With Ireland’s health service the latest victim of a significant ransomware attack, and reports that Colonial Pipeline in the U.S. paid a ransom to be released from a similar attack, a University of Guelph cybersecurity expert says it seems hat hackers are discovering that relatively unsophisticated attacks can be successful.
Dr. Ali Dehghantanha is the Canada Research Chair in cybersecurity and threat intelligence and the director of U of G’s Cyber Science Lab, which is dedicated to advancing research and training in cybersecurity.
Ransomware attacks typically involve criminal hackers disrupting computer systems data that block access, and then demanding payment — often in cryptocurrency — in return for restoring access.
Dehghantanha said that while ransomware is a relatively old type of cyberattack and among the least sophisticated, it is still posing a significant risk to businesses and critical infrastructure.
“Characteristics such as their being easy to deploy, a low bar for developing new ransomware and the rise of anonymous money transfer services let attackers perfect their techniques and cause significant damage,” he said.
While law enforcement agencies advise not to pay ransoms, many businesses find paying wht the attackers wans is the quickest way to get “back to normal,” he said.
“This, unfortunately, helps cybercriminals significantly as the average ransom amount is now more than $1 million,” he said.
Dehghantanha, who is the the director of U of G’s Master of Cybersecurity and Threat Intelligence program, added that there are relatively easy “cyber hygiene practices” that businesses and average citizens can do to help reduce the risk of such attacks, including regular backup of data and regular changes of credentials.
He recently spoke to CTVNews.ca about how even second-year computer science students have the skills to build ransomware and offered tips for what to do if someone demands payment for access to your data or computers.
He is available for interviews.
Dr. Ali Dehghantanha