Holding to ransom
Malicious cyber actors plague businesses and government agencies by infiltrating networks, encrypting online data, and holding it to ransom.
Ransomware is now a major criminal phenomenon, and according to many IT industry and government leaders, it’s a potential US national security threat. In its 2021 annual report on ransomware, Sophos, a prominent cybersecurity firm, found that over one-third of the more than 5,000 global companies said they were hit by ransomware in 2020. India, Austria, and the United States had the highest rate of targeting (and in that order). Blackfog cybersecurity researchers also list the United States, United Kingdom, and Canada as the top three targets of ransomware. And the impact is expensive: ransomware will cost its victims more around USD 265 billion annually by 2031.
Aside from financial gains and geo-political motivations, ransomware attacks can also be a test of the victim nation’s cyber defenses and responses. The May 2021 hack of Colonial Pipeline, which supplies almost half of all transportation fuels to the eastern US, halted operations for several days, causing gasoline shortages and panic-buying across multiple US states. Similarly, a ransomware attack on Ireland’s national healthcare system shut down its computer networks and disrupted medical service delivery for several months.
Changing forms of ransomware
The gist: ransomware creators license their malicious code to affiliates for a percentage of the illicit proceeds. Other cohorts gain access to victim networks, negotiate payments, and launder the proceeds when ransoms are paid.
Ransomware campaigns often target deep-pocketed enterprise victims in critical sectors such as healthcare, logistics, and local government that can’t afford to stop operating – even for a few days. Guided by human operators instead of the earlier malware-driven attack through spam emails, these are more difficult to detect and stop. Initial access to victim’s networks might be through sophisticated spear phishing, unprotected remote desktop ports, or vulnerabilities in internet-facing servers. Once inside, malicious actors carefully map networks, identify key databases, steal files, and encrypt them. Then they deliver ransom demands.
The growth of crypto currencies, like bitcoin and the private, untraceable Monero, contribute to ransomware’s spread because they provide a secure exchange and payment medium that often can’t be tracked.
Educational institutions and entities backed by private, government, and public funds form an easy and obvious target for cyber actors. Financial institutions, automobile manufacturers, engineering, and chemical firms as well as organizations that deliver key services like water and electricity also rank high on attackers’ lists.
Victim organizations are susceptible to criminal leverage, such as valuable customer data, which on disclosure would result in serious financial consequences. For example, victim organizations are more likely to pay if they must adhere to the European Union’s GDPR or China’s new personal data privacy law because they would incur steep fines upon violation. Class-action lawsuits against companies that lose control of customer data introduces another hacker incentive.
Cyber criminals also seek out victims who are technically vulnerable. Ransomware groups are an increased threat to organizations with lax network defenses, out-of-date or unpatched software, weak or nonexistent data backup, and poor staff security practices. (Yes, this is one reason why you must change your password at regular intervals).