Ransomware: “Public incidents are just the tip of the iceberg”

The European Union Cyber ​​Security Agency (ENISA) is sounding the alarm that while many ransomware attacks are frowned upon, they do not reflect the magnitude of the situation. In fact, many victims refuse to report an attack directed at them.

ENISA analyzed 623 ransomware incidents between May 2021 and June 2022.

Ransomware is a huge cybersecurity problem. Indeed, many victims believe their only choice is to pay millions in bitcoin to free their data. But very few victims talk about what happened, and ENISA emphasizes that “the publicized incidents are just the tip of the iceberg.”

Lack of reliable data

ENISA states that in 94.2% of the cases analyzed it was not possible to confirm whether a ransom was paid or not. This element of uncertainty “limits our understanding, and therefore our ability to conduct proper analysis to mitigate the threat of ransomware,” the agency notes.

But this is not the only gray area in this matter: many organizations do not even report that they have been the victims of a ransomware attack, because they “prefer to solve the problem themselves to avoid bad publicity,” the report notes. difficult to track incidents.

This results in a lack of reliable data when it comes to building an accurate picture of the ransomware attack situation. “The lack of reliable data from target organizations makes it very difficult to fully understand the problem, or even quantify the number of ransomware victims,” warns the report. The latter suggests that the most reliable sources are ransomware groups’ “leak sites” that expose data stolen during the attack.

Difficult to accurately analyze the situation

This lack of transparency also means that it is difficult to investigate, analyze and learn from how attacks work, hindering efforts to protect other companies from similar incidents.

Public statements about what happened during the attacks are rare, and in the few cases that are discussed publicly, they often lack details.

“Ransomware is on the rise, and our research shows that attackers are conducting attacks indiscriminately. Companies of all sizes and in all sectors will be affected. Anyone can become a target. We urge organizations to prepare for ransomware attacks and consider the possible consequences before attacks occur,” the ENISA document warns.

Prevention is better than cure

To protect their network from ransomware and other cyber threats, organizations are advised to:

Source: .com

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.