Information Security
International workshop on fighting ransomware at Criminal Intelligence Service Austria (BK)
On 6 June 2024, the BK’s Cybercrime Competence Center (C4) hosted the Western Balkans Outreach Workshop in Vienna as part of the International Counter Ransomware Initiative (CRI). The workshop was aimed at involving the Western Balkan countries in the international initiative to combat ransomware.
Ransomware has become one of the most important tools of cybercriminals in recent years. This type of malware encrypts user data and demands a ransom, usually bitcoins, for the decryption of the data. The risk of losing personal data as well as backups to malware is still very high. Meanwhile, numerous variants are in circulation, featuring various distribution channels and encryption algorithms.
"Ransomware is a global challenge that we need to tackle at an international level," explained BK Director Andreas Holzer at the opening of the workshop. "We need to network, exchange information and learn from each other. Only together can we take sustained action against ransomware attacks and, in the best-case scenario, prevent them altogether."
Counter Ransomware Initiative (CRI)
The CRI was established on the initiative of the USA to combat ransomware internationally. The first summit was held in October 2021, with further meetings following in 2022 and 2023. Participating countries: Australia, Austria, Belgium, Brazil, Bulgaria, Canada, Croatia, Czech Republic, Dominican Republic, Estonia, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, Netherlands, New Zealand, Nigeria, Norway, Poland, Romania, Singapore, South Africa, South Korea, Spain, Switzerland, USA, Ukraine, United Arab Emirates and the United Kingdom.
The initiative comprises five working groups and aims to create an international task force characterised by close cooperation with coordinated measures and a rapid exchange of information.
Getting the Western Balkans on board
As the Western Balkan states are not yet involved in the CRI, it was decided to organise an international workshop in Vienna during last year’s visit of the BK Director to Washington. The intention is to familiarise the Western Balkan states with the initiative, explain associated benefits and encourage representatives of the respective states to join the initiative.
Attendants will include both diplomatic representatives and experts from Albania, Bosnia and Herzegovina, Kosovo, Montenegro, North Macedonia and Serbia, as well as representatives from Austria, the Czech Republic, Slovakia, Italy, Greece, Slovenia, Croatia, the USA and INTERPOL.
Situation in Austria
In Austria, attackers particularly target small and medium-sized businesses (SMBs), which means that the risk potential for the corporate landscape remains high. The criminals demand a ransom that is commensurate with the financial strength of the business and its existing IT infrastructure and backup solutions. In order to put pressure on the victims, the criminals threaten to leak data from the business to the public.
Sources of ransomware
The most common infection sources still include remote access, which businesses often require for remote maintenance and data delivery, emails with malicious file attachments or links via which malware is downloaded, and drive-by downloads or malvertising.
Tips on how to prevent ransomware attacks
• Find a backup strategy that suits you
• Be careful when opening file attachments and links, even if they originate from a known sender. In case of doubt, never open such files or links.
• Only activate macros in MS Office documents when necessary.
• Make the operating systems show file extensions.
• Use individual log-in data for remote access to your computer. Avoid standard user names such as admin and guest, and rather use complex passwords.
• Don’t forget to update your programs regularly, and use an up-to-date antivirus software.