Austria: Company Pays 4 Million Euros Ransom due to Ransomware Attack
There are numerous reasons as to why data theft and hacking or phishing attacks occur: outdated systems, insufficient backups and security updates and a lack of risk awareness. The results are damages in the millions โ and the situation is getting worse, explains Rรฉmi Vrignaud, head of the Allianz Group in Austria: โIt is the fastest growing field of crimeโ.
Companies of all sizes affected
Cybercriminals target companies of all sizes, not just big corporations. According to a survey conducted among 500 small and medium-sized enterprises (SMEs) by the German Road Safety Board (Kuratorium fรผr Verkehrssicherheit), 80 percent of companies have, in recent years, been affected by cyber attacks. The sums of incurred damages range widely, though most lie between 130 and 10,000 euros. Some SMEs reported losses of up to 150,000 euros.
4 million euros ransom
According to the Austrian Federal Criminal Police Office, one of the largest enterprises of the country has recently been struck โ and badly so. To get all IT systems back up and running, the company paid the blackmailers 4 million Euros in Bitcoin; but the perpetrators remain unknown.
Unfortunately, this is no isolated case. Cybercrimes are on the rise. In 2018, the Austrian police received almost 20,000 reports related to cybercrime, which is almost 17 percent (or around 10 reports per day) more than the year before. The dark figure is assumed to be much higher because many cases are not reported at all.
Watch Our Demo Video to See tenfold in Action!
Destroy, extort
Criminal motives vary. The purpose of an attack may simply be to destroy systems, or there could be financial reasons involved โ in which case a ransom could be demanded.
In both cases, financial losses will be the consequence. Globally, the damages caused by cybercrime are estimated to an incredible 600 billion US dollars. This is equivalent to about one and a half times Austriaโs yearly gross domestic product (GDP).
Businesses are responding
Back to Austria. According to insurance group Allianz, approximately one in five companies today has taken out cyber insurance. A good solution, though not perfect. Because, as we recently discussed in another blog post, not all damages will be covered. The Austrian Federal Economic Chamber has set up a hotline dedicated specifically to affected companies: In the event of an attack, members of the Austrian Federal Economic Chamber can call +43 800 888 133.
Conclusion
The reasons for why a company may make a desirable target for cyber attacks is well known and it is precisely here where companies need to cut in:
- Update or upgrade outdated systems.
- Backup files.
- Create awareness among employees regarding potential cyber attacks.
Obviously, you can and should take further actions to protect your data, for instance by setting up a modern identity and access management system. Keep in mind that, besides the stipulations of the GDPR, cybercrimes, too, are valid reasons to ensure that only those people are given access to sensitive company information who actually need it to carry out their respective duties in the company.
Access Governance Best Practices for Microsoft Environments
Everything you need to know about implementing access control best practices in Active Directory, from implementation tips to common mistakes.
Sources:
The Evil Internet Minute 2019
CYBERCRIME TACTICS AND TECHNIQUES:Ransomware Retrospective
Ransomware. The new threat to business uptime.
Report: 2019 Phishing By Industry Benchmarking