Business

Ransomware as a Service presents a big threat to family offices

Extortion threats to family offices are increasing as cyber-criminals employ Ransomware as a Service (RaaS) to seek money from innocent victims. 

According to a survey by service provider Check Point, the number of organisations hit by ransomware has more than doubled so far this year compared to the start of 2020. 

A thousand organisations are being targeted a week as gangs grow in number and take advantage of RaaS. As part of the deal RaaS can offer voice-scrambled phone facilities, online communications, a payment portal and the exchange of bitcoin, commonly demanded in ransoms.

…Check Point calls this sequence of events a triple extortion. It first took place in 2020 following a theft of data from a Finnish psychiatric clinic at Vastaamo, whose patients were told they had to pay a ransom to stop their notes going online

The Koch family have just become victims of a high-profile attack as 28% shareholders in Colonial Pipeline, a 5,500-mile connection between Texas and New York.

The cyberattack froze Colonial’s technical systems. It was followed by a $5 million ransom demand from a gang called DarkSide, which hit chemicals group Brenntag shortly before. 

US president Joe Biden has confirmed the launch of a task force against ransomware. In late 2020, US state facilities fell victim to a hack called SolarWinds.  

Darkside is said to have been started by former members of another gang, REvil itself behind a 2020 ransom raid on Apple, as well as Grubman, Shire, Meiselas & Sacks, a legal firm acting for a number of celebrities like Madonna, Lady Gaga and former US president Donald Trump.

REvil was also behind cyberattacks on Harris Federation schools network in March and Acer, a Taiwan tech firm which received a ransom demand for $50 million. Going back to 2020 ransomware hit Norsk Hydro, ENEL and Honda.

REvil’s RaaS is also known as Sodinokibi, part of the GandCrab stable. A rival RaaS system is called Ryuk. 

REvil and DarkSide are said to be located in Russia, given they have not, as yet, targeted organisations in that country. DarkSide went to ground after its attack on Colonial.

Gangs typically demand a ransom by freezing tech systems, and demanding a ransom for a key to unfreeze them. More recently, it threatened to reveal its contents online. Now they are starting to demand ransoms from clients whose details are stored on the systems. 

Check Point calls this sequence of events a triple extortion. 

It first took place in 2020 following a theft of data from a Finnish psychiatric clinic at Vastaamo, whose patients were told they had to pay a ransom to stop their notes going online.

Many of them were wealthy. The affair shocked Finland, not least because the clinic was hacked in 2018 and 2019, and failed to deal with the problem. The clinic is now in liquidation.

Shortly after the Colonial problem, a gang called Babuk demanded $4 million from the Washington DC police department, saying it would publish the identities of informants. 

Average ransom payments were up 171% to $310,000 last year says Palo Alto Networks.

In April, healthcare facilities suffered more attacks than any other sector, with Ireland’s health service suffering a second hit in May. 

According to cybersecurity firm Malwarebytes, healthcare is vulnerable because of patient distractions, exacerbated by Covid-19; a failure to shield small devices, such as the internet of things; a failure to update legacy systems and its lack of backup tech.

Utilities like Colonial were April’s second worst-hit sector, just ahead of lawyers and insurance brokers. The Asia Pacific region tends to be more vulnerable to attack than other regions.

The development of RaaS and triple extortion is a serious development for family offices, including those who rely on third party advisers to keep their data safe. 

Banks tend to be relatively well protected, although this is less likely to be the case at individual branches and ATM facilities, according to cybersecurity firm ThreatLocker, which has recently received seed finance.

But Boston Private says family offices should not be complacent.  Following a 2020 survey of 200 executives last year, it warned that 81% of respondents do not carry out background checks on personnel capable of injecting malware into systems, to make them vulnerable to a ransom.

Around 28% of family offices have not reviewed risks from third-party vendors and 26% have experienced a cyberattack – with two-thirds of them taking place in the last year. 

Boston Private also discovered a high degree of complacency regarding the threat.

Ransomware can be introduced to systems through phishing expeditions according to PwC cybersecurity expert Nick Blaesing, as well as insiders and third-party providers.

There is growing use of secure providers, plus the migration of data to the cloud: “It’s often the case that data will be safer in the cloud than a family office in-house system,” says Blaesing.  

Federal Reserve chairman Jerome Powell is in no doubt of the severity of cyber issues. He recently said: “The risk that we keep our eyes on the most now is cyber risk. That’s really where the risk I would say is now, rather than something that looked like the global financial crisis.”

In his comment column for Bloomberg, historian Niall Ferguson points out that societies have become so reliant on online communication that they have become highly vulnerable to a cyberattack on critical infrastructure. Shorter-term, it could be a bigger risk than climate change.

This suggests that back-up paper documentation may well have its uses.

Subscribe

You will need a Premium Plus Subscription to access this database.

Exclusive news, analysis and research on global family enterprise and private investment offices.

Access to the most comprehensive fully interactive database on global family offices, principal investment offices, and family enterprises.

Check Deal Data, Senior Staff, and New Analysis on more than 500 family/principal investment and holding groups

Already have an account? Login

Subscribe

You need at least a Premium Subscription to read this article.

The most comprehensive information service on the global family enterprise world, featuring exclusive news, analysis, research and data on global family enterprises, family offices, and private investment offices.

Premium

£299

per year

  • Exclusive reports, analysis and commentary
  • Exclusive access to family/private investment office deal information
  • Exclusive interviews with principals and senior management of family/investment offices
SUBSCRIBE NOW

Premium+

£399

per year

  • Access to All of Premium
  • Access to all of FamilyCapital Analytics, our interactive database with more than 500 detailed profiles of family investment groups

More Info

SUBSCRIBE NOW

Already have an account? Login

You've reached the end.

Continue reading free articles by registering as a Member.
Or choose a Premium Plan.

Membership

Free

  • Exclusive reports, analysis and commentary
REGISTER NOW

Premium

£299

per year

  • Exclusive reports, analysis and commentary
  • Exclusive access to family/private investment office deal information
  • Exclusive interviews with principals and senior management of family/investment offices
SUBSCRIBE NOW

Premium+

£399

per year

  • Access to All of Premium
  • Access to all of FamilyCapital Analytics, our interactive database with more than 500 detailed profiles of family investment groups

More Info

SUBSCRIBE NOW

Already have an account? Login

Leave a Reply