A thriving business can face significant harm from a ransomware attack, and businesses in the UAE are highly susceptible to ransomware dangers.
So, what is ransomware? It is a malicious program that uses encryption to seize and control a company’s or an individual’s data. When ransomware encrypts your data, you or your organization cannot reach files, databases, or applications. The growing threat of ransomware attacks often leads businesses to pay substantial amounts of money to cyber criminals to reduce the attack’s impact.
Apart from paying the ransom, these attacks can cause considerable damage and result in significant financial troubles for companies. Netskope’s solutions engineer, Steve Foster, notes that ransomware in the UAE will continue increasing in 2023 and beyond. “In the coming year, we will likely see more groups performing more devastating attacks, more affiliates being involved in these attacks, newer payloads and tools being used, and newer techniques like collaborating directly with malicious insiders,” he said during an interview with Arabian Business.
Ransomware attacks target UAE businesses daily.
According to a 2021 report, UAE businesses have paid over 5.1 million UAE dirhams (or $1.4 million) as ransom fees to regain system access after ransomware attacks in the past two years. Additionally, 42% of these enterprises were forced to halt their activities following a ransomware attack.
Dr. Mohammed Al Kuwaiti, head of cybersecurity at the Government of the UAE, pointed out a recent case in which a ransomware attack targeted a financial institution. The attackers demanded a ransom of $2 million. However, the institution chose not to comply with the demand, aligning with advice against engaging with such attackers. Dr. Al Kuwaiti also emphasized a recent occurrence involving a UAE-based bank. Fortunately, the bank’s strong security measures successfully prevented the attack.
While some organizations can prevent ransomware attacks successfully, the threat has grown in 2023. Ransomware groups pose a significant worldwide threat, expanding their influence into the Middle East. Their deeds have observed an astonishing 77% increase in activity in the first quarter of 2023 compared to a similar period in 2022. According to insights from the Group-IB report, nations within the Persian Gulf area have been particularly singled out. Among these, the UAE comprised 33%, followed by Saudi Arabia at 29% and Kuwait at 21%.
However, Kaspersky Security Network reported ransomware attacks decreased in Q2 2023. Kaspersky noted that ransomware incidents in the UAE decreased by 9.5%. Although ransomware might be increasing in certain regions while experiencing a decrease in others, the common trend is the growing complexity and precise focus that the ransomware attackers exhibit. Cybercriminals are currently aiming at a diverse range of organizations, including healthcare and educational institutions, service providers, and industrial enterprises.
Recent ransomware attacks on UAE organizations
1. UAE Invest Bank refuses to pay $3 million ransom
UAE Invest Bank, a notable financial institution, boasts a significant group of users, particularly Internet banking users. In 2015, a hacker managed to breach the bank’s system, accessing SQL databases, transaction records, and customer details, which included credit card information, purchase sums, and validation codes. The hacker demanded a ransom of $3 million in bitcoins. However, the bank chose not to meet the demand, causing the hacker to publicize the stolen data through a Twitter account. Luckily, there were no financial losses incurred due to this event.
2. Moorfields Eye Hospital falls victim to ransomware group
Moorfields Eye Hospital, located in Dubai, faced a cyberattack perpetrated by the AvosLocker ransomware group in 2021. The ransomware group acquired a substantial amount of data in the attack, totaling 60GB. The data encompassed duplicates of ID cards, insurance claims, financial papers, call records from the hospital, internal messages, and more. The breach was likely facilitated through malicious emails or ads containing the malware. The attackers proceeded to encrypt the stolen information, but there was no information on the demanded ransom amount. Despite the security breach, the hospital maintained its operational services without interruption. At the same time, they initiated communication with the affected users and launched an investigative initiative to tackle the breach.
3. Dharma ransomware causes chaos across the UAE companies.
A contracting company based in Dubai faced a significant setback when a hacker blocked their access to their computer systems. The ransomware incident affected all organizations contracting the company for various IT systems. The hacker had unleashed the well-known crypto virus named Dharma, which led to the encryption of all their files. The Dharma ransomware is infamous for its worldwide spread and consequences. However, it’s important to note that the decryption process for Dharma (.cezar family) is complex. The hacker demanded a $300 ransom in bitcoins to unlock the affected machines, but the company refused to pay, fearing that the encrypted files would not be restored.
What does the increasing ransomware mean for UAE organizations?
The increasing occurrence of ransomware attacks in the UAE is causing significant worries for organizations nationwide. As ransomware attacks persistently grow in frequency and complexity, businesses must brace for potential disruptions of core operations, loss of crucial information, financial losses, and damage to their reputation.
Furthermore, the exposure of sensitive data may lead to regulatory fines and breaches of data privacy rules. Therefore, UAE organizations must implement strong cybersecurity measures to counter these risks and effectively maintain a robust security posture.
Defending against ransomware
1. Prioritize consistent data backups.
Defending against ransomware necessitates a multifaceted strategy. Firstly, organizations must prioritize consistent data backups and store them in a secure, isolated environment.
Maintaining current backups allows for data restoration in the event of an attack without giving in to the attackers’ demands.
2. Cybersecurity training and awareness.
In addition, UAE organizations must prioritize training and awareness for all employees. Educating staff about phishing emails, harmful attachments, and dubious links can considerably decrease the likelihood of ransomware infiltrations that result from human error.
3. Implement robust email security controls.
Another security control involves implementing robust email filtering and security solutions as a proven measure that intercepts and blocks such dangers before they reach employees’ email accounts.
4. Regular software updates and patches.
Moreover, organizations should adopt a proactive cybersecurity stance comprising regular updates and software patches to mitigate known exploitable vulnerabilities.
5. Advanced endpoint protection systems.
Also, advanced endpoint protection systems can identify and counteract ransomware threats in real time. More importantly, collaboration with reputable cybersecurity companies, ongoing monitoring, and devising plans for incident responses help recognize, contain, and neutralize ransomware attacks.
