Watch out for ransomware, the ultra-dangerous computer attacks demanding payment, says Kevin McDonald, the chief operating officer of computer security company Alvaka Networks in Irvine.
“In the last couple of years, it’s gone from every half hour to every 14 seconds; now they’re saying it’s going to be down to every 11 seconds that a person or a new organization gets a ransomware attack,” McDonald told the Business Journal on June 30. “We are seeing a massive uptick.”
The estimate of the increased frequency of ransomware attacks comes from Cybersecurity Ventures.
He’s seen “entire organizations that are brought to their knees by these attacks. In some cases, they don’t survive it.”
The attackers include state actors such Russia, North Korea and Ukraine, as well as private entities.
In basic terms, ransomware is a type of malicious software that prevents users from accessing their system. “This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back,” Alvaka said.
Guards against attackers include computer patches against vulnerabilities, multi-factor or dual-factor authentication to get into a computer system, backing up data locally and getting insurance that includes ransomware payments, among several other recommended steps.
“Ransomware is by far the biggest threat, I think, to organizations that I’ve ever seen,” McDonald said.
Alvaka, which provides computer monitoring and security services around the clock among other services, is one of several companies either based in or with substantial operations in OC fighting against cyberintruders, including BlackBerry Cylance, SecureAuth and CrowdStrike in Irvine, and Cisoshare in San Clemente.
Alvaka has about 100 consistent, regular clients with another 10 seeking emergency help at any given time, according to McDonald.
“We’re actually very busy,” McDonald said of Alvaka’s current work, which has seen a new focus during the pandemic as companies’ worker bases have operated from home.
McDonald, who is also Alvaka’s chief information security officer, advises corporate executives, federal and state legislators, law enforcement, high-net-worth individuals and other business leaders. He held a webinar on the dangers of ransomware on June 24.
“There are a thousand variants of ransomware right now, or more.”
“The scary part is that it only takes one infected machine to take down an entire company,” Alvaka said.
Ransomware can have “sleeper versions.” They are programed to hide within a victim’s machine for as long as weeks after the infection, making it even harder to detect the machine that was originally infected or where the infection came from.
“It is a highly profitable, highly-unlikely-you’re-going-to-get-caught type of crime. People tend to have to pay,” according to McDonald. The ransoms can also let state actors and other attackers “operate the other illicit things that they’re doing.”
Targets include healthcare companies, defense contractors, school districts, city governments and lawyers.
“We’ve seen ransoms that go from $1,500 all the way to $3.2 million,” he said, cautioning that “recovery costs are typically multiples of the ransom.”
The global average payment now, according to cybersecurity and data firm Coveware Inc., is $111,605 a 33% rise from the last three months of 2019.
The ransomware cyberintruders are also “taking highly sensitive information and storing it in their environment, so that if you refuse to pay the ransom, they will then extort you for money to not release the data that they have,” McDonald said.