Francois Picard / AFP via Getty Images
Last year, the United States suffered 65,000 ransomware attacks – or more than seven hours. And it will probably get worse.
What was once seen as a nuisance is fast becoming a national security issue, as cybercriminals target key parts of the country’s infrastructure. The recent attack on the colonial pipeline caused panic in the purchase, which emptied many gas stations in the southeast, while another attack on JBS raised concerns about the domestic supply of beef.
The increase in attacks has been going on for years. There were 65,000 ransomware attacks last year, according to Recorded Future, a Boston-based cybersecurity company.
Companies and institutions have long neglected their IT systems, leaving them exposed to hacking, experts say. The pandemic has made them more vulnerable, as many Americans use personal modems and routers to work from home.
Stopping the attacks will be difficult. Today, criminals can easily find sophisticated malware in the dark corners of the web, and the growing popularity of cryptocurrencies such as Bitcoin is further encouraging cybercriminals by making it easier for them to evade law enforcement and financial regulators.
And then there is the most important reason for all of them: The attacks will probably continue because they work.
“This is just the beginning,” said Holden Triple, founder of cybersecurity consulting firm Trenchcoat Advisors.
“And it’s going to get a lot worse,” he said.
The malware attack puts the CEO in a difficult position. First, a company loses access to its systems or sensitive data. Then there are the shock effects. If the hack goes public, it could affect the company’s share price or, worse, create a national problem.
Last month, Colonial decided to pay $ 4.4 million to unlock its IT systems after a cyber attack forced the company to shut down a critical pipeline. Colonial CEO Joseph Blount told NPR he had no choice.
“It was the right decision for the country,” he said in an interview last week.
Juan Zarate, who was a deputy national security adviser for the fight against terrorism during the George W. Bush administration, says the growing profile of targets signals how ransomware attacks are becoming “professional.”
“What you’ve had, I think, in the last year and a half, two years, has been an increase in the number of ransomware attacks, the amounts demanded, and the level of refinement of those attacks,” Zarate said.
DarkSide, the Russian-based criminal group behind the colonial pipeline attack, even has what some experts describe as essentially a customer service contact to deal with issues from the targets it attacks.
Alternative currencies offer anonymity and regulations are often quite light for each country. In some jurisdictions they are not even regulated. For a country like the United States, transactions can be difficult to track depending on which exchanges criminals use.
“I think the cryptocurrency has actually helped ease the ransomware market,” said Kiersten Todd, managing director of the Cyber Readiness Institute.
It’s so ingrained in the cryptocurrency world that companies even buy bitcoins, so “if they face a ransomware attack, they’ll have it,” Todd said.
Although the Justice Department has been able to track and recover much of the Colonial Pipeline ransom payment, experts say it will not be the norm.
This was evident from a warning from Deputy Attorney General Lisa Monaco, who had a message for executives who may believe that the government will come to the rescue in recovering the ransom.
“We can’t guarantee and we may not be able to do that anyway,” she said.
Simply put, there are too many attacks and stopping them all is not possible.