AK: US ransomware attack aftermath food for thought in Estonia too

$content['photos'][0]['caption'.lang::suffix($GLOBALS['category']['lang'])]?>
Information System Authority (RIA) logo. Source: Nelli Pello/RIA

Ransomware attacks have been reported in Estonia, authorities say, in the aftermath of a recent breach in the US which disrupted oil flows in a major east coast pipeline. The sums involved are far from that scale, however, ETV news show "Aktuaalne kaamera" (AK) reported Tuesday night, though they can affect plenty of firms and individuals.

In the current situation where remote work is common, simple security holes are also prevalent and being exploited by cyber criminals, the Information System Authority (RIA) says.

Ransomware involves trojan malware systems finding their way into the victim's IT system, for instance via a phishing email or a vuln in a network service. Often an app then restricts or locks the system, demanding payment to unlock it.

RIA's recommendation when asked about such attacks is that in no circumstances should ransoms be paid, pour encourager les autres as much as anything.

RIA senior analyst Lauri Tankler told AK that: "Since money has been paid to such groups for years, they have been coming up with better and better cyber ransomware products, and are able to do more and more harm to society as a result."

While the sums demanded in Estonia are much smaller than those found in, say, the U.S., the principle is the same, Tankler said.

"We hear about four or five cases of ransomware attack across Estonia per month, including both very small and large companies and institutions, and some service providers who also offer services to smaller institutions. So, numerically, this issue may still seem small in Estonia, but every ransomware case actually affects a lot of people," Tankler added.

Of concrete examples, two family doctors as well as some manufacturing and trading firms have experienced ransomware attacks in recent times, though companies are reluctant to speak about the issue publicly, AK reported.

While both Washington and Moscow have commented on the recent pipeline attack, the attackers themselves say their sole motivation is financial.

U.S. public network NPR reports that last weekend's mass attack on Colonial Pipeline networks shut down a critical oil pipeline, Line 4, from the U.S. Gulf Coast to as far north as New York. While service is being restored, disruptions in a pipeline that carries half of the oil used on the entire eastern seaboard of the U.S. are ongoing.

The FBI says ransomware known as DarkSide is behind the attack, which also pushed up the price of crude oil and added instability to financial markets. 

The incident has insurance and other risk issues, with smaller companies being particularly vulnerable and demand for ransomware insurance continuing to grow, AK reported.

Spokesperson for insurance firm Iizi Helen Evert told AK that: "The picture is likely not looking very good. At present, a lot of insurance solutions cover the risk, but due to the fact that many countries have decided to ban the payment of ransoms as such, for example in France, it will probably be struck off what most insurance firms will cover in future."

At the same time, the role of an insurance firm is not to aid and abet crime in covering ransom payments, but simply to reduce damage and help a client to restore the status quo before the attack and without paying a ransom.

DarkSide hacked Colonial Pipelines' central server rather than computers controlling the pipelines themselves. The ransomware installed there encrypted crucial files and demanded a ransom payment to decrypt them.

--

Follow ERR News on Facebook and Twitter and never miss an update!

Editor: Andrew Whyte

Hea lugeja, näeme et kasutate vanemat brauseri versiooni või vähelevinud brauserit.

Parema ja terviklikuma kasutajakogemuse tagamiseks soovitame alla laadida uusim versioon mõnest meie toetatud brauserist: