Ransomware attacks are about to get worse. But there are ways to stop them

Ransomware attacks are about to get worse. But there are ways to stop them

Posted: Sep 13, 2021 12:10 PM
Updated: Sep 13, 2021 12:10 PM

The September 11 attacks demonstrated, with horrifying clarity, the outsize power individuals have to wreak havoc on an open society. Since that awful day, the spread of technology and our solidifying interconnectedness have increasingly placed the capacity for disruption and harm in the hands of not just states, but of individuals all over the globe. This trend has been called the democratization of violence, and it describes literal, kinetic violence (think bioweapons cooked up in a kitchen and mini-drones weaponized in a garage) and less physical but still devastating cyberattacks.

These threats will continue to grow in the months and years ahead because cyberattacks of all kinds are relatively cheap and can be launched at scale. Now, American industry and government must work more closely together to buttress the defenses necessary to thwart these attacks.

Ransomware is the latest example of the "democratization of violence" trend. In a ransomware attack, a bad actor accesses a victim's computer system, uses malware to encrypt the system's data, and only decrypts it if the victim pays a ransom, usually in Bitcoin because it is difficult to trace. Anyone with an internet connection — from nation-states to criminals to terrorists — with minimal skills and malevolent intentions can now launch these attacks thanks to the advent of "ransomware as a service." In this business model, ransomware developers lease pre-made malware to anyone who pays, and the developer gets a cut of the ransom payments.

Ransomware extortions have become a self-sustaining ecosystem of criminality. It is a thriving business because most victims are willing to pay relatively modest ransoms, which then fund further attacks. Paying a ransom may incentivize bad behavior, but a victimized company usually (and understandably) just wants its data back as quickly as possible.

Hackers are most often after money, but attacks can also destabilize the US economy, whether intentional or not. For example, in May 2021, a hacking group called DarkSide launched a ransomware attack against Colonial Pipeline, one of the largest fuel pipelines in the United States, forcing a shutdown of its fuel distribution operations across several states. Consider what kind of physical assault it would have required 20 years ago, in a pre-cyber era, to set off a wave of gas shortages across the eastern part of the country.

The scale and impact of these attacks have exploded in recent years. According to one estimate, ransomware will cost the global economy approximately $20 billion in 2021, a 57-fold increase from 2015. Everyone is vulnerable.

In short, America's cybersecurity system is blinking red. President Biden signed an executive order back in May that requires software sold to the government to meet baseline security standards, demands federal contractors swiftly report cyber incidents, and creates a National Transportation Safety Board-like government entity to review major breaches.

The White House is also calling on the private sector to do more to address cybersecurity, what President Biden called a "core national security challenge" during a recent meeting with tech titans. The administration subsequently announced a number of government and private sector initiatives, including a collaboration to develop a new framework to improve the security of the technology supply chain, increased efforts to train a diverse cybersecurity workforce, and the expansion of an Industrial Control Systems Cybersecurity Initiative from electric utilities to natural gas pipelines, among others.

These are all welcome moves, but there is much more the government and industry can do:

First, the government should act where businesses cannot and take all actions within its power to disrupt the ransomware activities of foreign states and their criminal gangs. That means employing diplomatic pressure, tying progress on taking ransomware groups offline to sanctions relief to the countries where the groups reside, indicting bad actors overseas, extraditing and prosecuting them, and (potentially) taking offensive cyber action against ransomware groups.

Second, the Biden administration should incentivize companies to prepare for ransomware by setting out specific guidelines for what businesses should do to prepare for and respond to ransomware attacks. Right now, the government speaks out of both sides of its mouth. Its official position is that companies should not pay ransoms, but it recognizes that it is often in the company's — and the public's — best interest to pay. The FBI urges victims to coordinate with law enforcement about ransomware incidents and to share if ransom has been paid, and through what Bitcoin address.

This ambiguity makes it harder for businesses to manage ransomware risks because they are unsure what steps they should take to navigate these issues, and it leaves them open to post-ransomware litigation. Indeed, Colonial Pipeline was hit by at least two lawsuits after it was victimized. If the administration doesn't establish such standards now, it will be left to the courts to do so as they resolve these types of suits.

Third, the government should work with companies that are victims of ransomware attacks to recover cryptocurrency paid to hackers, thus interrupting the cycles that fund future attacks. Notably, the FBI worked with Colonial Pipeline to seize over $2 million of Bitcoin paid to the hackers, in a promising sign of what may come from the Department of Justice's recently established Ransomware and Digital Extortion Task Force. As the Deputy Attorney General Lisa Monaco said, "Following the money remains one of the most basic, yet powerful tools we have."

None of these actions will eradicate the business risks of ransomware, but they can help counter the democratization of violence with a culture of common defense.

The-CNN-Wire
™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.

Terre Haute
Cloudy
53° wxIcon
Hi: 73° Lo: 44°
Feels Like: 53°
Robinson
Cloudy
52° wxIcon
Hi: 61° Lo: 45°
Feels Like: 52°
Indianapolis
Cloudy
51° wxIcon
Hi: 67° Lo: 48°
Feels Like: 51°
Rockville
Cloudy
51° wxIcon
Hi: 69° Lo: 45°
Feels Like: 51°
Casey
Cloudy
53° wxIcon
Hi: 59° Lo: 46°
Feels Like: 53°
Brazil
Cloudy
53° wxIcon
Hi: 72° Lo: 45°
Feels Like: 53°
Marshall
Cloudy
53° wxIcon
Hi: 60° Lo: 44°
Feels Like: 53°
Rain & Storms Developing
WTHI Planner
WTHI Temps
WTHI Radar

WTHI Events

 

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Cases: 1680908

Reported Deaths: 28023
CountyCasesDeaths
Cook63626111214
DuPage1086211379
Will915681128
Lake802871090
Kane68604874
Winnebago41222561
Madison40178598
St. Clair36326599
McHenry34856331
Champaign27087197
Peoria26991368
Sangamon25818287
McLean23073220
Tazewell20689331
Rock Island18919362
Kankakee17959249
Kendall16268114
Macon15344252
LaSalle15078287
Vermilion14453201
Adams13188152
DeKalb12201134
Williamson12091175
Whiteside8328183
Jackson810494
Boone796583
Coles7918125
Ogle759290
Grundy741386
Franklin7339115
Knox7321169
Clinton7136102
Macoupin6988106
Marion6935144
Henry666177
Effingham6639100
Jefferson6573143
Livingston599498
Stephenson587893
Woodford578492
Randolph5563100
Christian536682
Fulton527977
Monroe5258103
Morgan5088100
Logan495675
Montgomery492882
Lee479760
Bureau444291
Saline436169
Perry433975
Fayette432464
Iroquois422577
McDonough374861
Shelby349848
Jersey336953
Lawrence335533
Crawford333730
Douglas328437
Union307748
Wayne304863
White280833
Richland280157
Hancock274435
Clark266940
Cass266531
Pike265658
Edgar260649
Clay259854
Bond257525
Ford246059
Warren244866
Carroll237138
Moultrie236333
Johnson229732
Wabash217319
Jo Daviess216629
Massac216551
Mason214452
Washington212928
De Witt206530
Greene205640
Mercer205036
Piatt202814
Cumberland190126
Menard172513
Jasper161621
Marshall141721
Hamilton134222
Schuyler108810
Brown106610
Pulaski104612
Edwards104118
Stark81828
Gallatin7939
Alexander73212
Scott7126
Henderson70914
Calhoun6932
Hardin60916
Putnam5674
Pope5566
Unassigned1342433
Out of IL140

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Cases: 1007681

Reported Deaths: 16470
CountyCasesDeaths
Marion1355212121
Lake664101166
Allen57993801
Hamilton46350465
St. Joseph44397615
Elkhart35949510
Vanderburgh32251480
Tippecanoe27933260
Johnson25107445
Hendricks23897359
Porter22929365
Madison18748409
Clark18557252
Vigo17479303
Monroe15263200
LaPorte15173250
Delaware15073263
Howard14748290
Kosciusko12348148
Hancock11728176
Bartholomew11639180
Warrick11292189
Floyd11108215
Wayne10986253
Grant10082220
Morgan9472176
Boone8926115
Dubois8271131
Henry8229152
Dearborn822393
Noble8031106
Marshall7939135
Cass7546121
Lawrence7457171
Shelby7189119
Jackson698289
Gibson6597115
Harrison649192
Knox6421106
Huntington6395100
DeKalb632399
Montgomery6264111
Miami593398
Putnam581278
Clinton576171
Whitley565755
Steuben562576
Wabash5332104
Jasper532079
Jefferson511297
Ripley500586
Adams482576
Daviess4677114
Scott438974
Greene425196
Wells424888
Clay423360
White418764
Decatur4169102
Fayette406587
Jennings387361
Posey376644
Washington359151
LaGrange359078
Randolph3452100
Spencer340243
Fountain335760
Sullivan329452
Starke317171
Owen314771
Fulton312667
Orange293664
Jay284645
Franklin265643
Perry265452
Rush262432
Carroll261934
Vermillion258654
Parke231426
Pike229243
Tipton228159
Blackford193142
Pulaski183757
Crawford159823
Newton158348
Benton150617
Brown146747
Martin138719
Switzerland135011
Warren121116
Union107016
Ohio84613
Unassigned0540