The United States suffered 65,000 ransomware attacks last year – or over seven an hour. And it will likely get worse.
What was previously seen as a nuisance is fast becoming a national security problem as cybercriminals target key parts of the country’s infrastructure. A recent attack on Colonial Pipeline sparked panic buying that emptied many gas stations across the Southeast, while another attack on JBS raised fears about the domestic beef supply.
The surge in attacks has been years in the making. Last year, there were 65,000 ransomware attacks, according to Recorded Future, a Boston-based cybersecurity company.
Companies and institutions have long neglected their IT systems, leaving them exposed to hacking, experts say. The pandemic has made them more vulnerable, as many Americans use personal modems and routers to work from home.
Stopping the attacks will be difficult. Criminals today can easily find sophisticated malware in dark corners of the web, and the growing popularity of cryptocurrencies such as Bitcoin is further emboldening cybercriminals by making it easier for them to evade law enforcement and financial regulators.
And then there is the most important reason of them all: Attacks are likely to continue because they work.
“This is just the beginning,” says Holden Triplett, the founder of the cybersecurity consulting firm Trenchcoat Advisors.
“And it’s going to get a lot worse,” he notes.
A malware attack puts an executive in a difficult position. First, a company loses access to its systems or sensitive data. Then, there are knock-on effects. If a hack becomes public, it could affect a company’s share price, or worse, create a nationwide problem.
Last month, Colonial decided to pay $4.4 million to unlock its IT systems after a cyberattack forced the company to shut down a critical fuel pipeline. Colonial CEO Joseph Blount told NPR he had no choice.
“It was the right decision to make for the country,” he said in an interview last week.
Juan Zarate, who was the deputy national security adviser for combatting terrorism during the George W. Bush administration, says the growing profile of targets signals how ransomware attacks are becoming “professionalized.”
“What you have had, I think, over the last year and a half, two years, is an uptick in the number of ransomware attacks, the amounts being demanded, and the level of sophistication of those attacks,” Zarate says.
DarkSide, the Russia-based criminal group behind the Colonial Pipeline attack, even has what some experts describe as essentially a customer service contact to deal with questions from targets it attacks.
Alternative currencies offer anonymity and regulations are often pretty light from country to country. In some jurisdictions, they are not even regulated. For a country like the United States, transactions can be difficult to track depending on which exchanges criminals use.
“I do think cryptocurrency has actually helped facilitate the ransomware market,” says Kiersten Todt, the managing director of the Cyber Readiness Institute.
It’s become so ingrained in the world of cryptocurrencies that companies are even buying Bitcoins so that “if confronted with a ransomware attack, they have that available,” Todt says.
Although the Justice Department was able to trace and recover much of Colonial Pipeline’s ransom payment, experts say that will not be the norm.
That was evident in a warning from Deputy Attorney General Lisa Monaco, who had a message for executives who may feel the government will similarly come to their aid in recovering a ransom.
“We cannot guarantee, and we may not be able to do this, in every instance,” she said.
Or put more simply, there are too many attacks and stopping all of them is not possible.