The company Norsk Hydro has lost 45 million pounds because of a ransomware attack, but it is still considered a success case in the face of hackers' threats
Listen to this article
Ransomware is a malicious software that blocks and encrypts data in the computers of its victims, then they ask for a sum of money in order to restore access to information. In many cases, victims must pay within a time to avoid losing access to their files forever. According to Norton's official website, in 2017, the average price that was requested to release the files was $ 522 dollars.
Leer en español: Ransomware: ¿cuánto le puede costar a una empresa un ciberataque?
Not all ransomwares are the same. There are five big different types:
1. Crypto malware that is often used to spread through large corporate networks.
2. Lockers, which completely block the operating system of the affected computer.
3. Scareware, that simulates an antivirus and says to have found problems in the computer, in order to ask for a sum of money to solve them.
4. Doxware, that threatens to publish stolen information from the victim's files if the victim does not pay the ransom.
5. The RaaS, a form of ransomware that offers different options in exchange for a reduction in the sum of the ransom.
Norsk Hydro's case
Recently the Norwegian aluminum producer Norsk Hydro was the victim of a ransomware attack in which, according to the BBC, 22,000 computers were attacked in 40 different countries. Although the company decided not to pay the ransom, they had to make many changes in their operation to continue production.
For example, the production lines that make up the molten metal had to be replaced by manual functions, forcing the company to rehire some retired workers for tasks that until then had ceased to be necessary. However, some production lines had to be stopped.
Three months after the attack on Norsk Hydro, the company has not yet recovered and the cost of the adjustments has been 45 million pounds (56 million dollars). However, according to the BBC, "what they have lost in productivity and income, they have possibly gained in reputation".
"The company's response is being described as 'the gold standard' by law enforcement organizations and the information security industry - not only did they refuse to pay hackers, but they have also been completely open and transparent with the outside world about what happened to them," said the Periodista Digital portal.
Norsk Hydro was not the first big company to be attacked. In 2015, Armada, a collective of hackers, carried out a series of attacks against various Greek banks, after which it demanded from each bank the equivalent in Bitcoins of 7 million euros. However, the banks managed to increase their security and not pay the ransom.
The following year, the Hollywood Presbyterian Medical Center (HPMC) suffered a ransomware attack for which it had to pay an amount of $ 17,000 dollars to recover patient data and access to the company's network which was disabled for 10 days.
In the same year, the Ottawa Hospital was attacked by ransomware that affected more than 9,800 computers. However, the hospital responded by emptying their hard drives thanks to the fact that they had all their backup copies updated on other computers.
Finally, the San Francisco Municipal Transportation Agency was the victim of a new attack on Black Friday in 2016. The agency refused to pay the ransom of what amounted to $ 73,000 dollars in Bitcoin and was able to restore its operation in two days. However, the losses generated by the attack were enormous, because, in the absence of a functional system, thousands of passengers could use the transport service at no cost for these two days.
How to protect yourself from ransomware?
Faced to the severity of these attacks, the official Norton antivirus page provides a series of tips to avoid being a victim of a ransomware.
The main tip is to use security or antivirus software and keep it up to date so that it works to its full potential. Likewise, it is recommended not to automatically open email attachments or emails from unknown recipients, as email is one of the main methods to deliver ransomware. Suspicious emails should be deleted immediately.
It is also recommended to have a backup copy of important files on an external hard drive or in the cloud to avoid losing them in case of an attack.
The FBI recommendation: do not pay
This week, Baltimore City mayor Jack Young announced that, during the conference of mayors of the United States, a resolution was signed in which it is agreed not to pay hackers during ransomware attacks. According to Young, more than 170 district, municipal or state governments have already been targeted by ransomware since 2013, with 22 attacks registered so far in 2019.
Young talked about this after Baltimore City systems suffered a ransomware attack in May that caused them $ 18 million dollars in losses. These could have been minimized to about $ 76,000 if the city had paid the extortion, but they complied with the FBI's security recommendations.
"The FBI recommends victims never pay extortion to hackers, the payment can encourage continued criminal activity, lead to other attacks and can be used to facilitate other serious crimes," one can read in an organization's email sent to the cybersecurity firm CSO.