The Good, the Bad and the Ugly in Cybersecurity – Week 42

The Good

This week saw the launch of a series of meetings tied to the recently-launched “US National Security Council Counter-Ransomware Initiative”. The overarching goal is to garner support from other countries and then band together to address the ongoing threat of ransomware.

During the “Virtual Counter-Ransomware Initiative Meetings”, US President Joe Biden and leaders from other countries agreed to focus not only on the enormous threat that ransomware poses to national infrastructures, but also to hold accountable those that participate in the “ransomware economy”. It was agreed that it should be considered unacceptable to harbor ransomware operators within the participating countries’ borders.

The list of participating countries included Australia, Brazil, Bulgaria, Canada, Czech Republic, the Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Arab Emirates, the United Kingdom, and the United States. Notably absent, of course, were Russia, China, Iran and North Korea.

Not all of the meetings were open to the press, which makes sense given the sensitivity of some of the targets involved, like critical infrastructure. All in all, the meeting is a welcome rally call to all the participating allies and partners. Ransomware is a global problem, and requires a unified, global effort to truly counter it.

And on that note…

The Bad

This week, unfortunately, we saw no breaks in the occurrence of highly-impactful cyberattacks. Ecuador’s largest private bank, Banco Pichincha, was hit with a cyberattack over the weekend. According to a memo sent to employees, systems including email, self-service banking, and back-end banking applications were affected by the attack.


Externally, the bank’s websites were affected along with ATMs and other kiosk-based services being rendered out of service. At the time of writing, it has not been confirmed whether or not this was a ransomware attack although some malware components like Cobalt Strike have already been identified in the impacted environment by investigators.

A similar scenario played out at the University of Sunderland, UK on Thursday. The university said its IT systems were likely suffering from a cyber attack and that there would be no access to email, Office 365, and all other University business systems, from home or on campus. In addition, no University networks, including Wi-Fi, would be available until further notice. As all the university’s IT systems were either overwhelmed or down, students were told to rely on updates from the school’s social media accounts for further details.

The Ugly

As if to underscore the relevance of the news stories above, this week saw the release of two ransomware reports by Google and Google-owned malware repository service VirusTotal that bleakly outline the scale of the threats facing businesses, and indeed, all of society, today.

VirusTotal’s ransomware report identified 130 different ransomware families active over the last 18 months after analyzing a staggering 80 million ransomware-related samples uploaded to the service. The report found GandCrab to be by far the most common threat out there.

  • GandCrab 78.5%
  • Babuk 7.61%
  • Cerber 3.11%
  • Matsnu 2.63%
  • Wannacry 2.41%
  • Congur 1.52%
  • Locky 1.29%,
  • Teslacrypt 1.12%
  • Rkor 1.11%
  • Reveon 0.70%

Attacks against Isreali targets were by far the most prevalent, the report stated, a statistic no sooner published than added to on Wednesday when hospital facility Hillel Yaffe Medical Center in Israel’s Northwest was forced to cancel and redirect all non-urgent procedures as a result of a ransomware attack.

Meanwhile, VirusTotal’s parent company Google said this week that on any given day, they are tracking more than 270 targeted or government-backed attacker groups from more than 50 countries. In 2021 to date, the company said they’d seen a 33% increase in attacks compared to last year.

What does all this mean for the average business? It means, cybersecurity-wise, we live in a dangerous world in which every organization is a potential target. If you’re not taking effective precautions to prevent and contain the possibility of a ransomware or other kind of cyber attack, you are gambling in a game where the odds of escaping a serious security incident are increasingly stacked against you.