Thing to Know: Ransomware

Published on: Jul 15, 2021fb-roundtwitter-roundemail-round
Dangerous Hooded Hacker Breaks into Government Data Servers and Infects Their System with a Virus.Getty Images

Hackers keep targeting the US – disrupting gas supplies, food production and even the government. The Department of Justice called 2020 the “worst year ever” because of the increased number of cyberattacks. A cybersecurity firm recorded 65,000 ransomware attacks in the US. And one study found that attacks globally in the first half of 2021 are up 102% compared to the beginning of last year. But what’s causing this phishy business?

Hackers’ Weapon of Choice: Ransomware

Cybercriminals use ransomware – a type of malicious software – to hack computer systems and lock up data important to a company’s operations. Then, they threaten to keep it, destroy it, sell it, or leak it – unless the company pays up. In 2020, about $350 million was paid out to criminals using ransomware. 

Here are some recent examples of hackers making corporations byte the dust...

  • CNA Financial: In March, a hacking group called Phoenix used malware – called Phoenix Locker – to break into the network of one of the largest insurance providers in the US. It allegedly locked CNA out of its network. And demanded $60 million to return access. The insurance agency disconnected its systems from the hacked network. And first tried to recover files on its own. Later, CNA reportedly negotiated Pheonix’s asking price down to $40 million. The company didn’t say how Phoenix was able to gain access to its network. It did reveal though that insurance policyholder information wasn’t affected. 

  • Washington DC Police Department: In April, Babuk (a Russian-based group) breached the department’s computer network and threatened to release the identities of people who had confidentially reported crimes. It claimed it had stolen 250GB of data, including intelligence reports, gang information and officer background checks. The agency said it was aware of the breach, but didn’t reveal how Babuk got into the computer network. And if the dept closed down servers or if police activity was impacted. Babuk said it demanded $4 million dollars. And claimed police refused to pay, negotiating down to $100,000. The hackers then retaliated by publishing around 20 employees’ personal info.

  • Colonial Pipeline: In May, DarkSide (also based in Russia) hacked one of the country’s largest gas pipelines, which supplies almost half of the East Coast with fuel. All it took was one compromised password for the group to gain entry to the company’s networks. In response, Colonial Pipeline immediately shut down its systems for six days, which spurred fears about gas shortages and prompted panic buying at the pump. The national average cost for gas hit over $3 per gallon for the first time since 2014. And the group walked away with $4.4 million in ransom just 24 hours after initiating the attack. But the US gov was able to get $2.3 million back.

  • JBS: In June, REvil (another Russian-speaking gang) infiltrated the servers of the world's largest meat supplier. It’s unclear how they got in, but the hack caused JBS to close down all nine of its US beef plants – affecting at least 20% of American beef production. This came as beef prices soared worldwide due to supply and labor disruptions caused by the pandemic. The company said there's no evidence that employee or customer info was compromised, and backup servers were not affected. Most plants were up and running the next day. But the company did pay $11 million in Bitcoin to the hackers to protect its data from being leaked – a move criticized by the House Oversight Committee chairwoman.

  • Kaseya: In July, REvil struck again, in what’s being considered the single largest global ransomware hack. The victim: Kaseya, a company that supplies software to service providers – who then use that software to handle security and tech support for thousands of small businesses. REvil exploited a “zero-day” – aka an unknown flaw in software – to hack a tool called VSA which manages different types of equipment (think: desktop computers, routers, and printers). The malware then spread to about 800 to 1,500 businesses in around 17 different countries. This tactic is sometimes called a supply-chain attack, which experts say high-level, government-backed hackers usually use. Kaseya said it shut down access to VSA after it learned about the hack. REvil asked for $70 million to release the info it stole. But later reduced the price to $50 million after negotiations. It’s unclear whether the ransom was paid. On July 13, The New York Times reported that the websites REvil used to negotiate payments with victims had gone dark.

The Counter-Response

What the government is doing… In July, the Biden admin and Western allies called out China for hacking the Microsoft Exchange email server, which impacted thousands of businesses. And the DOJ charged Chinese hackers for allegedly working with China’s Ministry of State Security to steal business info from different agencies. No sanctions against the country were announced, unlike in April when the White House imposed economic restrictions on Russia for the SolarWinds hack. Since then, President Biden warned Russian President Vladimir Putin that the US would respond if necessary, hinting that the US would target Russian servers behind the attacks – although it’s unclear if that will happen. And later Biden told Putin that Russia needs to stop being a safe place for hacker groups. The White House also ordered organizations that support US energy systems (like pipelines) to report cyberattacks. It created a task force too in hopes of preventing future attacks. And launched a website with tips for businesses to stay safe. Meanwhile, Congress is working on legislation of its own to address the spike in attacks. The FBI also recommends victims of ransomware attacks not to pay hacker groups.

What you can do… To prevent hackers from stealing your info, update your apps and computer software to the latest version. Usually, new versions can fix bugs found in the old ones. Be careful when opening emails or clicking on attachments and links. If an email looks suspicious, report it. Choose passwords that are hard to guess and don’t use the same one for different websites. Using a password manager or generator can help. And don’t forget to regularly back up your digital files to the cloud or an external drive. 

theSkimm

Businesses, government agencies, and everyday people are all at risk from ransomware attacks. While we wait for security technology to catch up to hackers, there are steps you can take to keep your digital world safely at your own fingertips.

Skimm'd by Sana Dadani and Kamini Ramdeen


live smarter.

Sign up for the Daily Skimm email newsletter.

Delivered to your inbox every morning and prepares you for your day in minutes.