Most ransomware attacks still come from Russia, China, and North Korea, says VMware exec

Since 2015, the number of ransomware attacks multiplied by 15 and since 2018 companies and private individuals paid $1.8 billion to attackers, according to Shlomi Aviv, the Israel country manager for Dell Technologies subsidiary VMware Inc.

Aviv spoke Sunday with CTech’s Editor in Chief Elihay Vidal, as part of Calcalist’s online convention on cybersecurity.

“We detect over 1 million attacks a day, most of them originating from Russia, China, and North Korea,” Aviv said. “The attackers target every sector, including health, industrial production, and financial institutions," he said, adding that "no one is immune."

According to Aviv, with a sharp increase in the amount of data transferred on the web—partly as a result of remote work from home due to the coronavirus (Covid-19) outbreak—there are three main targets for cyberattacks: countries, financial institutions, and political organizations.

The purpose of cyberattacks against entities such as an Israeli water salination plant or a port in Iran is both to project a political threat against the attacked country and to steal sensitive intelligence information, Aviv said. When a country launches a cyberattack it spends a lot of time and money in planning and leaving no traces, making it extremely hard to detect, he added.

Cyberattacks against financial institutions, Aviv said, are mostly meant to extort money. Cybercriminals take advantage of the fact that these organizations are often ill-prepared for a ransomware attack and charge them extensively for the release of their data, he explained.

On the political front, Aviv said, attacks target a party’s database—the way it happened in the U.S.—in order to undermine the political stability of a certain area or affect the results of an election.

"Cybersecurity is inseparable from a viable business strategy,” Aviv said, “whether we are talking about a private or hybrid cloud, a multi-cloud environment, or an internet-of-things (IoT) network.” Apps are an indispensable part of our business activity and, as such, need to be under heavy security, he added.