Ransomware attacks of the past decade have significantly reshaped how organizations approach cybersecurity. Lessons have been learned, but the key question remains: are we becoming better at preparing for what comes next? The need for proactive measures and preparation is more crucial than ever.
As the world around us becomes unavoidably led by digital everything and we take a very pronounced turn into an internet-dependant universe, the urgency of our lives and finances being exposed and up for grabs increases exponentially. The impact of successful cyber attacks, particularly ransomware attacks, is soaring. These attacks are not only becoming more common and frequent but also evolving at an alarming rate, largely thanks to the rise of cryptocurrencies. They have transformed from a simple nuisance to a multibillion-dollar global threat targeting the vulnerabilities of individuals across several businesses, sectors, and governments. And what’s worse, there’s no sign of abating, at least not in the near future.
Ransomware attacks are becoming more efficient and growing in scale, with increasingly sophisticated techniques and staggering stealth. Cyber thieves are still wreaking havoc in the digital world, and the scale of their operations is unprecedented. For this reason, as experienced mobile app and software developers, we at Foonkie Monkey wanted to examine ransomware as a threat and examine the key lessons we learned from some of the most significant ransomware attacks of the 2020s.
What is ransomware?
Ransomware is a type of malicious software created to encrypt and block the victim’s files, data, and overall access to their computer system or server, rendering it useless until a ransom is paid, often in cryptocurrency. Ransomware attacks typically occur via phishing emails or malicious links to trick the victim into downloading or opening files that ultimately infect the user’s device or system. Files are typically encrypted using complex algorithms, and a message displaying the ransom requirements in exchange for the decryption key appears on a lock screen.
There are different types of ransomware; some encrypt files and data, others lock users out of their devices encrypting files, others combine encryption with the threat of leaking sensitive data, and others, such as Ransomware-as-a-Service (RaaS), even sell or lease their software to other cybercriminals, splitting the profits. The reality is that ransomware attacks are getting more frequent as technology advances. In fact, their incidence has risen by 13% in the last five years, with an average cost of $1.85 million per incident. This makes it crucial for everyone, especially app developers, to understand that the fight against ransomware is an ongoing battle that requires continuous learning and education to stay ahead of these threats.
Three of this decade’s high-profile ransomware attacks to learn from
WannaCry (2017)
WannaCry, a worldwide ransomware attack that began in May 2017, quickly escalated to become one of the most widespread and devastating cyberattacks in history. It targeted users with Windows-based computers, encrypting their files and demanding ransom payments in cryptocurrency, typically Bitcoin, for file decryption. The attack spread globally, using EternalBlue, an exploit based on a Windows vulnerability created by the NSA. The NSA allegedly did not disclose this vulnerability to Microsoft until their systems were breached, and EternalBlue was stolen and auctioned publicly by a hacking group named the Shadow Brokers. Microsoft released a patch for Windows to address this issue, but a worm named WannaCry, not long after, used EternalBlue to hack into computers that didn’t receive the security update.
The financial toll of this attack was significant, affecting over 200,000 computers in 156 countries. The ransom costs, ranging from $300 to $1,500 per computer, totaled more than $4 billion. Among the high-profile victims were the UK’s National Health Service (NHS), FedEx, Nissan, and Renault.
Lessons learned
1. Developing and installing patches. Developers must place security at the forefront and thoroughly test and target vulnerabilities in their software products.
2. Educate users. Organizations and users must be educated about software patches so that they understand that promptly installing them and applying security updates is critical to protecting against known vulnerabilities.
3. Stop relying on legacy code. Using outdated codebases that don’t support updates dramatically increases the incidence of vulnerabilities.
4. Facilitate proactive security. Strong firewall authentication methods, enforcing backup practices and endpoint protection, and emphasizing employee training can help prevent future attacks.
Colonial Pipeline (2021)
Joe Biden deemed the Colonial Pipeline attack a national security threat, and with good reason. It occurred in May 2021 and was undoubtedly one of the most damaging ransomware incidents in US history, hitting fuel supplies along the East Coast. Colonial Pipeline, responsible for supplying and transporting fuel, diesel, and heating fuel to the entire northeast region, got its IT systems attacked by the ransomware group DarkSide, encrypting key data and demanding a ransom payment of $4.4 million in Bitcoin. DarkSide gained access to Colonial Pipeline’s system via a compromised password used on a disused VPN account without robust authentication methods. The company swiftly paid the ransom and got their data back without causing widespread disruption to fuel supplies along the East Coast.
Lessons learned
1. Implement robust authentication mechanisms. This attack highlighted that weak or compromised login credentials are a common entry point for attackers. Employees and other stakeholders must be educated on the importance of secure credentials.
2. Critical infrastructure needs special attention. Due to their economic impact, Critical infrastructure systems, such as healthcare and banking, are often attractive to attackers. Therefore, apps and software intended for use in these scenarios require special security measures.
3. IT-OT segmentation. The Colonial Pipeline incident serves as a stark reminder of the necessity of IT-OT segmentation. When its IT systems were attacked, the company had to shut down its operational technology (OT), disrupting fuel and energy supply. We must be aware of these risks and prepared to implement better segmentation to prevent threats from spreading across systems.
Costa Rican government attack (2022)
In April 2022, Costa Rica suffered what they called a “national emergency” when the Conti ransomware group attacked the nation’s infrastructure and crippled key government services via compromised login credentials on one device. The group’s initial target was the Ministry of Finance, whose digital tax service and customs control were brought to a standstill, leading to chaos, delayed import/export operations, and millions of dollars in losses. The group demanded a ransom payment of $10 million in cryptocurrency, a demand the government refused. This refusal, while leading to further attacks on several other ministries and leaking over 600GB of data, also demonstrated the government’s commitment to not negotiate with criminals.
Lessons learned
1. Critical infrastructure demands special attention. As we’ve highlighted, critical infrastructure systems are not just attractive to attackers, but their potential economic impact is significant. Therefore, exceptional attention to these systems and robust security measures are always necessary.
2. Incident response plans. The Costa Rican government’s experience underscores the need for robust incident response and recovery plans. In any scenario, it’s critical to be prepared and act swiftly to mitigate the impact of cyber attacks.
Final word
As ransomware continues to pose a significant threat, the lessons learned from the major attacks of this decade highlight the urgent need for proactive cybersecurity measures. App developers, organizations, and stakeholders must adopt multi-layered defense strategies, including strong backup systems, regular software updates, user and employee training, and incident response planning. But more importantly, by learning from past incidents and taking a forward-thinking approach, we can collectively reduce the risks posed by ransomware and build a more resilient digital ecosystem for the future. It’s essential to respond to current threats and anticipate and prepare for future ones.
With more than a decade of experience in app development and creating highly secure software products, we at Foonkie Monkey understand the importance of keeping IT systems safe, regardless of their size or reach. So, if you have any questions about ransomware or want to work with us, don’t hesitate to contact us!
