The rise of ransomware attacks has been exponential throughout the first half of 2021 and was a problem that threatened the livelihood and survival of many businesses and even whole towns.
Ransomware is a practice that hackers use to lock up computer systems that companies use to operate, and then demand a payment from the company in order to free up the systems so that they can run again. Ransomware attacks are getting increasingly severe, as they are happening more frequently and victim losses are increasing as well. A few main factors are causing the rapid growth of these attacks.
Oftentimes, simple cybersecurity mistakes are made by victims. These include clicking on phishing links and not updating the company’s software. This plays into the hackers’ hands because it makes it easier for them to access the computer systems. This type of mistake is extremely common and can be seen in both big companies and smaller facilities alike. One of the most notorious examples of this was the attack on Colonial Pipeline, which forced the 5,500-mile pipeline to shut down for 6 days, causing massive gas shortages along the East Coast. By exploiting this necessity, the hackers were able to derive millions of dollars in payment from the company. Further investigation revealed the likely cause being that there was no two-factor authentication. A second example happened in 2017 in Brownsburg, Indiana, where half of a Bitcoin or around $1,300 at the time was paid in order to free up the library’s public online catalog and employee’s email.
Hackers are utilizing double extortion tactics as well. For example, they will steal sensitive data from a company, encrypt it, and then threaten to release that data if they don’t get a payment, essentially holding the information hostage.
Hackers are also demanding payments in the form of cryptocurrency, generally Bitcoin, from their victims as ransom. The reason being is that cryptocurrency is decentralized, which makes it hard to track and recover. Also, the ransom payments made can even act as investments. For example, half of a bitcoin from the 2017 Brownsburg Indiana case, worth around $1,300 then, would be worth roughly $24,000 to date.
Criminal networks also oftentimes work together. The hackers who invented the ransomware software will often lease it to certain groups, allowing them to carry out the activity and then share the profits once payment has been collected. This is how DarkSide, the group that carried out the Colonial Pipeline Attack, operates.
The majority of the hacks have been made from Eastern Europe, specifically Russia. It has been difficult to differentiate between criminal hacking groups and state-backed cyber operations, as criminal hacking may be tolerated if it is targeted overseas, and hackers may even be recruited by the government in order to carry out their own goals.
The best way companies can better protect themselves from a ransomware attack is by using cybersecurity best practices, such as updating server software, and basic security checks like multi-factor authentication. Many companies are now utilizing this technology to protect themselves, and the government is continuing to expand its cybersecurity legislation and security practices as well.