Before the end of the first quarter of 2023, luxury car maker Ferrari admitted that it had been hit by ransomware that damaged the personal information of some of its customers. Ferrari did not bury its head in the sand like the rest of the companies this time, and CEO Benedetto Viagna was quick to report the breach in a letter to affected customers.
According to the luxury carmaker, the hackers gained access to customers' personal information, including names, addresses, email addresses and phone numbers. This information can be used for phishing attempts, identity theft, or other forms of cybercrime.
More seriously, hackers will be able to sell velvet victims' information on the dark web, potentially exposing customers to further harm, including social engineering attacks that use personal information to trick victims into revealing additional sensitive information or perform certain actions, such as transferring funds to a fraudulent account or downloading malware, which can lead to additional losses and damages. (1)
While Ferrari stated that no payment information or details about Ferrari cars were stolen, the lack of clarity about the technical details of the breach raises concerns about the possibility of undiscovered data being stolen again. (Reuters)
In addition to these direct risks, the presentation of personal information can also have long-term consequences. For example, victims may experience reputational damage or social embarrassment, because their personal information is now in the hands of cybercriminals. They may also have to spend time and money to repair any damage or protect themselves from further damage. Cyber chaos could have been avoided.
While a ransomware group called "RansomEXX" was reported to have violated the automaker last October, the company denied the claim at the time. Ferrari also stated that it did not pay any ransom demands to the hackers, because doing so would not change the extent of the data vulnerability, but it was not clear from the beginning, which in turn delayed the arrival of assistance, which is the hiring of a third-party cybersecurity company Ferrari to investigate the attack.
While Ferrari stated that no payment information or details of Ferrari owned or requested vehicles were stolen, the lack of clarity about the technical details of the breach raises concerns about the possibility of theft of undiscovered data, again, clarity absent from the scene. The actions of luxury and leading companies such as "Ferrari" are understandable because of their great distortion of their reputation in the market, and "Ferrari" is not the only one that has been subjected to such blackmail, 130 other companies, not all of which have been declared victims, have fallen victim to ransomware attacks since the start of 2023 alone. (2)
Dystopia Extortion
The Clop gang has added dozens of organizations to their dark web leak site, threatening to publish stolen files unless they pay a ransom. (Shutterstock)
For example, the Canadian city of Toronto confirmed that unauthorized access to its data occurred through a third-party vendor (service provider), and that access was limited to files that cannot be processed through that vendor's secure file transfer system, and the city stated that it was actively investigating the specific files, until one of the criminal groups announced that it was responsible for the attacks, which was called the "Club" gang.
The Clop gang, which, when its name is mentioned, mentions Russia, has added dozens of organizations to its dark web leak site, threatening to publish stolen files unless they pay a ransom. Investissement Québec and Hitachi Energy have confirmed that some employee data was stolen in similar incidents involving the same file transfer tool named GoAnywhere.
Since the attack in late January or early February, the Club gang has uncovered less than half of the 130 organizations it claimed to have hacked through the tool, which can be hosted in the cloud or on an enterprise network, allowing companies to securely transfer huge sets of data and other large files. (3)
All of the above are huge institutions, and even governments, that possess payment data capable of causing crises on the psychological and material level for the users of their services, and the truth is that this new reality is painful on several levels and for many segments of society, as one of the criminal gangs will not hesitate to turn off electricity from hospitals, including resuscitation devices, or stop electric cars in the middle of a place where God alone knows that if you lose your way there, it may take you forty years to return, lost like the Jews in Desert.
The wandering akin to the Jews' wandering is the dire global situation of the "ransomoiri" landscape. The year 2022 in particular saw an escalation in ransomware attacks that affected individuals and institutions around the world, and it can be said with confidence that if in 2020 we were plagued by the coronavirus and its outbreak, 2022 is the year of the pandemic for ransomware victims.
It wasn't just the worst year statistically, it's the worst year overall. The hackers have shifted their focus from financial services to organisations, where they can wreak havoc and do the most damage, but the most devastating blow was dealt with by Australian health insurance giant Medibank, with attackers penetrating the system and obtaining the data of nearly 9.7 million customers. The stolen data included sensitive files related to abortion and alcohol-related illnesses. These attacks not only highlight ransomware, but also their devastating global impact, and here's the bad news: this trend is expected to continue into the future. (4)
Now, the financial impact of ransomware attacks is more apparent, as attacks on supply chains have caused widespread damage, instead of attacking a single victim, supply chain attacks are expanding the scale of the explosion. Notable examples of a ransomware attack are the Kaseya 2021 attack, which affected 1500,5 managed service provider customers,(<>) or the use of double extortion to infiltrate data to a separate location.
In the past, ransomware was an attacker who encrypted information on the system and then demanded a ransom for a decryption key. With double extortion, attackers also pull data to a separate location. There, it can be used for other purposes, including leaking information to a public website if a payment is not received.
What exacerbated the dystopian landscape was the emergence of ransomware such as RaaS, which are pre-fabricated malicious programs that pay for use, where the traditional way to write custom ransomware code and execute distinct sets of activities is no longer the norm, using RAS, attackers can pay for the use of a platform that provides the required ransomware code and operational framework to start and maintain the ransomware process. This approach made it easier for malicious actors to launch ransomware campaigns without much technical expertise, greatly increasing the frequency and scope of ransomware attacks.
Disastrous statistics
As for numbers, they speak the language of woes. The following statistics show the scale of ransomware threats, with ransomware implicated in 25% of all breaches in 2022, according to the Verizon Data Breach Investigations Report, and Sophos' 2022 Ransomware Status report shows that ransomware affected 66% of organizations in 2021, a 78% increase from the previous year. (6) (7)
The ransomware attacks cost $49.2 million in financial losses, according to 3729,2021 complaints received by the FBI's Cybercrime Complaints Center in 2022. As for the 2022 pandemic year, in its "Data Breach Cost 81" report, IBM revealed an average ransom payment of $2360,<>.
Turning a blind eye to the ransom per se, the actual ransomware payments are only a fraction of the total cost of a ransomware attack, which IBM links to an average of $4.5 million. The tech giant also noted that it takes an average of 49 days longer than other types of attacks for the organization to identify and address ransomware violations. (8)
In 2021, there were $1.2 billion in FISAA filings, according to an analysis by the U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN).[9] If the government of the largest country on the planet is experiencing or even expecting these losses, how will less fortunate countries (and individuals) face it? Can unfortunately turn to its opposite?
Half a year loaded with danger
Governments are beginning to recognize the impact of ransomware on critical infrastructure, and are looking for ways to reduce the risk of ransomware attacks. (Shutterstock)
Ransomware attacks have changed the nature of the cyber game by attacking businesses rather than consumers. This change, which forces companies to pay a hefty and direct price for lax security, means that managers in these companies will have to focus in a serious and new way on improving cybersecurity and protecting their networks.
Now that the year of the pandemic is being over, many cybersecurity providers expect 2023 to be a hearty year. According to cybersecurity firm Gartner, nation-states are likely to play a more active role in enacting legislation on ransomware payments.
In 2021, Gartner estimated that less than 1% of global governments have laws around ransomware, but expects that figure to rise to 30% by 2025. Governments are beginning to recognize the impact of ransomware on critical infrastructure and are looking for ways to reduce the risk of ransomware attacks. (10)
Security supplier Trend Micro predicts that there will be more dual extortion attacks in the second half of 2023, with new attacks involving "cloud-aware ransomware." These attacks are likely more complex than previous ransomware attacks, as cloud ransomware can recognize and encrypt data stored in cloud-based systems. (11)
Intermittent encryption will become a popular tactic, a new method within ransomware discovered by cybersecurity provider Sophos. Unlike traditional ransomware, which encrypts an entire file or system, intermittent encryption only encrypts parts of files, making them appear as corrupted data. (12) This approach could go beyond many existing forms of ransomware protection and detection, and more ransomware attackers are likely to adopt this technology in the future.
In conclusion, the ransomware threat will remain a concern for individuals and organizations alike in the next half of 2023. As ransomware attacks become more complex and frequent, it is important to remain vigilant and implement precautions to protect against these threats.
_______________________________________________________
Sources:
- 1- Data breach at Ferrari. Comment on LockBit's current activities.
- 2- New victims come forward after mass-ransomware attack
- 3-Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day
- 4- Medibank data leak extends to Australians who sought quotes from health insurance firm ahm
- 5- Kaseya: 1,500 organizations affected by REvil attacks
- 6- 2022 Data Breach Investigations Report
- 7- The State of Ransomware 2022
- 8- Cost of a data breach 2022 A million-dollar race to detect and respond
- 9- FinCEN Analysis Reveals Ransomware Reporting in BSA Filings Increased Significantly During the Second Half of 2021
- 10- Gartner Unveils the Top Eight Cybersecurity Predictions for 2022-23
- 11- TREND MICROSECURITY PREDICTIONSFOR 2023
- 12- Intermittent encryption attacks: Who's at risk?