You’ve probably heard of the recent ransomware attacks on JBS meat processing plant and Colonial Pipeline that shut down operations of both companies. Unfortunately, cyber incidents have increased at an alarming rate in recent years, and ransomware has become one of the most common modes of attack.
According to a report from the Institute for Security and Technology, nearly 2,400 US-based government organizations, healthcare facilities and schools were targeted by bad actors using ransomware in 2020. Payments averaged $312,493 and totaled $350 million. This represented a 171% and 311% increase, respectively, over the previous year.
Although U.S. government officials have recovered millions in ransom from the Colonial Pipeline hackers, many others haven’t been so lucky. The trend will likely continue throughout 2021.
Here’s a breakdown of the most significant hacks—ransomware and otherwise—this year:
CNA Financial: A business insurance agency that offers cybersecurity insurance, CNA reportedly paid $40 million to a cybercrime organization called Phoenix. The group is believed to have used a variant of the Hades malware program created by the ransomware gang known as Evil Corp. CNA financial was able to negotiate the ransom down from $60 million.
Exagrid: This provider of backup equipment and ransomware recovery services paid a $2.6 million ransom in May. They negotiated the price down from $7.5 million after the bad actors said they exfiltrated 800 gigs of information. Conti ransomware was used in the attack; other high-profile victims of Conti include the Irish Health Service system.
Accellion: Clients of file sharing and firewall service provider Accellion suffered a series of hacks dating back to 2020, including stolen Social Security numbers and financial data. Affected targets include the Australian Securities and Investments Commission, Flagstar Bank, Kroger, Royal Dutch Shell, Trinity Health, and Stanford University. The ransomware organization Clop is believed to be behind the attacks. Accellion is currently facing over a dozen lawsuits due to its continuing to support an outdated and vulnerable version of its software.
Oldsmar, Florida: A bad actor gained access to the network of a water treatment facility in Oldsmar, Florida and attempted to increase the sodium hydroxide (lye) levels to dangerous levels. Plant employees noticed the attempted attack before the chemicals were released, but it raised serious questions about the cybersecurity of public infrastructure. The attack serves as an worrisome reminder that not all hacks are about monetary gain.
What to expect:
Cybersecurity is increasingly a top priority for the federal government. On May 12, President Biden enacted Improving the Nation’s Cybersecurity, an executive order that called for “bold changes and significant investments in order to defend the vital institutions that underpin the American way of life.” The order specifically called for easier threat information sharing, federal improvements to security systems, and focusing more on the supply chain.
There is also a growing call for legislation to make it illegal for an organization to pay a ransom. The guiding principle here is that paying the ransom will ensure more attacks since criminals will continue getting rich off these attacks. Additionally, victims often do not recover their data whether or not they pay up.
In reality, paying the ransom is a necessary gamble. According to Nicole Perlroth, a New York Times journalist on The Daily, many companies are willing to take the chance because it is “cheaper than the cost of rebuilding their systems and data from scratch.” As a result, insurers are among those pressing organizations to meet criminal demands.
Attacks are often the result of one person failing to update software, change a compromised password or think twice before clicking a suspicious link. And it only takes one wrong move to compromise an entire company. The most robust defense system is useless in an environment riddled with human error.
Takeaways:
- Ransomware attacks are a growing threat to businesses and governments.
- Governmental regulation is on the way, but it will take time to implement solutions and revamp the country’s cyberdefense systems.
- Individuals need to improve their cybersecurity practices, which means taking basic steps like keeping strong passwords and updating their computer systems when prompted.
- Practice the 3Ms:
- Minimize your risk of exposure: Don’t take unnecessary risks and invest in cyber defenses and education.
- Monitor networks and accounts: Unusual activity may be a sign that a cyberattack is underway.
- Manage the damage: Plan ahead in the event of a successful cyberattack and have a cyber liability insurance plan to help offset the costs.
