Connect with us

GRTech

71% of Nigerian Organizations Hit by Ransomware – Sophos’ Annual “State of Ransomware 2022”

Sophos report shows 44% of Nigerian Organizations that had Data Encrypted in a Ransomware Attack Paid the Ransom

Published

on

State of Ransomware 2022

Sophos, a global leader in next-generation cybersecurity, has released its annual international survey and review of real-world ransomware experiences in the State of Ransomware 2022.

The report shows that 71% of Nigerian organizations surveyed were hit with ransomware in 2021, up from 22% in 2020. Forty-four percent of the organizations that had data encrypted paid the ransom to get their data back, even if they had other means of data recovery, such as backups.

The report summarizes the impact of ransomware on 5,600 mid-sized organizations in 31 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa.

Chester Wisniewski, principal research scientist at Sophos
Chester Wisniewski, principal research scientist at Sophos

“The survey shows that, globally, the proportion of victims paying the ransom continues to increase, even when they may have other options available,” said Chester Wisniewski, principal research scientist at Sophos. “There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site. In the aftermath of a ransomware attack there is often intense pressure to get back up and running as soon as possible”.

Continuing, Wisniewski said, “Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option. It’s also an option fraught with risk. Organizations don’t know what the attackers might have done, such as adding backdoors, copying passwords and more. If organizations don’t thoroughly clean up the recovered data, they’ll end up with all that potentially toxic material in their network and potentially exposed to a repeat attack.”

Key Findings

The main findings of the State of Ransomware 2022 global survey from the Nigerian respondents, which covers ransomware incidents experienced during 2021, as well as related cyber insurance issues, include:

  • More victims are paying the ransom – In 2021, 44% of organizations that had data encrypted in a ransomware attack paid the ransom
  • The impact of a ransomware attack can be immense –The average cost to recover from the most recent ransomware attack in 2021 was US$3.43 million. It took on average one month to recover from the damage and disruption. Ninety-seven percent of organizations said the attack had impacted their ability to operate, and 96% of the victims said they had lost business and/or revenue because of the attack
  • Many organizations rely on cyber insurance to help them recover from a ransomware attack – 81% of mid-sized organizations had cyber insurance that covers them in the event of a ransomware attack – and, in 97% of incidents, the insurer paid some or all the costs incurred
  • Ninety-one percent of those with cyber insurance said that their experience of getting it has changed over the last 12 months, with higher demands for cybersecurity measures, more complex or expensive policies and fewer organizations offering insurance protection

“The findings suggest we may have reached a peak in the evolutionary journey of ransomware, where attackers’ greed for ever higher ransom payments is colliding head on with a hardening of the cyber insurance market as insurers increasingly seek to reduce their ransomware risk and exposure,” said Wisniewski. “In recent years, it has become increasingly easy for cybercriminals to deploy ransomware, with almost everything available as-a-service. Second, many cyber insurance providers have covered a wide range of ransomware recovery costs, including the ransom, likely contributing to ever higher ransom demands. However, the results indicate that cyber insurance is getting tougher and in the future ransomware victims may become less willing or less able to pay sky high ransoms. Sadly, this is unlikely to reduce the overall risk of a ransomware attack. Ransomware attacks are not as resource intensive as some other, more hand-crafted cyberattacks, so any return is a return worth grabbing and cybercriminals will continue to go after the low hanging fruit.”

Sophos recommends the following best practices to help defend against ransomware and related cyberattacks

  1. Install and maintain high-quality defenses across all points in the organization’s environment. Review security controls regularly and make sure they continue to meet the organization’s needs
  2. Proactively hunt for threats to identify and stop adversaries before they can execute their attack – if the team lacks the time or skills to do this in house, outsource to a Managed Detection and Response (MDR) specialist
  3. Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines, open RDP ports, etc. Extended Detection and Response (XDR) solutions are ideal for this purpose
  4. Prepare for the worst. Know what to do if a cyber incident occurs and keep the plan updated
  5. Make backups, and practice restoring from them so that the organization can get back up and running as soon as possible, with minimum disruption

Read The State of Ransomware 2022 report for the full global findings and data by sector. 

GrassRoots.ng is on a critical mission; to objectively and honestly represent the voice of ‘grassrooters’ in International, Federal, State and Local Government fora; heralding the achievements of political and other leaders and investors alike, without discrimination. This daily, digital news publication platform serves as the leading source of up-to-date information on how people and events reflect on the global community. The pragmatic articles reflect on the life of the community people, covering news/current affairs, business, technology, culture and fashion, entertainment, sports, State, National and International issues that directly impact the locals.

GRTech

Tips to Stay Secure during Black Friday & Cyber Monday

Sophos Special edition

Published

on

Sophos Cyber Monday

With Black Friday and Cyber Monday around the corner, we’re entering a high-risk period for cybersecurity.

A recent Sophos report highlights that malicious emails were the second most common root cause of ransomware attacks in critical sectors, responsible for 25% of cases.
During peak shopping days, this threat intensifies.

Here’s what happens: with the surge in online deals, more employees may be shopping from their work computers, feeling that Cyber Monday is a legitimate time to do so.

This increases the risk of them clicking more freely and potentially exposing the organization to malicious links or phishing attacks.
 
To keep your organization safe, encourage your team to follow these simple tips:
• Use an ad blocker – Advertisements are not only tracking your every movement and collecting enough information on your habits to make the FBI blush, but they are also a major source of malicious links and deceptive content on the internet. Not only is your browsing safer, but also faster and uses less bandwidth. Two of our favorites are uBlock Origin and Ghostery.
• Use private browsing or incognito mode – To prevent your shopping habits and interests from following you around from site to site (and potentially revealing what gifts you might be purchasing to others using your device, bonus!), you should enable private browsing (Firefox) or incognito mode (Chrome). This will block tracking cookies and help the internet forget your travels as the waves wash away your footprints in the sand.
• Make your browser “privacy smart” – The Electronic Frontier Foundation (EFF) provides a browser extension called Privacy Badger designed to automatically make all the right choices around browsing whilst maintaining our privacy and blocking invisible trackers.
• Avoid using one account on multiple services – When logging into an e-commerce site it is often tempting to use the “Sign in with Facebook” or “Sign in with Google” button. While it takes a few more minutes to create a new login, it will provide more privacy as you are not sharing all of the sites you shop at with these tech giants.
• Use guest login when available – In addition to letting you use an account from other websites, many have an option to use a guest login rather than creating a new account. This is a great option if you don’t expect to need technical support or to do business on a recurring basis. Fewer passwords, fewer personal details, fewer problems if they get hacked.
• Don’t save card details – Many e-commerce sites will default to storing your credit card information in your profile for your “convenience” (or their hope you’ll shop there again). They can’t lose what they don’t have, so tell them not to store your credit card unless it is absolutely necessary.
• Use temporary card numbers – Many financial institutions now offer temporary or one-time use credit card numbers. You can open the app on your phone or in your browser and get a single-use disposable credit card number preventing card fraud and tracking when merchants share card processors. Sometimes you’re even able to specify a card limit per temporary number to further protect your account.
• Use credit, not debit – All of us need to be wary of overspending during the holidays, but it is best to leave the debit card at home. Credit cards offer significantly more protection against online fraud, and you are in the power position in a dispute. You can simply not pay your bill while disputing the charge, rather than having criminals directly drain your bank account of your hard-earned cash.
• Beware of direct messages via social media/chat apps – With modern generative AI technology it is almost trivial to create an entire fake online store and lure people to share their personal information and payment data with you. It’s safest to shop at established sites or those personally recommended to you by friends and family. Many unsolicited messages lead to data collection or theft.
• Don’t click deals in email that look too good to be true or are from businesses you don’t have accounts from – these could be phishing emails hoping to bait you into clicking links to bogus, malicious web sites.
 
This season, small steps can make a big difference in protecting against cyber threats.

Continue Reading

GRTech

It’s Cybersecurity Awareness Month and Sophos has Some Tips for You!

In the mood of Cybersecurity Awareness Month, Christopher Budd, Director Sophos X-Ops, has compiled some tips for staying secure online.

Published

on

Christopher Budd - Sophos
Christopher Budd - Sophos
Sophos Cybersecurity Awareness Month
Sophos Cybersecurity Awareness Month

Cybersecurity Pro Tips:

  • Face Scans and Fingerprints are Safer Than Passcodes: Use features like Face ID or fingerprint scans for your devices as much as possible. These are safer than passcodes and devices have good built-in protections for this sensitive information.
  • Use Multi-Factor Authentication: Use multi-factor authentication (MFA) whenever possible. This gives an important extra layer of security that makes it harder for cybercriminals to access your accounts. If you can’t use something more secure like secure authenticator applications or physical hardware security keys, use your phone number — it’s safer than using nothing. If you use MFA for only one thing, use it for your email: that’s what attackers want the most.
  • Think Before You Share Publicly: Think twice before sharing any information publicly –cybercriminals can use it to access your accounts or to convince someone that they’re you.
    • Think about those cute surveys on Facebook with questions about your first car, city you were born in: these are the same kinds of info cybercriminals can use to pretend they’re you and log into and take over your accounts.
  • You Don’t Always Need (to keep)  the App: Don’t feel pressured to download an app every time: you can often use the service’s website just as well. Apps collect much more data than websites, including your location, your contact list and other info you might not want to share.If you do download an app, think about deleting it when you’re done using it: you can always reinstall it next time you need it.
  • Apps from app stores and websites that aren’t the official big names ones like Google Play, Apple’s App Store, Samsung’s Galaxy Store can be very risky. The official stores have security and privacy standards that can identify malicious activity. Always stick to official sources for downloading apps or, if they’re not on the official app stores, download the app from the developer’s official website or use the app’s web version.
  • Be On Your Guard for Unexpected Emails and Text Messages: Phishing continues to be one of the most effective tactics cybercriminals use to compromise consumers. If you get an unexpected email or text message, ignore it or at least don’t interact with it (don’t open attachments, don’t click on links). If you think it might be legitimate, reach out directly to who you think sent it and check with them.
  • Question Urgency in Emails and Calls: Cybercriminals use urgency to get you to let your guard down and make bad decisions. If someone contacts you saying they’re from a trusted organization like the IRS, police or your bank and need you to take action quickly or something bad will happen, stop and question it. Go to the trusted source like the number on the back of your credit card to independently validate the request.
  • Practice Good Password Security: Every account should have its own unique complex password. A strong password is at least 12 characters long with a mix of numbers, upper- and lower-case letters, and punctuation characters. Passwords should not be based on any personal information, and the best ones use a phrase rather than single words. If these passwords are too tough to juggle, try a password manager to stay organized.
  • Keep Everything Updated and Run Security Tools. Make sure all your apps and devices are always fully updated. Be sure to have some sort of security software on all of your phones and computers (even if you have a Mac).
  • Get Rid of End-of-Life Devices and Software: Everything from operating systems to services to Wi-Fi routers “go stale” and must be replaced eventually. For example, it might surprise you, but your internet router is typically only supported with patches and updates for a few years after you get it. Attackers love out-of-date devices. When something is “out of support” it’s stale: get rid of it and replace it with something fresh.
  • Back Up Your Data: While ransomware groups are mostly after businesses that can pay higher ransoms, they still go after people at home. It’s still important to have your data backed up so that you don’t have to consider paying a ransom.

Put Your Mind at Ease Regarding These Cybersecurity Concerns

Part of staying secure requires being able to filter out the noise and prioritize the security actions that matter. Here are things notto worry about. Focus your energy on real risks, not exaggerated threats.

  • Public Wi-Fi is Safer Than You Think: Contrary to outdated advice, public Wi-Fi is generally safe due to encryption used by most websites and apps. Use it freely at airports or coffee shops, but avoid sensitive activities.
  • Beware of Fearmongering Around New Tech Features: Not every new technology is as risky as it’s made out to be. For example, Apple’s NameDrop feature is generally safe and requires specific conditions to function. However, if you’re concerned, you can easily turn it off in settings.

Stop Stressing Over Public Chargers: The risk of “juice jacking” (data theft from public chargers) is extremely low. Don’t worry about using public phone chargers — just focus on real, more prevalent threats.

Continue Reading

GRTech

eSocialMint (eSM)) Wants to Disrupt Virtual Interactions

Reporter: Sandra Ani

Published

on

Unveiling of eSocialMint app

eSocialMint Inc., a tech startup based in Houston, is hoping to revolutionize social and professional events with its innovative new app.

Scheduled for launch in Nigeria at the end of the year, eSocialMint (eSM) offers a comprehensive platform that integrates features from popular apps like Facebook, TikTok, Zoom, WhatsApp, and Snapchat.

Designed to transform how events are conducted and experienced, eSM combines social media technology with advanced features such as virtual hologram technology.

Developed by IT architect Fisayo Olamigoke, eSM is available on both web and mobile devices. It offers a range of functionalities, including team events, social events, advertising, an eStore, and the unique “eSprayMe” feature.

This feature allows users to virtually spray money at events, replicating a popular Nigerian cultural practice while adhering to legal regulations.

Targeted at professionals, personal users, public institutions, and governmental bodies, eSM aims to save time and money by reducing the need for physical travel. With its cutting-edge technology and user-friendly interface, eSocialMint is poised to redefine the future of virtual interactions.

Continue Reading

Trending