INTERPOL and Kaspersky joined hands in a Stop Ransomware campaign to educate businesses on the importance of cyber hygiene.

On May 12, 2017, the largest ransomware epidemic in history, WannaCry, reached its peak.

Now, three years later, this threat is still—along with other ransomware—affecting people and companies.

Ransomware has become a big challenge for many organizations. Even though this is not the most advanced threat from a technical point of view, it allows criminal actors to block business operations and extort money. As a result of a ransomware incident, organizations lost on average US$1.46 million in 2019; which included costs for downtime, fines and damage to reputation.

The WannaCry scourge was the most noticeable of its kind, spreading with the help of an advanced cyber-weapon, EternalBlue, which is a complex and effective exploit used to target a previously-unpatched vulnerability in Windows. As a result, WannaCry caused a real worldwide cyber-epidemic.

However there is little reason to give up, as protection from ransomware is possible through feasible security measures. On May 12, Kaspersky, together with INTERPOL, encouraged organizations to follow specific security practices and make sure they have reliable protection against ransomware, especially since recent statistics confirm that the threat is still relevant.

According to Kaspersky’s research, a total of 767,907 users were attacked by encryptors in 2019 – with almost a third of them (30%) being in businesses. Of all the encryption families, WannaCry still was the most common—in 2019, it attacked 164,433 users and accounted for 21% of all detected attacks. With a significant margin, it was followed by other families such as GandCrab (11%) and Stop (4%). The first one is a well-known ransomware-as-a-service developed by a team of criminals and rented to the broader community and had been in distribution for years. The Stop ransomware campaign is also a well-known threat spread through compromised software, websites, and adware.

Said Craig Jones, Director, INTERPOL Cybercrime Directorate: “Since the outbreak of WannaCry, cybercriminals have diversified their attack vectors to launch ransomware attacks. Their focus and attacks have become more targeted and moved to businesses, governmental and healthcare organizations where the information is critical, so as to demand higher ransoms. Hospitals were the most vulnerable amid the COVID-19 pandemic, as those attacked had lost access to critical medical equipment and patient information. INTERPOL Global Cybercrime Programme has supported those victim organizations to recover from the attacks and prevent any further damages. Now, we are working closely with our member countries and private partners, including Kaspersky, to raise public awareness for the mitigation and prevention of cyberthreats by running a global awareness campaign during May 2020. The campaign, which encourages the public to keep good cyber hygiene and to #WashYourCyberHands, focuses on ransomware this week to support Anti-Ransomware Day.”

Kaspersky’sHead of B2B Product MarketingSergey Martsynkyancommented: “The WannaCry epidemic, which saw companies lose millions because of downtime or costs related to reputational damage, demonstrated what can happen if ransomware happens on such a large scale. The threat remains relevant today, as there will be users out there who still may not know much about it and can become a victim. The good news is that the right security approach and relevant measures can make ransomware yet another non-critical threat. And we would like Anti-Ransomware Day on May 12 to become the day when businesses and users globally no longer face challenges with ransomware.”

Experts suggest that organizations should take the following anti-ransomware measures as soon as possible to stay protected from ransomware:

  • Explain to employees, or conduct training to show how following simple cybersecurity rules can help a company avoid ransomware incidents.
  • Always have fresh back-up copies of your files so you can replace them in case they are lost (e.g., due to malware or a broken device). Store them not only on the physical device but also in cloud storage for greater reliability. Make sure you can quickly access them in an emergency when needed.
  • It is essential to install all security updates as soon as they become available. Always update your operating system and software to eliminate recent vulnerabilities.
  • Windows 7 vulnerabilities will no longer be patched by Microsoft, so businesses should no longer rely on this outdated operating system.
  • If a corporate device is encrypted, remember that ransomware is a criminal tool. You should not pay the ransom the attackers demand. If you become a victim, report it to your local law enforcement agency. Try to find a decryptor on the internet first—some of them are available for free here: https://www.nomoreransom.org/en/index.html.