The longer an attacker is on your estate, the more knowledge they gain of your business and its practices, including which assets are of the most value from a financial point of view so that they can hit you harder. Many attackers, especially state-sponsored groups which are becoming more common in today’s digitally oriented world, lurk on estates for years, gaining full access to business practices and long-term strategic plans. Back in 2012, for example, a state-sponsored cyberattack group targeted several key industries globally, with a specific focus on cyberespionage where English was the primary language.
The United States Department of Justice brought charges against members of the group for this, stating that the perpetrators stole trade secrets that would have been particularly beneficial to their country’s companies at the time they were stolen. One of their targets, SolarWorld, was the world leader in solar panel production at the time, turning over €750 million a year. The company held key contracts and intellectual property and was well positioned to take advantage of a rapidly growing industry with global demand. The effect of the cyber-attack compromise was profound though. As the Director of Strategic Affairs for Solar-World was quoted at the time: “There were thousands of emails exfiltrated, many with sensitive data that would pose to serve all kinds of unfair advantages.” Those unfair advantages included intellectual property, sensitive pricing information, and even ways for the attacking country’s competitors to bypass United States-based regulations in flooding the market. In August 2017, Solar-World was officially declared bankrupt with the attack in 2012 bringing the company to a swift end. There are now the start-up companies that have cemented their place as the world’s leading solar organisations, smashing their 2020 solar targets three years ahead of schedule.
Another example is EDP Renewables North America which disclosed a cyberattack in which ransomware landed on the parent company Energias de Portugal (EDP)’s systems, potentially leading to information exposure. The firm delivers energy to over 11 million customers and operates in 19 countries. The ransomware in question used in the attack appears to have been Ragnar Locker, of which the operators are known for targeting corporate entities rather than the general public.
In this case, the ransomware note demanded 1580 Bitcoin, or roughly $10 million. The cyber-attackers warned EDP that over 10TB of information had been taken from impacted systems, and as proof, the group was willing to decrypt some files for free. If the company refused to bow to the blackmail demand, the malware’s operators threatened to make the data public or sell “sensitive and confidential information about your transactions, billing, contracts, clients, and partners.”