Cybercrime has become an industry: don't be just another victim

With dedicated call centres, franchising options and off the shelf products, cybercrime has become a huge industry, but simple steps can help your company stay protected

From the cyberattack that shut down a major US pipeline, drawing fears about gas supply, to the crimes that hit a Brazilian meatpacking giant and threatened food supply globally, cyberattacks have become a significant issue of our time. Ransomware attacks - when hackers infiltrate a system and lock up the data waiting for a ransom payment - have become more common in recent years as hacking possibilities evolved, governments, companies and private citizens have lagged, and new ways of staying virtually anonymous have protected criminals. 

A major US study shows how big the issue is. In 2020, nearly 2,400 US-based governments, healthcare facilities, and schools were victims of ransomware. Over the year, victims paid some USD 350m in ransom, a 311% increase over 2019, according to the Institute for Security + Technology research. The problem is global, though, and a single attack has the potential of affecting numerous countries. In 2017, for example, the attack known as WannaCry is estimated to have affected more than 200,000 computers across 150 countries. The damages are still not fully known, and could lie in the billions of dollars.

Cyber theft is becoming the fastest growing crime in the world. It's no wonder since it combines a lack of defence by the targeted companies and institutions with an ever-growing crime industry. Cybercriminals are willing to devote funds to research and development; they can invade systems using simple and cheap tactics such as spam, or phishing, making it an extremely profitable crime.

The professionalisation of cybercrime

It has reached a point that cybergangs look increasingly more like legitimate businesses, at least in their own forms. Not rarely, the units have partner networks, associates, resellers, and vendors. Now, it's not difficult to find what is called "ransomware-as-a-service", for example. The hackers will provide users with an off-the-shelf solution for hacking.

People can buy a ransomware attack without any prior IT or coding knowledge. Then, in a matter of minutes, they can target, encrypt and lock a system. Just like "proper" companies, hacker units offer dedicated call centres with customer care for the criminals who purchased the service and for their victims so that anyone who gets hit by an attack is provided with a proper step-by-step guide, with recommendations, useful links and even videos, to making payments with cryptocurrencies and unlocking their data.

Of course, the criminals use sophisticated methods to remain hidden, such as encryption, dark web forums, virtual private networks (VPNs), and other obfuscation techniques. When it comes to payment, untraceable cryptocurrencies are the preferred method, which helps them remain hidden from authorities. They possess global reach and can stay in safe havens with multiple governments looking the other way when it comes to this sort of crime - as long as they are not the targets. They recruit based on aptitude, technical and criminal, offer benefits and extremely high pay, and are ok with people learning on the job.

What can you do?

In the face of such a threat, with the frequency of ransomware attacks increasing dramatically over the past year (a 93% surge in 1H21 over 1H20, according to a Check Points report), it might seem like companies, governments and private citizens are helpless. However, that is far from the case.

There are many effective tactics and security tools to deter, delay or protect yourself against attacks. They go from simple ways of implementing and maintaining data security, such as using multifactor authentication and changing passwords, to some more advanced tools for data security in companies that may as well include encryption devices.

Naturally, a proper security system and an encryption tool are very effective in the fight against this type of crime.