Recent high-profile “ransomware” attacks on the world’s largest meat-packing company and the largest US fuel pipeline have underscored how gangs of extortionate hackers can disrupt the economy and threaten lives and livelihoods. can put.
Recently known targets include the Massachusetts ferry operator, the Irish Health System and the Washington, DC, Police Department. But a massively disruptive hack on the colonial pipeline in the US in May and Brazilian meat processor JBS SA this week has caught the attention of the White House and other world leaders, as well as investigations into foreign safe havens of cybercriminal mafias.
What is ransomware? how does it work?
Ransomware scans the target organization’s data with encryption. Criminals leave instructions on infected computers to pay the ransom. Once paid, they provide decryption keys to unlock those files.
Ransomware crooks have also spread to data-theft blackmail. Before triggering the encryption, they silently copy sensitive files and threaten to post them publicly unless they receive their ransom payment. It could also present problems for companies that diligently back up their networks as a defense against ransomware, as refusing to pay could cost them far more than the ransom they negotiated.
How do ransomware gangs work?
Some of the top ransomware criminals liken themselves to software service professionals. They pride themselves on their “customer service”, providing “help desks” that help victims with payment in file decryption. And they tend to have their say. After all, they have brands to protect.
The business is now highly specialized. An affiliate will identify, map, and infect targets using ransomware that is typically “rented” from a ransomware-as-a-service provider. the provider receives a cut in the payment; The affiliate normally takes over three-quarters.
Other subcontractors may also receive a piece. These could include authors of malware used to break into victim networks and people running so-called “bulletproof domains,” behind which ransomware gangs hide their “command-and-control” servers. They manage remote sowing of malware and data extraction prior to server activation, a covert process that can take weeks.
Why does the ransom keep going up? How can they be stopped?
Colonial Pipeline confirmed that it paid $4.4 million to a gang of hackers who broke into their computer systems last month.
The FBI discourages ransom payments, but a public-private task force including tech companies and US, British and Canadian crime agencies says it would be wrong to try to ban ransom payments altogether. This is largely because “ransomware attackers continue to find areas and elements of society that are badly prepared for this style of attack.”
The task force recognizes that paying for the aggrieved business may be the only way to avoid bankruptcy. Even worse, sophisticated cybercriminals often do their research and know the victim’s cybersecurity insurance coverage limits. They are known to mention it in conversation.
According to task force member Palo Alto Networks, that degree of criminal knowledgeable helped average ransom payments of more than $310,000 last year, up 171% from 2019.
What is being done about it?
President Joe Biden signed an executive order in May aimed at bolstering US cybersecurity protections, mostly in response to the hacking of Russia’s federal agencies and interference in US politics. But headline-grabbing ransomware attacks on private companies have begun to dominate the cybersecurity conversation as Biden prepares for a June 16 summit with his Russian counterpart Vladimir Putin.
Carine Jean-Pierre, the White House’s chief deputy press secretary, said this week that the ransom demand for JBS meat came from “a criminal organization based in Russia”. She said the White House is “connecting directly with the Russian government” and “is sending out the message that responsible states do not harbor ransomware criminals.”
The new industry task force set up to combat ransomware says it’s important to have solid diplomatic, legal and law enforcement cooperation with key partners.
Ransomware developers and their allies should be named and shamed – although they are not always easy to identify – and regimes that enable them to be punished with sanctions, its report urged.
It calls for the payment of the ransom and the mandatory disclosure of a federal “response fund” to provide financial assistance to victims, in the hope that, in many cases, it will prevent them from paying the ransom. And it wants tighter regulation of cryptocurrency markets to make it more difficult for criminals to generate ransomware income.
The task force also calls for something potentially controversial: to amend the US Computer Fraud and Abuse Act to allow private industry to actively block or limit online criminal activity, including botnets, networks of hijacked zombie computers. Which ransomware criminals use to sow the infection.
Associated Press reporter Matt O’Brien contributed to this report.