Cyberattacks have increased dramatically in recent months, frequently disrupting products and services that are essential to our daily lives. Many of these attacks have made use of ransomware, a set of tools that allows hackers to gain access to computer systems and disrupt or lock them down until they are paid.
Ransomware is not a new threat. However, there is an increasing trend of hackers targeting critical infrastructure and physical business operations, making the attacks more profitable for bad actors and more devastating for victims. With the rise of remote work during the pandemic, significant vulnerabilities have been revealed, making such attacks even easier to carry out.
After declaring 2020 the “worst year ever” for extortion-related cyberattacks, the US Department of Justice established a ransomware task force in April. The problem appears to be escalating: According to a report from cybersecurity firm Check Point Software, the first half of 2021 has already seen a 102 percent increase in ransomware attacks compared to the beginning of last year. That doesn’t even take into account the most recent events, such as a ferry operator in Martha’s Vineyard, Cape Cod, and Nantucket announcing Wednesday that it had been hit by a ransomware attack.
The US government is now stepping up efforts to combat ransomware, but experts warn that without significant cooperation and investment from the private sector, these attacks are likely to persist.
Many people believe that cyberattacks are simply attempts by hackers to steal sensitive data or money online. However, hackers have discovered a lucrative new revenue stream in targeting physical infrastructure.
These attacks have the potential to cause havoc in people’s lives, resulting in product shortages, higher prices, and other consequences. The greater the disruption, the more likely it is that companies will pay to mitigate it. According to experts, both REvil and DarkSide operate what are essentially “ransomware-as-a-service” businesses, employing large teams to create tools to assist others in carrying out ransomware attacks and taking a cut of the profits. They may also carry out their own attacks in some cases. According to cybersecurity experts, Russian law enforcement typically leaves such groups operating within the country alone if their targets are elsewhere because they bring money into the country. To make matters worse, many companies in those industries haven’t traditionally thought of themselves as tech companies, which means their systems may be less sophisticated and more easily compromised, according to Mark Ostrowski, Check Point’s head of engineering.
In recent years, this has become increasingly true. More physical infrastructure has been embedded with connected devices that connect it to a company’s larger network as technology has evolved. Even if a hacker gains access to a company’s network via its email system, they may be able to wreak havoc on the machines in its manufacturing facilities or other areas of the business. The pandemic also increased the number of targets, as hackers looked for ways to profit by attacking critical services.
The targeting of healthcare facilities appears to predate the pandemic — Emsisoft’s previous research revealed that 764 healthcare providers were targeted by ransomware in 2019, though overall attacks tracked by the firm increased in 2020.
Companies, organizations, and government agencies will now need to act quickly to plug potential gaps in their systems, update software, and ensure that their most critical functions are adequately protected from cyberattacks.
President Joe Biden signed an executive order last month requiring companies doing government work to improve their cybersecurity practices — requirements that Congress could extend to other private firms supporting infrastructure and other critical levers of the US economy. Following the JBS and ferry attacks, White House press secretary Jen Psaki stated on Wednesday that the administration is also “building an international coalition to hold countries that harbor ransom actors accountable.”
While system-level upgrades or overhauls may be required at times, Ostrowski believes the risk is often determined by individual behavior. The majority of ransomware is distributed via phishing attacks, in which users are duped into clicking a link in an email that grants the hackers complete access to their system.
Many companies in healthcare, food, and energy have few, if any, executives or board members with the technical background or know-how needed to help mitigate cyber risks, which must change as bad actors become more sophisticated.