(Expansion) – On Friday, May 28, various media addressed the news with headlines of “Hackers attack the National Lottery” and several similar ones. The truth is that these media have no idea of the difference between a hacker and a cybercriminal; the first is a specialist, the second is the correct term for the case and adapts to different contexts when talking about affectations and illicit acts carried out, they must stop stereotyping and misusing the term hacker.
Now, let’s get down to business. A group of cybercriminals identified as #Avaddon who is in charge of encrypting equipment, systems in exchange for an economic amount usually drawn in cryptocurrencies -the latter are preferred thanks to the greater percentage of difficulty in traceability they offer-, attacked the National Lottery and with this, it not only required a ransom for its ransomware-type malware attack, but also leaked information related to various contracts and way of operating as a government party.
From here we should be concerned about various issues, since many government agencies have left their cybersecurity aside, as a result of the austerity guidelines, which undoubtedly leave vulnerabilities exposed as a result of the budget deficiency for the operation, added to the arrival of people imposed with the presidential finger or those of friendly secretaries who are owed favors, ignorance of the technological areas in government is a crass error that costs dearly.
There may not be money to improve the technological infrastructure or really have prepared personnel, but there will be to pay for those ransoms from cybercriminals.
It is not the first time that a ransomware attack attacks in this way, let us remember in 2019 the case that was obfuscated about Pemex and #DoppelPaymer, or more recently they are for sale in a forum of leaks, databases and sale of malware, access to Pemex’s SCADA system and even worse, to our beloved CDMX.
The concern may be greater if we realize that we have users whose lack of digital knowledge facilitate the work of cybercriminals, since several ransomware begin with opening an email, downloading a file and executing it, then lose control and spread through the network of the organization and / or company.
Many digital attacks can be prevented by making users aware, preparing, teaching and guiding them to identify digital risks from the first moment of infection that could be through the internal network.
Cybersecurity does not require austerity, as well as the amplification of efforts so that the subject has relevance for the user and not only for the IT departments, ransomware is the king of recent threats and the economic part of profits that cybercriminals have makes that it becomes more dangerous, by shocking the user, companies and, in the cases mentioned, governments.
Minimizing and even worse normalizing digital incidents and effects due to the fact of not seeing material or tangible damage in the physical world is a huge mistake, let us remember that in this environment where we coexist with ICT every day, greater importance is required and leave in of course our digital identity has value.
The event experienced with Lotenal should make it clear to us that greater relevance to the issue and zero austerity for security are required. Government exposure is a reality in the face of cyber attacks, if we continue without changing the “chip” of importance and investment for protection and cybersecurity, the scenarios will one day be uncontrollable and chaotic, we will not only affect economically, but also human lives .
Editor’s note: Carlos Ramírez Castañeda is a specialist and passionate about Computer Law, particularly in the areas of Cybersecurity, Cybercrime, and Cyberterrorism. He has a Master in Law of New Information and Communication Technologies from Santiago de Compostela Spain, Doctor in Administration and Public Policies of Mexico. He is a collaborator of various academic and governmental institutions, a professional always interested in cyber prevention issues, particularly with vulnerable sectors. Follow him on Twitter like. The opinions published in this column belong exclusively to the author.