In recent weeks, high-profile “ransomware” attacks have gained the attention of most Americans, as both a the Colonial fuel pipeline and JBS SA meat-processing company were extorted by hackers. The fuel pipeline attack caused immediate response from consumers who immediately made a run on gas stations , causing shortages even though the network was restored within days. Both attacks, however, highlighted the dependence that Americans have on these supply chains – and how easily lives and economies can be thrown into chaos. Other recent signficant attacks include a Massachusetts ferry operator, the Irish health system and the Washington, D.C., police department.
In 2020, ransomware criminals struck more than 100 federal, state and municipal agencies in the United States. They also targeted 500 health care centers, 1,680 educational institutions and thousands of independent businesses. Financial losses reached tens of billions of dollars by the best estimates.
Ransomware Defined
Ransomware infects and sabotages a company’s computer network, encrypting its data and holding it “hostage” in exchange for a ransom payment. If the business pays up, it is provided with a decryption key to unlock their files.
Some more sophisticated ransomware criminals have broadened their horizons into data-theft blackmail. Before triggering encryption, they discreetly make copies of sensitive files and threaten to make them public unless a ransom is paid. Therefore, even if a business is diligent in backing up their network, they are still vulnerable to paying ransoms to prevent private or confidential data exposure.
The crime syndicates which are behind the ransomware attacks were virtually unheard of 5 years ago, but now represent the significant portion of cyber criminality. They look for new recruits on dark web forums while disguising their identities. The use hi-tech tools and cryptocurrencies like Bitcoin to make their money laundering more difficult to track.
Oddly enough, ransomware criminals seem to operate under a sort of “honor code.” They take pride in helping the victim company to make their payment, providing a “help desk” type of service and holding to their word if the payment is made.
The ransomware business has become highly specialized and operate within an organizational structure. An affiliate will identify their target, set up a strategy and implement the attack while utilizing a ransomware software that is “rented” from a ransomware-as-a-service provider. Both parties share in the spoils, with those carrying out the attack getting the larger share of the payout.
Ransom Costs are Likely to Rise
Colonial Pipeline confirmed its payout of $4.4 million to the hacker syndicate that infected its computer network in May.
While the FBI discourages the payment of ransom to these groups, national crime agencies say it would be difficult to attempt to ban ransom payments outright. The primary reason is that no matter how many larger companies can learn to withstand an attack without paying, criminals will continue to identify sectors of society that are completely unprepared for a ransomware attack.
Experts recognize that paying the ransom may be the only way for an targeted business to prevent having to face bankruptcy. Even worse, professional and sophisticated cybercriminals are aware of a victim’s cybersecurity insurance coverage limit, and will often incorporate that amount into ransom negotiations. That level of skill allowed a steep increase in recent ransom demands, which were up 171%
from 2019 to 2020 alone.
Did You Know? The average ransomware payment was $310,000 in 2020. Most companies feel that making the payment is less financially catastrophic than trying to fight the cyber criminals.
In May, an executive order was signed to strengthen U.S. cybersecurity defenses. The order calls for mandatory disclosure of ransom payments and a federal “response fund” to provide financial assistance to victims.
One of the benefits of working with a managed services firm is that we have a deep bench of expertise, well-trained in monitoring and preventing against cyber attack. If you would like more information as to how you can protect your company and data, call Alliance IT today.