The Caribbean is increasingly a choice target for ransomware. During late October 2020 one of Trinidad and Tobago's largest conglomerates notified the public that a cybersecurity incident that began at its Barbados operations had migrated to Trinidad, affecting operations in some of its subsidiaries. The hackers behind the attack, REvil, claimed to have control over 17,000 critical files. The attackers threatened to make the files public unless a ransom was paid. Duly, when the company refused to pay the ransom, the cybercriminals reportedly released the information to the dark web.
Ransomware is one of the most feared types of cyber-attack. The malware encrypts files and documents, and often facilitates exfiltration, preventing work, locking up vital information, and providing a route to exposure. A ransom, often running into many tens of thousands of dollars or more, is required to obtain a decryption key. Ransomware is one of the most prevalent and successful types of cyber-attack. In 2020, according to a report from Sophos, over half of those surveyed had been victims of a ransomware attack.
The Caribbean is often missed out on reports into ransomware attacks. However, the region is as much at risk as anywhere else in the world.
Ransomware is a world-wide problem. The 2017 WannaCry ransomware attack was proof that these types of cyber-attacks are of world-wide relevance. At its peak, WannaCry infected organizations in over 150 countries, including The Caribbean. The warning signs that cybercriminals were focusing on The Caribbean has been seen in a number of reports. In 2016, a publication from the Center for Strategic Studies and McAfee focused on Latin America and the Caribbean stating that the region has “become a new frontier for cyber-attacks and crime at an estimated cost of around US$90 billion per year”. In 2017, PricewaterhouseCoopers (PwC) Caribbean Region put out a warning that Caribbean firms were “not paying enough attention to cybersecurity risks”. These reports were published during increasing ransomware attacks on organizations in the region.
Ransomware attacks are financially motivated. But the fraudsters behind the crime also look for ‘low-hanging fruit’, that is, companies that are least placed to prevent or manage such an attack. The cybercriminals behind ransomware also look for firms who are simply not taken precautions. Many recent targets of ransomware have included local government with some high-profile U.S. victims. A report from Barracuda found that 60% of all ransomware attacks in the US targeted local or state government. One of those hit by ransomware, Florida City, ended up paying over $600,000 in ransom money. Similar threats to organizations in The Caribbean are being seen as evidenced by the high-profile attack against ANSA McAl.
In October 2020, Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) published an advisory notice that a significant increase in ransomware attacks targeting Caribbean organizations has been identified.
The notice asked local firms to be diligent and aware of the threat level. The notice also described a number of key preventative measures against the main vectors used to target Caribbean firms, namely:
All three of these vectors are well known methods used to infect corporate networks with ransomware. Phishing, for example, is still the main way that malware ends up on a device. Phishing causes 90% of data breaches and 1 in 3 employees have been found to click the malicious link in a phishing email. Phishing is behind credential theft and malware infection with credential loss due to phishing increasing by over 280% since 2016. The intelligence gathered by (TT-CSIRT) is vital in helping Caribbean firms to mitigate these types of attacks.
Caribbean firms must be vigilant against the impact of ransomware. To do so, an organization should ensure certain measures are employed:
The Caribbean may be small in scale in comparison with some of the territories around the world, but this does not place the region outside of the cybercriminal target list. While the TT-CSIRT has stated that Caribbean businesses are increasingly ransomware targets, these attacks do not need to result in an incident. By putting some key measures in place, the likelihood of a successful ransomware attack is much reduced.