Connect with us

GRTech

71% of Nigerian Organizations Hit by Ransomware – Sophos’ Annual “State of Ransomware 2022”

Sophos report shows 44% of Nigerian Organizations that had Data Encrypted in a Ransomware Attack Paid the Ransom

Published

on

State of Ransomware 2022

Sophos, a global leader in next-generation cybersecurity, has released its annual international survey and review of real-world ransomware experiences in the State of Ransomware 2022.

The report shows that 71% of Nigerian organizations surveyed were hit with ransomware in 2021, up from 22% in 2020. Forty-four percent of the organizations that had data encrypted paid the ransom to get their data back, even if they had other means of data recovery, such as backups.

The report summarizes the impact of ransomware on 5,600 mid-sized organizations in 31 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa.

Chester Wisniewski, principal research scientist at Sophos
Chester Wisniewski, principal research scientist at Sophos

“The survey shows that, globally, the proportion of victims paying the ransom continues to increase, even when they may have other options available,” said Chester Wisniewski, principal research scientist at Sophos. “There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site. In the aftermath of a ransomware attack there is often intense pressure to get back up and running as soon as possible”.

Continuing, Wisniewski said, “Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option. It’s also an option fraught with risk. Organizations don’t know what the attackers might have done, such as adding backdoors, copying passwords and more. If organizations don’t thoroughly clean up the recovered data, they’ll end up with all that potentially toxic material in their network and potentially exposed to a repeat attack.”

Key Findings

The main findings of the State of Ransomware 2022 global survey from the Nigerian respondents, which covers ransomware incidents experienced during 2021, as well as related cyber insurance issues, include:

  • More victims are paying the ransom – In 2021, 44% of organizations that had data encrypted in a ransomware attack paid the ransom
  • The impact of a ransomware attack can be immense –The average cost to recover from the most recent ransomware attack in 2021 was US$3.43 million. It took on average one month to recover from the damage and disruption. Ninety-seven percent of organizations said the attack had impacted their ability to operate, and 96% of the victims said they had lost business and/or revenue because of the attack
  • Many organizations rely on cyber insurance to help them recover from a ransomware attack – 81% of mid-sized organizations had cyber insurance that covers them in the event of a ransomware attack – and, in 97% of incidents, the insurer paid some or all the costs incurred
  • Ninety-one percent of those with cyber insurance said that their experience of getting it has changed over the last 12 months, with higher demands for cybersecurity measures, more complex or expensive policies and fewer organizations offering insurance protection

“The findings suggest we may have reached a peak in the evolutionary journey of ransomware, where attackers’ greed for ever higher ransom payments is colliding head on with a hardening of the cyber insurance market as insurers increasingly seek to reduce their ransomware risk and exposure,” said Wisniewski. “In recent years, it has become increasingly easy for cybercriminals to deploy ransomware, with almost everything available as-a-service. Second, many cyber insurance providers have covered a wide range of ransomware recovery costs, including the ransom, likely contributing to ever higher ransom demands. However, the results indicate that cyber insurance is getting tougher and in the future ransomware victims may become less willing or less able to pay sky high ransoms. Sadly, this is unlikely to reduce the overall risk of a ransomware attack. Ransomware attacks are not as resource intensive as some other, more hand-crafted cyberattacks, so any return is a return worth grabbing and cybercriminals will continue to go after the low hanging fruit.”

Sophos recommends the following best practices to help defend against ransomware and related cyberattacks

  1. Install and maintain high-quality defenses across all points in the organization’s environment. Review security controls regularly and make sure they continue to meet the organization’s needs
  2. Proactively hunt for threats to identify and stop adversaries before they can execute their attack – if the team lacks the time or skills to do this in house, outsource to a Managed Detection and Response (MDR) specialist
  3. Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines, open RDP ports, etc. Extended Detection and Response (XDR) solutions are ideal for this purpose
  4. Prepare for the worst. Know what to do if a cyber incident occurs and keep the plan updated
  5. Make backups, and practice restoring from them so that the organization can get back up and running as soon as possible, with minimum disruption

Read The State of Ransomware 2022 report for the full global findings and data by sector. 

GrassRoots.ng is on a critical mission; to objectively and honestly represent the voice of ‘grassrooters’ in International, Federal, State and Local Government fora; heralding the achievements of political and other leaders and investors alike, without discrimination. This daily, digital news publication platform serves as the leading source of up-to-date information on how people and events reflect on the global community. The pragmatic articles reflect on the life of the community people, covering news/current affairs, business, technology, culture and fashion, entertainment, sports, State, National and International issues that directly impact the locals.

TechNews

inq.Digital Supports Payments Forum Nigeria [PAFON 1.0]

Published

on

PAFOn 1.0
PAFON SPEAKERS

Inq. Digital Nigeria Limited has been announced as a sponsor of Payments Forum Nigeria [PAFON 1.0] maiden edition holding this Thursday in Lagos.

inq. Digital Nigeria Limited, a subsidiary of inq. Group is an emerging leading digital and cloud solutions provider that delivers simpler seamless solutions to complex business challenges.

With offices in Lagos, Abuja, Port Harcourt and Kano, inq. provides reliable and affordable Intelligent Connectivity, SDN/NFV, Cloud and Digital services (including Edge –AI) for Nigerian businesses including those in the payment space.

Participation is FREE, however, pre-registration is required: https://bit.ly/4c4N19H.

Speaking ahead of Payments Forum Nigeria [PAFON 1,0] scheduled to take place at Oriental Hotel, Lekki Road, Lagos on Thursday, March 21, 2024 by 9am under the theme: “Payments: Trust, Security and Privacy in AI Era”, Mr. Chike Onwuegbuchi, the co-founder of TechCastle Foundation, the organisers, said the goal is to enable information exchange and knowledge sharing on key industry insights issues amongst key stakeholders, with the objective of ensuring a collaborative and proactive approach to push for policies that enable growth, tackling/mitigating fraud and limiting occurrences and losses.

Speakers

The following speakers are lined up for the Forum: Chibuzo Efobi, Director, Payments System Management, Central Bank of Nigeria (CBN); Festus Amede, Chairman, Committee of Chief Information Security Officers of Nigerian Financial institutions (CCISONFI; Dr. Adewale Peter Obadare, Chief Visionary Officer (CVO), Digital Encode Limited; Adetokunbo Omotosho, Chief Executive Officer, Cybervergent; Roosevelt Elias, Founder, Payble; Ikenna Ndugbu, chief compliance officer, Moniepoint MFB, and Peter Evbota, Sales Director at inq. Digital Nigeria Limited.

Payments Forum Nigeria is organised by TechCastle Foundation and sponsored by: inq. Digital Nigeria Limited, Cybervergent, Moniepoint, Digital Encode Limited, Payble with support from the Central Bank of Nigeria (CBN).

Continue Reading

GRTech

S Mobile Tech Hub Opens Registration to Entrepreneurs in Southeast

Published

on

Kingsely Adonu, founder and CEO, S Mobile Group

•⁠ ⁠500 successful candidates to get starter-packs

•⁠ ⁠Rolls our Free Data, Airtime to Civil Servants, Students, others

S Mobile Tech Hub, an offspring of S Mobile Group has open applications to technology entrepreneurs in the Southeast Nigeria.

S Mobile Tech Hub was recently conceived by Mr. Kingsley Adonu, a visionary entrepreneur and CEO/Founder S Mobile Group, who aims to manifest the Group’s deliberate programmes towards building a dynamic and vibrant startup ecosystem in eastern region of the country.

APPLY by visiting www.smobilegroup.com to register.

Speaking against this backdrop, Mr. Adonu, said that even against tremendous challenges faced by the youth in the Southeast, they must be actively engaged in digital skills development in order to eschew social vices and make positive contributions towards maintaining peace and progress in the region.

“Unfortunately, a lot of our young people are facing numerous barriers to participating in formal and informal sectors today. In December 2015, the United Nations Security Council adopted UNSCR 2250 on Youth, Peace and Security. The resolution was the first to recognise the important role young people can play in preventing conflicts, and sustaining peace.

“It is on this premise and more that S Mobile is thinking out of the box by extending digital skills programmes to empower the youth to be more economically relevant. This will also go a long way in supporting the efforts of the Governors in the Southeast who are not resting on their oars until we have crime-free society with less poverty index.

“S Mobile Tech Hub has been positioned as a platform for entrepreneurs to leverage trends to accelerate their skills and innovation especially in the areas of artificial intelligence, robotics, big data, etc., which have become embedded in our daily lives.

“We are rolling out free data and airtime to civil servants, students, farmers and other entrepreneurs, for connecting with MTN Nigeria services.

Also during the cohort 1 of S Mobile Tech Hub programme 500 successful technology entrepreneurs across the Southeast region will be sponsored with the starter-tools to live their dreams.

“Together, let’s turn technology into your personal pathway to empowerment, growth, and societal well-being. Don’t just dream about a brighter tomorrow; let’s build it together today!”, the company said on Wednesday.

Continue Reading

GRTech

2024 Sophos Threat Report: Cybercrime on Main Street Details Cyberthreats Facing SMBs

Published

on

Sophos Launches Managed Detection and Response (MDR)
  • Data and Credential Theft Malware are Top Two Threats Against SMBs in 2023, Accounting for Nearly 50% of All Malware Sophos Detected Targeting this Market Segment
  • Ransomware Still the Biggest Threat to SMBs; Business Email Compromise on the Rise, Along with More Sophisticated Social Engineering Tactics

Sophos, a global leader in innovating and delivering cybersecurity as a service, today released its annual 2024 Sophos Threat Report, with this year’s report detailing “Cybercrime on Main Street” and the biggest threats facing small- and medium-sized businesses (SMBs*).

According to the report, in 2023, nearly 50% of malware detections for SMBs were keyloggers, spyware and stealers, malware that attackers use to steal data and credentials.

Attackers subsequently use this stolen information to gain unauthorized remote access, extort victims, deploy ransomware, and more.

The Sophos report also analyses initial access brokers (IABs)—criminals who specialize in breaking into computer networks.

As seen in the report, IABs are using the dark web to advertise their ability and services to break specifically into SMB networks or sell ready-to-go-access to SMBs they’ve already cracked.

Sophos
Above: Discovered by Sophos X-Ops: a sample of a dark web forum post advertising access to a small U.S. accounting firm. Additional examples of cybercriminal forum ads targeting SMBs, by industry and country, are in the 2024 Sophos Threat Report.

“The value of ‘data,’ as currency has increased exponentially among cybercriminals, and this is particularly true for SMBs, which tend to use one service or software application, per function, for their entire operation. For example, let’s say attackers deploy an infostealer on their target’s network to steal credentials and then get hold of the password for the company’s accounting software. Attackers could then gain access to the targeted company’s financials and have the ability to funnel funds into their own accounts,” said Christopher Budd, director of Sophos X-Ops research at Sophos. “There’s a reason that more than 90% of all cyberattacks reported to Sophos in 2023 involved data or credential theft, whether through ransomware attacks, data extortion, unauthorized remote access, or simply data theft.”

Ransomware Still the Biggest Cyberthreat to SMBs

While the number of ransomware attacks against SMBs has stabilized, it continues to be the biggest cyberthreat to SMBs. Out of the SMB cases handled by Sophos Incident Response (IR), which helps organizations under active attack, LockBit was the top ransomware gang wreaking havoc. Akira and BlackCat were second and third, respectively. SMBs studied in the report also faced attacks by lingering older and lesser-known ransomware, such as BitLocker and Crytox.

Ransomware operators continue to change ransomware tactics, according to the report. This includes leveraging remote encryption and targeting managed service providers (MSPs).

Between 2022 and 2023, the number of ransomware attacks that involved remote encryption—when attackers use an unmanaged device on organizations’ networks to encrypt files on other systems in the network—increased by 62%.

In addition, this past year, Sophos’s Managed Detection and Response (MDR) team responded to five cases involving small businesses that were attacked through an exploit in their MSPs’ remote monitoring and management (RMM) software.

Attackers Sharpen Their Social Engineering and Business Email Compromise (BEC) Attacks

Following ransomware, business email compromise (BEC) attacks were the second highest type of attacks that Sophos IR handled in 2023, according to the Sophos report.

These BEC attacks and other social engineering campaigns contain an increasing level of sophistication. Rather than simply sending an email with a malicious attachment, attackers are now more likely to engage with their targets by sending a series of conversational emails back and forth or even calling them.

In an attempt to evade detection by traditional spam prevention tools, attackers are now experimenting with new formats for their malicious content, embedding images that contain the malicious code or sending malicious attachments in OneNote or archive formats.

In one case Sophos investigated, the attackers sent a PDF document with a blurry, unreadable thumbnail of an “invoice.” The download button contained a link to a malicious website.

Continue Reading

Trending