How much would a government entity or business pay to restart operations after an attack on its critical computer systems? $ 4 million? $ 11 million? Those behind the recent ransomware attacks are trying to win big by holding our country’s underprotected computing hostage.
Today’s WatchBlog article explores some of the major ransomware attacks against federal, state and local governments and the private sector, as well as our recent work on cybersecurity and recommendations for improving protections against ransomware.
What is ransomware and why should we be concerned?
Ransomware is a type of malware used to deny access to computer systems or data, holding them hostage until a ransom is paid. After the initial infection, the ransomware attempts to spread to shared storage drives and other accessible systems. If the demands of the ransomware perpetrators are not met, the system or the encrypted data remains unavailable, the data may be deleted, or the data may be made public. If the ransom is paid, the perpetrators will usually provide the victim with the information needed to regain access to the system or decrypt the data.
According to the Department of Homeland Security (DHS), attacks using ransomware have at least doubled since 2017, and criminal groups are increasingly targeting critical U.S. infrastructure, which includes systems and assets supporting the services of emergency, telecommunications networks and energy production and transmission facilities. The risks of attacks on these key systems and assets include national security, economic stability, and public health and safety.
Ransomware attacks and charges
- In June 2021, the White House and the US Department of Agriculture announced that a meat processing company had been targeted with ransomware that was affecting the company’s operations. The company reportedly paid $ 11 million in ransom.
- In May 2021, Colonial Pipeline Company announced that it was the victim of a ransomware attack that resulted in a temporary disruption in the delivery of gasoline and other petroleum products to much of the Southeastern United States. , and paid over $ 4 million in ransom.
- In February 2021, the Department of Justice (DOJ) announced that 3 North Korean individuals had been charged with, among other things, the creation of the destructive WannaCry ransomware, as well as extortion and attempted extortion of companies. victims from 2017 to 2020. The WannaCry campaign, discovered in May 2017, has compromised encrypted systems and files remotely, affecting hospitals, schools, businesses and many organizations. It has resulted in tens of thousands of infections in more than 150 countries.
- In December 2020, federal law enforcement received numerous reports of ransomware attacks on K-12 educational institutions. In these attacks, malicious cyber actors have targeted school computer systems, slowing access and in some cases rendering the systems inaccessible for basic functions, including distance learning.
- In October 2020, the DOJ announced that 6 Russian individuals had been indicted for, among other things, the NotPetya ransomware which caused nearly $ 1 billion in losses to the 3 known victims identified in the indictment. NotPetya, which was discovered in June 2017, was a form of malware that exploited existing vulnerabilities in software or computer networks to encrypt files and allowed attackers to gain privileged rights and encrypt essential files making computers Windows infected unusable. It has infected organizations across multiple industries including finance, transportation, energy, business facilities, and healthcare.
- In May 2019, the mayor of Baltimore reported that the city had been the victim of a ransomware attack. As a result, city workers were unable to access their emails, and the attack delayed property sales and water billing for months.
What has been done?
The federal government has spread the word about the threat of ransomware and provided practical advice to organizations and individuals to mitigate this threat. For example, in recent months, DHS’s Cybersecurity and Infrastructure Security Agency has unveiled the Reduce the Risk of Ransomware campaign and published guidance on the growing threat of ransomware in response to the increase in ransomware attacks targeting operational and technological assets. control systems. Earlier this month, the DOJ issued a memorandum to all federal prosecutors with advice for investigations and cases related to ransomware and digital extortion.
What needs to be done?
Ensuring that our country’s cybersecurity has been on our high-risk list since 1997, and in September 2020, we underscored the need for the federal government to develop and execute a more comprehensive strategy for national cybersecurity and the global cyberspace. Since 2010, we have issued more than 3,300 recommendations that could improve the country’s cybersecurity. As of December 2020, over 750 of these recommendations have yet to be implemented. We are also leading ongoing work on ransomware, including examining how the federal government strategizes and builds allies to fight cybercrime, protect the cybersecurity of K-12 institutions, and provide assistance to state and local governments to promote their security efforts.
Want to know more about this problem and our recommendations to fix it? Check out our High Risk List page on Keeping the Nation Safe, which includes a list of recent reports and recent podcasts with cybersecurity experts from GAO.