Ransomware Hits Businesses & Consumers in the Wallet
The headlines sure grab your attention:
- Ransomware Hits Over 1,000 Businesses
- Another Hospital Hit with Ransomware Attack
- Ransom Gang Starts Selling Access to Victims
Worrisome headlines, for sure. So, what is ransomware? Isn’t this primarily a business problem? Consumers don’t need to be concerned, right?
Constantly Evolving Threat
Ransomware continues to evolve rapidly, and answers to these questions change with each emerging version. Nevertheless, this tactic impacts everyone and everyone should be concerned.
When the concept first appeared in 1989, 20,000 individuals attending a conference in Stockholm became targets. The distributer was sent floppy discs to the list of attendees. Once recipients loaded the floppy data into a computer, a message popped up demanding the device owner send $189 to an address in Panama. It was just a hint of the power this concept would eventually possess.
Over the past decade, ransomware has spread like wildfire, and its use has altered. First, the lure of financial gain switched the focus from attacks on individuals who might cough up $200 toward big-time targets with much deeper pockets. As a result, higher-value targets are now the norm.
Today’s ransom demands can squeeze a single business for $10 million or more. While a company may pay the bill or hire a forensic cybersecurity firm to search for alternatives, you’ll feel the pain, too, if you’re a customer of that company. Damages can be swift and severe.
Ransomware is a software tool that infects digital devices like laptops and desk computers to prevent the owners from accessing their stored data. Crooks have always offered something in return for their hefty fee—a decrypt key is standard—but these keys don’t always work. Increasingly, hackers also include threats of exposing the stolen data online. In some cases, blackmail delivers big payoffs.
Damages tend to trickle down to all sorts of folks. That’s why you should learn all you can about the problem, solutions that work, those that don’t, and which proactive steps might help if hackers zeroed in on your business.
Ransomware senders initially used a shotgun approach to hit targets. Thousands of individuals were peppered with emails that carried malware, and names like WannaCry or CryptoLocker dominated the news cycle. Today, detailed research can lead to aiming at a single entity.
Phishing emails still deliver malicious code. For example, if a worker clicks a link in a targeted email while using a company machine, hackers often access several company data systems. In other instances, malware arrives when a device user visits a harmful website.
Once the target’s data system is locked down, hackers then download files to misuse later. Business operating systems like digital checkout registers won’t work, making it impossible to buy goods. Gas pumps may run dry. So yes, ransomware impacts us all.
“Ransomware is a long-standing problem and a growing national security threat,” a spokesman for the United States Department of Justice said this summer when unveiling a new collaborative way to report and share information about recent attacks.
Roughly $350 million in ransom was paid to malicious cyber actors in 2020—more than a 300% increase from the previous year. Unfortunately, 2021 has already featured jaw-dropping ransomware attacks, and the trend continues to worsen.
Hackers are generally one (or more) steps ahead of the hard-working people who work to block intrusion attempts. So cyber investigators play catch up as they study the hacker’s moves and search for data exfiltration.
Top targets include:
- Financial Institutions like banks. Ransomware can steal account access data, but it can also create a diversion so intruders can breach more sensitive areas of the institution’s digital network.
- Hospitals and health clinics have experienced a massive rise in ransomware attacks that deliver crippling results. If the Electronic Medical Records (EMR) system in an Intensive Care Unit (ICU) or Emergency Room is frozen, health records are locked, and patients may suffer.
- Utilities are no strangers to ransomware. The most publicized case in the US shut down the Colonial Pipeline earlier this year. That pipeline runs from Texas to the East Coast, providing almost half of the coastal states’ gasoline and other fuels. Supplies did not flow for over four days as Colonial tried to recover.
- Businesses that move goods around the nation have discovered they’re now prime objectives. Ransomware recently crippled a meatpacking company, slowing meat shipments across the U.S.
- Political targets are also in the crosshairs. In late October, a Russian group claimed credit for hacking the National Rifle Association (NRA) and leaking stolen files on the Dark Web.
Massive attacks make headlines, yet government experts say they don’t tell the whole story. According to U.S Department of Justice (DoJ) calculations, roughly 75% of all ransomware attacks zero in on small businesses.
“Like most cyber-attacks, ransomware exploits the weakest link. Many small businesses have yet to adequately protect their networks,” the agency stated.
Small businesses face direct attacks but also suffer from attacks on their service providers. For example, in 2021, hackers aimed at a Florida-based IT firm. The company delivers IT assistance for businesses too small to have their own info tech departments. Perpetrators seized massive amounts of data, and schools, grocery stores and an estimated 2,000 additional firms felt the impact. Hackers demanded $70 million to reverse the damage.
Government investigators work around the clock to track down perpetrators after an attack like Colonial’s. The FBI and other law enforcement groups strongly recommend against paying a ransom, but media reports indicate that Colonial the meat pacing company both paid millions for a decryption key.
In Colonial’s case, the price tag reached around $4.4 million, but the software received was so slow, the company couldn’t use it. As a result, the pipeline shutdown caused panic in southeastern states and empty gas tanks up and down the coast.
In late October, a group of U.S. agencies including the Secret Service, U.S. Cyber Command and the FBI collaborated with foreign governments to hack back at a ransomware gang responsible for numerous attacks. Their takedown plan knocked REvil, a group with apparent ties to Russia, offline after the crew claimed responsibility for the meatpacking attack and several other major incidents.
Reporting Figures Accurate?
The attacks we hear about are alarming, but there’s an additional dimension—businesses that don’t report ransomware or other data breaches. Anonymous surveys of business IT teams indicate that those rates could be 35% or higher.
In June, the DoJ launched a dedicated website to address the ransomware issue and hopefully prompt more reporting. StopRansomware.gov is a collaborative effort between government agencies and the private sector. It’s hoped that a single collection point for filing reports and sharing information about new attacks will finally put a dent in hacker success rates.
The FBI’s Internet Crime Complaint Center (IC3) recently confirmed that 2021 ransomware attacks are on pace to smash the record set in 2020. Today’s thieves have doubled up on extortion efforts, too. In the current climate, some damages cannot be reversed even after the ransom is paid.
“Cybercriminals have also increasingly coupled initial encryption of data with a secondary form of extortion, in which they threaten to publicly name affected victims and release sensitive or proprietary data exfiltrated before encryption,” a recent FBI alert warned.
Anyone who surfs the internet faces a ransomware risk. Any device might land in the crosshairs for takeover. Some steps can reduce these risks, however.
- Keep anti-virus software up to date. This software searches for new ransomware hitting the market, but again, the good guys must play catch up. New versions of malicious code need to be detected “in the wild” before being added to anti-virus databases for detection.
- Don’t open emails from an unknown source. Don’t click on links if the email appears to be from a known sender, but it contains awkward writing instead of something a sender you know might have typed.
It’s challenging to know where your data is at all times. But you don’t have to go it alone. IDShield monitors member data points 24/7 to detect any critical identifiers that land on the Dark Web or anywhere else they should not reside.
IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. IDShield plans are available at individual or family rates. For complete terms, coverage, and conditions, please see an identity theft plan. This is meant to provide general information and is not intended to provide legal or tax advice, render an opinion, or provide any specific recommendations.
Pre-Paid Legal Services, Inc. (“PPLSI”) provides access to legal services offered by a network of provider law firms to PPLSI members through membership-based participation. Neither PPLSI nor its officers, employees or sales associates directly or indirectly provide legal services, representation, or advice. The information available in this blog is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations. The blog post is not a substitute for competent legal counsel from a licensed professional lawyer in the state or province where your legal issues exist and the reader is strongly encouraged to seek legal counsel for your specific legal matter. Information contained in the blog may be provided by authors who could be a third-party paid contributor. All information by authors is accepted in good faith, however, PPLSI makes no representation or warranty of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability, or completeness of such information.
Protect Yourself Against Ransomware & Other Online Threats Now!