Ransomware attacks on UAE businesses rose during pandemic: Report

Cybersecurity firm Cybereason released a report on Wednesday which found that 37 percent of its surveyed companies in the United Arab Emirates had been hit by a ransomware attack within the last 24 months.

Cybercriminals recognized the opportunity to capitalize on the chaos and confusion that companies faced during the pandemic. Significant challenges were created for IT security teams who had to quickly adapt to the work-from-home model, which allowed expanding the attack surface for criminals, according to the Cybereason report.

Throughout the COVID-19 pandemic, UAE companies experienced a 250 percent increase in cyberattacks, online news media CNBC reported. The UAE government’s top cybersecurity chief Mohammed al-Kuwaiti told the news channel that as businesses moved to the online space there was a massive increase in cyberattacks.

“There is a cyber-pandemic, not only a biological pandemic,” he said.

A ransomware attack occurs when a cybercriminal blocks a person or organization’s access to their files and demands payment to restore access to them.

Of the UAE companies surveyed by Cybereason, 84 percent chose to pay the ransom – 24 percent higher than the global average- and 90 percent of those who paid the ransom, suffered a second ransomware attack, often at the hands of the same criminal group. In addition, 59 percent of those who opted to pay the ransom demand found that some or all of their data was corrupted during the recovery process.

Paying the ransom will not necessarily result in being able to access all your data and does not diminish the possibility of sensitive information or data on intellectual property being sold online once access is regained.

However, not paying the ransom will mean accepting this risk while also relying on the backup systems to restore the data. The financial impact of lost business combined with the effort and costs associated with the recovery could exceed the impact of the ransom demand.

“Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organization again, and in the end only exacerbates the problem by encouraging more attacks,” said Cybereason CEO and co-founder Lior Div.

He added that the solution to the problem would be to adopt a “prevention-first strategy for early detection” which will enable organizations to stop these attacks before they can cause harm to their business.

The report, which surveyed almost 1,300 security professionals across the world, also found that ransom demands were increasing; 63 percent of businesses that gave in to ransom demand in the UAE paid out between $350,000 to $1.4 million, while 10 percent paid ransoms exceeding $1.4 million.

In addition, 63 percent of the surveyed UAE organizations experienced a loss in revenues due to ransomware attacks and around 42 percent reported significant loss in revenue. This then led 29 percent of the organizations to lay off employees due to financial pressures.

“Ransomware attacks are a major concern for organizations in the UAE and across the globe, often causing massive business disruptions including the loss of income and valuable human resources as a direct result,” said Div.

While there has been a steady decrease in ransomware attacks recently, the attacks themselves have become more sophisticated with devastating impacts, the report found.

Companies adapted to these attacks by improving their processes to back up their data so that in the event of an attack, the company could simply ignore it and resume operations normally. The risk here lies in just how well cybercriminals have been able to adapt to this approach. The creation of Double Extortion malware attacks mean that criminals can first exfiltrate sensitive data and intellectual property then threaten to expose or sell the stolen data if the victim doesn’t meet the ransom demand.

The report suggests that to defend themselves against ransomware organizations need to follow security hygiene best practices (data backups and employee security awareness); deploy multi-layer prevention capabilities on all enterprise endpoints throughout the network; and implement extended detection and response solutions across the environment to end advanced ransomware attacks before they can gain footing on the systems.