Cybercriminals are becoming more sophisticated and brazen in their ransomware attacks, which are causing computer systems at school districts, major universities, police departments, and hospitals to freeze. The US government is now stepping up its efforts to combat computer crime.
The White House hosted an international counter-ransomware event earlier this week. Representatives from more than 30 countries, including major US allies such as the United Kingdom, Canada, and Japan, took part in the virtual gathering. Russia, which the US and other countries blame for harboring and possibly encouraging the terrorists, is conspicuously absent.
The high-level government focus on ransomware demonstrates its expanding reach. Ransomware, which was once nothing more than garbage malware locking up the hard drives of the tech-illiterate or small businesses running out-of-date versions of Windows, has evolved into a global digital scourge. Earlier this year, cybercriminals targeted a major oil pipeline and one of the world’s largest meat processors, demanding millions of dollars in ransom.
For weeks, the attacks on Colonial Pipeline and JBS USA Holdings dominated the news. They also signaled a nefarious rise in cybercriminals’ ambitions and drew the attention of government officials and cybersecurity experts. The total amount paid by ransomware victims more than tripled in 2020, reaching nearly $350 million, according to a report from the Institute for Security and Technology’s ransomware task force.
Colonial Pipeline and JBS both paid millions of dollars in ransom. The FBI was successful in recovering approximately $2.3 million of the $4.4 million paid by Colonial. Both ransoms were paid in bitcoin, a well-known cryptocurrency.
Both attacks caused temporary disruptions, raising the prices of gasoline and meat as companies lost control of their supplies.
Earlier attacks, according to Wisniewski, would target a dozen or so different entities. They did not, however, garner the same level of national attention because they were separate, smaller attacks.
Cybercriminals were also not as skilled by today’s standards. They purchased the malware online and distributed it without doing much research on their targets. Companies would frequently pay the ransom, keep things quiet, and move on.
This began to change a few years ago. As malware became more sophisticated, cybercriminals began hacking into a company’s financial records in order to determine how much money the company could likely pay. Ransoms are now frequently in the millions of dollars. And other attack-related costs far outweigh the actual ransom. Even if a company pays and has its data restored, it still has to bring in experts to rebuild its systems and confirm they’re no longer compromised.
It can be difficult for a company to determine how much cybersecurity it should install. Despite the fact that JBS is a large corporation, many experts did not previously consider it an obvious target for a cyberattack.
While admitting in a June statement that it did pay the equivalent of $11 million in ransom, JBS said it was able to “quickly resolve” the issues caused by the attack due to its “cybersecurity protocols, redundant systems, and encrypted backup servers,” adding that it spends $200 million on IT each year and employs more than 850 IT professionals worldwide. According to David Cowen, managing director of US Cyber Security Services at professional services firm KPMG, even small businesses should follow best practices to reduce the likelihood of a cyberattack or the fallout from one. And these practices can be as simple as requiring employees to use strong passwords when accessing systems and to always use two-factor authentication.
A recently introduced Senate bill would require critical infrastructure owners and operators, such as Colonial Pipeline, to report cyberattacks within three days of their discovery. Furthermore, nonprofits, businesses with more than 50 employees, and state and local governments would be required to notify the federal government of any ransom payments within 24 hours.
Meanwhile, the Treasury Department has announced that cryptocurrency exchanges, insurance companies, and financial institutions that facilitate ransomware payments will face sanctions. It also stated that it would take legal action against the virtual currency exchange SUEX OTC for allegedly facilitating ransomware payments.
The cybersecurity researcher, Wisniewski, likes the idea but wonders how much good it will do if the government does not take action against the countries behind the exchanges and financial institutions.