1 in the world with the most data breaches and attacks, the average cost of a data breach in this field has increased by 53.3%. exceeding 3 million USD compared to the average cost of only 7.13 million USD in 2020. In the United States, this sector is considered an important industry, especially infrastructure systems. Since the Covid-19 pandemic, the industry has seen significantly higher average data breach costs.
In Vietnam, from the beginning of the year until now, the information systems of a series of financial units, banks, public administration, etc. have been attacked, causing disruption of operations and material damage to the units. enterprise. This has stalled the entire system, not only causing heavy economic losses but also greatly damaging the reputation of the business.
According to the 2024 Cyber Security Report of Vietnam Cyber Security Joint Stock Company (VSEC), up to 70% of SME organizations have been experiencing Ransomware attacks. This shows that not only large organizations and businesses are the destination of hacker groups, but small units and businesses are also “easy prey” for hackers.
The price to pay for a “click” is too expensive!
The average cost of ransomware attacks can be challenging because not all data breach reports come to light. Some companies and small businesses prefer to quietly make their payments and sweep ransomware incidents under the rug, rather than admitting their shortcomings to regulators and addressing security issues. their data confidentiality. Average cost of ransomware attacks based on their own data in their annual report.
Financial costs of ransomware attacks
When backups are available, the average costs are somewhat lower — but these costs still run into millions of dollars.
The average cost of recovery from a ransomware attack (excluding ransom) is $1.82 million. Meanwhile $2.6 million is the average ransom to recover lost data, although this can be reduced to $1.6 million by using backups
The time cost of ransomware attacks
Time is money. It will take significant recovery time to get back on track, especially for companies that have chosen to pay the ransom fee. Up to 45% of organizations with physical backups were able to restore within a week, but for paid organizations the figure was only 39%.
How to act when attacked by Ransomware?
Cyber security experts from VSEC share that when the system is attacked, businesses need to take the following simple actions to ensure minimal damage. Enterprises need to evaluate the status of the incident to come up with an appropriate plan with two simultaneous implementation directions:
Isolate and maintain the status quo to investigate in detail the cause of the incident. Some forms of handling include temporarily isolating network connections from the outside network area into the system to prevent risks of spread and impact. Switch to use the backup system (if available). Collect device logs for future investigation.
Next, do not arbitrarily restore the affected system without determining the safety level of the system. This is extremely important in preserving evidence to help experts investigate the root cause.
In the absence of expertise, business organizations should contact companies that specialize in handling cyber attack incidents to get appropriate recommendations. Deploying a network security incident response service will bring businesses specific benefits such as: Helping quickly prevent/remediate system information security incidents; Limit and minimize economic losses as well as disruptions in the operations of organizations; The information system is always guaranteed 24/7
About VSEC
VSEC is the leading security assessment unit in Vietnam with 20 years of experience implementing information security activities domestically and internationally. As a pioneer information security management service provider in Vietnam, it has achieved important CREST certifications for SOC (Information Security Monitoring and Operation Center) and Penetration Testing (Penetration Testing) services.
