#comptia | #ransomware | Ransomware Attacks Grow, Crippling Cities and Businesses

SAN FRANCISCO — New Orleans’s city government crippled. A maritime cargo facility temporarily closed. Hospitals forced to turn away patients. Small businesses shuttered.

The cause in each of these incidents: ransomware attacks. In recent years, hackers have taken to locking down entire computer networks and demanding payments to let users back into their systems.

The frequency of ransomware attacks — among the scariest and most costly online assaults — has been hard to pinpoint because many victims quietly pay off their attackers without notifying the authorities.

Now, an array of new data provides perhaps the best available picture of the problem. In 2019, 205,280 organizations submitted files that had been hacked in a ransomware attack — a 41 percent increase from the year before, according to information provided to The New York Times by Emsisoft, a security firm that helps companies hit by ransomware.

The average payment to release files spiked to $84,116 in the last quarter of 2019, more than double what it was the previous quarter, according to data from Coveware, another security firm. In the last month of 2019, that jumped to $190,946, with several organizations facing ransom demands in the millions of dollars.

Security experts say that even these numbers underestimate the true cost of ransomware attacks, which have disrupted factories and basic infrastructure and forced businesses to shut down.

“Anything of value that is smart and connected can be compromised and held for ransom,” said Steve Grobman, the chief technology officer at McAfee. “If critical infrastructure systems are held for ransom, what is our policy going to be for dealing with those?”

The data from the security companies and the number of recent ransomware incidents show a dramatic escalation for a type of attack that, just a few years ago, was mostly directed at individuals, who had to pay only a few hundred dollars to get their files back.

American authorities have not released statistics on the broad changes in ransomware attacks, but the F.B.I. noted in its latest warning that the attacks were becoming “more targeted, sophisticated, and costly.”

The agency said an online portal for reporting incidents received 1,493 reports in 2018. But officials think that number was likely “artificially low” because it did not include reports from field offices or agents or any number of other sources.

“What we find most concerning is that it causes not just direct costs, but also indirect costs of lost operations,” said Herbert Stapleton, cybersection chief at the F.B.I. “We certainly view it as one of the most serious cybercriminal problems we face right now.”

The assailants carrying out ransomware attacks have proved hard to identify because the technology they use, like Bitcoin and anonymous messaging platforms, allows them to communicate and transact with victims without being easily tracked.

Many of the criminals operate from countries outside the reach of American law. The Justice Department has indicted hackers in Iran, North Korea and Russia, but none appear to face any threat of extradition.

American authorities have suggested that several of these attackers have operated with the protection of their governments, and have helped their governments by passing along hacked files.

Security experts said ransomware has evolved into an industry, with hundreds of gangs vying for the most lucrative victims. Some hackers have specialized in “ransomware as a service,” writing the victim-facing software and selling it to others through the so-called dark web. They have even built out customer-service centers to deal with victims and their payments.

In recent attacks, the hackers often spent months quietly scouting out the innards of the computer networks of potential victims to ensure they have every important file tied up.

They are often eager to prove to victims that they will return the files when they are paid, to ensure a prompt transaction. When victims don’t pay, some gangs have begun publicly releasing private files to ratchet up the pressure — as was the case with Southwire, one of the world’s largest electrical wire and cable manufacturers that operates out of Georgia.

Southwire filed a lawsuit against its attackers, unknown hackers, asking for the site where the company’s files had been published be taken down. But the hackers soon moved their operations to a new site and released even more files.

Some businesses and city governments are taking out insurance to be ready for ransomware demands. Bryan Sartin, head of global security services at Verizon, said he encourages clients to create a slush fund with Bitcoin.

“Almost everyone says we will never pay the ransomware, but when push comes to shove, probably two out of three will,” Mr. Sartin said.

Law enforcement officials have warned against giving attackers more confidence that they will get paid. But the attacks have become widespread enough — and the ransom payments frequent enough — that cybersecurity insurance rates are rising.

Ransom costs aside, the worst outcomes can come when dealing with gangs that wipe the files they locked down.

The medical practice that Dr. Shayla Kasel had built over 20 years in Simi Valley, Calif., was hit last August by ransomware. After her malpractice insurance connected her with a ransom negotiator and a forensic expert, she was told that even if she paid $50,000 for each of the digital keys that could unlock her different servers, there was only a 15 percent chance she would get her files back.

Dr. Kasel said she limped along for a few weeks, seeing the patients who happened to come through her door and recording everything on paper. But she ultimately decided it wasn’t worth trying to rebuild her files and business from scratch and risk facing lawsuits and fines. She shuttered her practice in December after incurring around $55,000 in expenses.

“The hardest part after 20 years was to suddenly tell patients ‘Yep, I’m quitting,’ ” Dr. Kasel said. “It was an agonizing decision.”

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App



[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]


National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.