It’s been a hell of a few months for ransomware villains and their victims. What often begins as someone clicking a seemingly innocuous link in their email can result in a crisis that brings multi-billion dollar businesses to their knees, stokes geopolitical tensions and has ripple effects throughout the global economy.
A recent spate of ransomware attacks has crippled critical infrastructure, disrupted major food supply chains and revealed that no one, big or small, is safe from these attacks.
- In May an attack on Colonial Pipeline, operators of one of the United States’ largest fuel pipelines, led to a multi-day shutdown for the pipeline. As a result, panic-buying pushed petrol prices to their highest levels in seven years.
The pipeline provides nearly half of all fuel consumed on the US East Coast and is relied upon by millions such as hospitals, emergency medical services, law enforcement s, fire departments, airports, truck drivers and the traveling public. Colonial Pipeline reportedly paid a ransom of $4.4 million in crypto currency to DarkSide, an Eastern European criminal organization.
- A few eye blinks later the world's largest meat processing company was targeted by a sophisticated cyber-attack. Computer networks at JBS were hacked, temporarily shutting down some operations in Australia, Canada and the US, with thousands of workers affected.
JBS spent several days unsuccessfully trying to clean the ransomware from its systems but eventually caved into the criminals demands, shelling out a reported $11m in ransom to put an end to the attack.
- One week after the French branch of cyber insurance giant AXA said that it would no longer be writing policies to cover ransomware payments, the company’s operations in Thailand, Malaysia, Hong Kong, and the Philippines were hit… by a ransomware attack.
The ransomware gang said it had stolen 3 terabytes worth of data such as customers’ personally identifiable information, including scans of passports and ID documents, customers’ medical records, hospital bills.
- Recently, at least 60 members of the US Congress were unable to access data for weeks due to a ransomware attack. iConstituent, a tech vendor that provides constituent outreach services between lawmakers and citizens was hit in the attack affecting the politicians ability to communicate with their voter base.
- In May Ireland's health service operator had to shut down all its IT systems to protect it from a "significant" ransomware attack, crippling diagnostic services, disrupting COVID-19 testing and forcing hospitals to cancel many appointments.
- Cybercriminals attacked Energias de Portugal (ADP), the huge Portuguese energy company in April. The criminals demanded a hefty €9.9 million.
Ransomware strikes have ebbed and flowed over the years but they’ve never gone away. This recent upsurge however, is likely due to a confluence of factors:
- The mass move to working from home has certainly increased vulnerabilities which cyber crooks have been quick to exploit.
- The rise of hard-to-trace crypto currency is also a factor.
- Ongoing tensions between the US and Russia have also played a part.
Certainly many of the recent ransomware attacks have been attributed to crime gangs operating out of Russia. The Russian authorities typically turn a blind eye to these attacks and refuse to extradite known criminal hackers, especially to the US. In fact, to maintain distance and plausible deniability, officials within the Russian government are known to employ hacker groups to carry out attacks on specific targets.
Good news for home users?
The bigger the target, the bigger the potential reward for cyber villains which would seem to remove home users from the radar. However, it’s not that simple.
- Many ransomware hackers use something called a hub and spoke model. Ransomware creators provide attackers with different tools to enable them to carry out their nefarious deeds. The ransomware creators take a fee for their services.
- As a result the number of people who can carry out ransomware attacks has grown significantly. The number of tools that are available has also risen dramatically.
What this means is hackers with low-level skills can easily launch scatter-gun phishing attacks that target hundreds of thousands stolen email addresses. All it needs is for people to click on links that come through their emails and the ransomware takes root in the computer.
While big targets like Colonial Pipeline attract the attention of ransomware crime groups who have high-level skills, lesser-skilled crooks still see home users as a viable target. This is why we should all guard against complacency and use proven antimalware that protects against ransomware