JSC State Technical Service

Cybercrime is the dark side of digitalization. The cyberattacks have been going on for a long time because of the purpose of extortion. However, the pattern has changed a lot. Cybercriminals have become bolder, and their methods of “offensive” are more sophisticated. In our days, the discussion about cyber attacks are getting higher, while talking about information security incidents by using cryptographers. After all, this is an ever-evolving threat, and no organization is immune from it.

The global trend of increasing incidents involving the use of a cryptographer

According to data published by Statista (the largest statistics portal in the world), 304 million attacks using cryptographers were committed globally in 2020, which is 62% more than in 2019. In 2021, according to SonicWall, there is a staggering increase in the number of ransomware (cryptographers) around the world – 48%.

Last year, the average ransom paid by organizations amounted to $170,404, and the average cost of eliminating the ransomware program was $1.85 million (Sophos State of Ransomware). This cost includes downtime, people’s time, the cost of the device, the cost of the network, the ransom paid and etc.

Kazakhstani companies are also at risk

Taking into account global trends, the attacks of cryptographers have not been spared by Kazakhstani organizations. The KZ-CERT Computer Incident Response Team of JSC “State Technical Service” (hereinafter – KZ-CERT) received an appeal about the detection of an encryption virus on the network that encrypted the 1C database of one of the well-known Kazakhstani companies. In order to preserve the image and reputation of the company affected by the “hands” of the attacker, the KZ-CERT does not distribute data about its name.

To unarchive, the attacker demanded a ransom in the amount of 0.2 bitcoins (over 7902 US dollars, which is more than 3.5 million tenge at the exchange rate of the National Bank of the Republic of Kazakhstan on 06.04.2022) indicating his electronic wallet. After a preliminary analysis of the cyber incident, the company’s management was notified that it was impossible to restore encrypted data, since there was no regular backup of server data.

The investigation showed that the company’s employees connected to the server using the Remote Desktop connection protocol RDP (Remote Desktop Protocol) and the connection was carried out without using a secure connection using a VPN. Presumably, the attacker compromised the server administrator account using an RDP Brute force attack, and then after gaining access to the server, he downloaded malicious software with which he encrypted data on the 1C server.

During the process of eliminating the cyber incident, the KZ-CERT still managed to decrypt all the data on the 1C server.

This case, related to the encryption virus, once again proves that non-compliance or ignoring the rules of information security can lead not only to data leakage, but also to considerable financial losses.

Forecasts

According to the forecasts of one of the largest research companies Cybersecurity Ventures, the costs associated with ransomware programs by 2031 will reach about 265 billion US dollars per year. And at the same time, a new “offensive” will occur every 2 seconds, since attackers are constantly improving malware, attack tactics, etc.

Recommendations

For its part, JSC “State Technical Service”, assessing the scale and criticality of the threats posed by cyber attacks using encryption viruses, has developed recommendations for the prevention and prevention of information security incidents related to the above cyber attacks. It is important to note that the implementation and compliance with a set of organizational and technical measures to ensure information security in organizations helps to minimize the risks of various cyber incidents.