Ransomware Is Now a Flat-Out Red Alert


Posted on by Robert Ackerman Jr.

As we move into the third quarter of 2021, the trend is brutally obvious and increasingly alarming: Ransomware attacks are everywhere, and the victims are becoming bigger and bigger, with some attacks now impacting as many as tens of millions of Americans.

And effective solutions, while seemingly plausible, will almost certainly be difficult to execute, leaving America in such a bind that FBI Director Christopher Wray last month compared the current spate of ransomware attacks with the challenge posed by the September 11 terrorist attacks. These toppled the twin towers of the World Trade Center in New York, costing nearly 3,000 lives and sparking the US war in Afghanistan.

“There are a lot of parallels … and a lot of focus by us now on disruption and prevention,” Wray recently said about ransomware in a Wall Street Journal interview. The Biden administration also recently characterized ransomware as an urgent national security threat.

In May, a major American gasoline and jet fuel pipeline was struck by hackers, shortchanging nearly half of the gas stations in the eastern part of the country and stopped only by an initial $4.4 million ransomware payment. Only weeks later, a cyberattack hit the world’s largest meat supplier.

What’s next? Criminals have already successfully targeted hospitals, US cities and schools, the New York subway system, even the military. At the end of 2019, a ransomware attack forced a Coast Guard facility offline for more than 30 hours, interrupting cameras, door access control systems and critical monitoring systems at the site.

Nobody needs to tell companies that ransomware will get worse before things get better, assuming they do. As just one example of the breadth of threats, agriculture giant Archer-Daniels-Midland Company (ADM), one of the world’s largest crop traders and processors, announced in June that it’s shoring up defenses against what it views as inevitable ransomware and other cyberattacks.

ADM knows there was a six-fold increase in data breaches in 2020 among US agricultural companies in comparison with 2019, and that another increase is expected this year, according to risk consulting firm Kroll LLC. It also took note in late May of a ransomware attack on meatpacking giant JBS SA, which temporarily shut beef, pork and poultry plants across the United States, Canada and Australia.

In fact, ransomware has been a sizable business for years, partly due to American inaction. It started becoming problematic at the tail end of the Obama administration, which approached the issue as part of its overall cybercrime response. This involved putting agents on the ground worldwide to score tactical wins in countries that were otherwise uncooperative. But defense against overseas-based attacks became less important to the Trump administration. Little was done to address attacks against cities and oil pipelines, among others, and the problem was largely ignored by most Americans.

Fortunately, the Biden administration, in contrast, has started formulating the biggest effort yet to try to tackle the problem. President Biden recently and sternly told Russian President Vladimir Putin in a meeting that attacks emanating in Russia, believed to be the biggest single source, must stop or consequences will ensue.

Putin denied involvement, but, regardless, the problem is far more expansive than merely the relationship between two countries.

Ransomware gangs started their attacks indiscriminately, infecting vulnerable targets without much attention to the business they were in. Today, operations are far more sophisticated, and the payouts much higher. Ransomware gangs expressly go “big game hunting” and seek out huge targets in a position to pay huge, largely Bitcoin-protected ransoms.

In addition, ransomware gangs are getting more cutthroat in their pursuit of profit. Increasingly, it’s no longer enough to bust into computer systems and encrypt the data, rendering it useless. Hackers now are also stealing some of the data, also sensitive or embarrassing information, and threatening to reveal it. 

Gangs typically get away with attacks because workers usually work from countries, including Russia, in which they can avoid prosecution. In the case of Russia, it’s not merely a matter of Moscow directing hackers, which, in fact, is not necessarily the case. The real problem is the Kremlin’s tolerance of cybercriminals and possibly direct operation with them in some cases.

What can be done to stop these attacks?

For starters, organizations need to determine how to improve their own security. Even getting the basics right can defer attacks. The software industry also must be compelled to do a better job of building secure software, notwithstanding enormous competitive pressure to introduce products as quickly as possible and the reality that companies customize integrate software in multiple ways, making it harder yet to enhance security.

On another front, there is growing talk about making it illegal for companies to pay ransoms. Conceivably, such a law, simply by being passed, could discourage some ransomware attacks. On the other hand, the response by hackers could be devastating, costing victims huge sums to fix the problem and substantial downtime. In some cases, such as attacks against hospitals, refusal to pay could threaten lives.

Another possible step in the right direction is finding ways to claw back ransomware payments from hackers, as the FBI recently did in the aftermath of the Colonial Pipeline attack. It usurped much of the money from a Bitcoin payment, the preferred ransomware exchange method. This may not be all that hopeful, though, because some hackers are starting to rely instead on Monero, a more anonymous digital currency. “With Monero, authorities can’t track a blockchain the way they can with Bitcoin,” says Karim Hijazi, the CEO of Texas-based cybersecurity firm Prevailion.

Brighter possibilities are probably the fresh anti-ransomware efforts at The White House. And, as it turns out, not all former Soviet republics are totally immune to prosecution. Last month, police in Ukraine arrested members of a major ransomware gang known as CLOP. This marked the first time a law enforcement agency has announced a mass arrest of a prolific hacker group that had extorted Americans, including a number of US universities. 

This, of course, is only a start. What is ultimately needed is a global partnership between countries and companies to take on ransomware head-on with a multiplicity of tactics. Let’s hope this scenario quickly becomes a reality.

Contributors
Robert Ackerman Jr.

Founder and Managing Director, AllegisCyber

Hackers & Threats

hackers & threats ransomware

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community