
The US is coming out of a particularly intense spate of ransomware attacks. Last month, hackers shut down the Colonial oil pipeline, causing gas prices to spike. This week, similar cyber attacks disrupted operations at the meatpacking plants of JBS SA, while the public was made aware of earlier hacks on the transportation authorities in New York City and Martha’s Vineyard. Hackers made at least $18 billion during a crime wave in 2020, according to an estimate from Emsisoft.
To the general public, these attacks may seem like random disruptions to various industries. But to the people launching these attacks, they are anything but random.
Ransomware is a type of malicious software that withholds access to a user’s systems or data until the user pays a ransom. It’s often designed to spread throughout a connected network of computers, such as a hospital or company. It can affect organizations, such as governments or companies, as well as individuals.
Like many types of malware, ransomware can infiltrate a system when users download suspicious materials, follow links, click ads, or visit an unsecure website.
For the average person, it’s important to update your software whenever there is one available. That will often patch vulnerabilities the software’s maker has discovered.
For companies and organizations, here are some suggestions from Harvard Business Review:
According to the Berkeley Information Security Office, a ransomware attack can result in:
Ransomware hackers can be criminal groups or those with ties to nation-states. Most just want money: 86% of such attacks are financially motivated. DarkSide, the group that hacked the Colonial oil pipeline in May, took the unusual step of posting a statement on its website stating that it didn’t mean to cause chaos, it just wanted cash. Others, however, are after sensitive data that they can then sell on the black market, or actually are out to cause chaos.
For individuals, the ransom is often a few hundred or thousand dollars, or sometimes cryptocurrency like bitcoin. For companies and governments, it’s often in the millions of dollars. That’s a big price tag—but not paying the ransom and rebuilding IT systems can sometimes cost much more.
The US government suggests that people and organizations subject to ransomware attacks not pay the ransom. It emboldens other would-be hackers, and the victims might not get their data back anyway. The person who pays could also be fined by the government (pdf) for paying a “sanctioned” person or group.
It’s easy to say in the abstract that companies shouldn’t pay ransoms, but for any individual organization, that’s a hard choice. Often, it’s much cheaper to pay off a hacker than it is to recreate your company’s IT infrastructure from scratch. And as hackers have become more professional, more victims have been willing to pay in order to get operations back online.
These are just a few of the victims of notable hacks in the past few years. They were subject to ransomware and other kinds of digital attacks.
The ransomware, called WannaCry, was a worm—it started from a single computer and spread to others. “It attempts to exploit vulnerabilities in the Windows SMBv1 server to remotely compromise systems, encrypt files, and spread to other hosts,” read a report (pdf) from the National Cybersecurity and Communications Integration Center. The malware was based on EternalBlue, a hacking tool created by, and then leaked from, the US National Security Agency (NSA).
Affected users would open their computers only to find that their files were encrypted, along with a message asking them to pay between $300 and $600 for the keys to get them back. The group behind it called itself the Shadow Brokers and was later found to be linked to the North Korean government.
The effect was profound for its scope and severity. WannaCry spread across 74 countries to an estimated 45,000 systems. In the UK, 16 NHS organizations were affected, locking doctors out of patient records and reportedly forcing emergency rooms to send patients to other hospitals. The hack also impacted governments, railways, and private companies.
In just two weeks, the hackers made about $140,000 in bitcoin. Microsoft released patches to fix the vulnerability, but users were slow to update their software. Networks continued to be hit through at least 2018. Earlier this year, the US Department of Justice formally charged three North Koreans for the WannaCry hack, along with several others, but none have faced legal consequences, as North Korea does not extradite its citizens to the US.
Ransomware attacks aren’t new—they’ve been around since at least the early 2000s. But they are getting worse. Here’s what “worse” means:
That now looks like it may change. In April, the US Department of Justice created a task force to deal with ransomware attacks “to make the popular extortion schemes less lucrative by targeting the entire digital ecosystem that supports them,” according to WSJ. In response to the Colonial Pipeline hack, the Biden administration has upped the ante. It created a specialized process to address the attacks and considers hackers to be a national security threat on the same priority level as terrorism, according to Reuters.
It’s unlikely that ransomware attacks will ever completely go away. As the world is increasingly digitally connected, hackers will find new targets and new ways to evade security protections. But they may become less popular, either because a new hacking method has proven to be more effective, or because the consequences for committing these crimes are too severe to be ignored.
In 2017, the world got a sense of how global—and destructive—a ransomware attack can truly be.
Experts consider ransomware to be a rising threat. As MIT Tech Review notes, this is at least in part due to years of inaction from the federal government, which didn’t make it a particularly high priority among its overall cybercrime response.