These days, every business needs to have an online presence to survive. However, with that online presence comes a lot of risks that business owners need to be on the alert for. One of the biggest threats companies face online is ransomware. This cyber threat isn’t something that should be taken lightly.
Cryptovirology is a very powerful software that’s used for malicious purposes. Ransomware is a type of malware connected to cryptovirology. When someone’s data is compromised by ransomware, this malware will block access to their personal information and threaten to leak it if a ransom isn’t paid. To make things worse for the victim of ransomware, their files are encrypted so they can’t reverse the block.
It is no secret that cybercrime is on the rise, and we are hearing about more and more attacks in the news today. Namely, ransomware attacks have more than doubled since the start of the pandemic. These attacks can come across as seemingly normal online activity and quickly reveal themselves as malicious threats that can ruin even the largest corporations. However, regardless of size or industry, no one is immune to the consequences of falling victim to a ransomware attack.
This rise can be attributed to a variety of factors and shifts in our society. The obvious growth of remote work and working from home due to the COVID-19 pandemic has created a more vulnerable target for malicious actors. When employees’ computers and networks are being accessed from multiple locations and not under the watch of their IT team, their activity and data is not as secure and is not being as closely managed. Another change we have seen in our society is the advancement in digital technology and our dependency on its systems. Our purchases are online, whether it be for pleasure like shopping for clothes or even ordering our groceries. We pay our bills online now, use our GPS to get everywhere and communicate more than ever using technology. This dependency makes our everyday lives extremely vulnerable, as one simple pause in our ability to use these functions can majorly impact our lives.
The rise in ransomware attacks is also fueled by the growth in popularity of cryptocurrency. It was previously harder for malicious actors to find ways to obtain their ransom in an anonymous way and avoid the ransom being tracked. But now with cryptocurrency, it is significantly harder to trace and therefore a point of leverage for those committing ransomware attacks. While not completely untraceable, the difficulty of doing so and doing so quickly, alleviates some of the risk that may have previously deterred them. Additionally, political issues can be linked to these sorts of attacks depending on the climate of the relationship between two countries or even the current political climate within a country.
These exact reasons listed above can be seen in ransomware attack on the Colonial Pipeline in early May. The Colonial Pipeline carries 45% of the Eastern United States fuel supply. It is reported that a criminal hacking group called the Darkside was responsible for the attack. The attack impacted a computer system that managed the pipeline; therefore, the pipeline was forced to shut down for several days. This stoppage of fuel supply instantly caused a “panic at the pump” as people throughout the southeast rushed to fill up their cars and even fill up additional gas cans as back up. The rise in demand, led to higher prices and a shortage in fuel.
Typically, it is strongly suggested that a company does not pay the ransom being demanded because it can encourage future attacks. However, since the Colonial Pipeline supplies fuel to so many essential services, they felt the only option was to pay the 4.4-million-dollar ransom and reopen the pipeline. It is recently being reported that investigators were able to seize a portion of the amount paid to the attackers in bitcoin. While this is a small positive, the Colonial Pipeline suffered major repercussions from the attack and will have to work to significantly increase their security measures going forward.
Similarly, JBS USA Holdings suffered a ransomware attack about a month after the Colonial Pipeline. They are a major meat supplier and in terms of sales, the world’s largest meat company. They were attacked by Russia based criminal group REvil, who demanded 11 million dollars in bitcoin. Due to the fact that the attacks shut down plants that produce 1/5 of the nation’s meat supply, JBS felt their only option was to pay.
Both ransomware attacks mentioned above are evidence of how hackers are shifting their focus from data and personal information to essential services that jeopardize our critical infrastructure. As we quickly saw, these types of attacks create economic damage that goes far beyond just the company that was hacked. It is critical that cyber security professionals and companies take notice of this shift and work to put measures in place to protect against these attacks. The Colonial Pipeline was reportedly accessed by gaining one single password from an outdated VPN that did not use multifactor authentication. These types of vulnerabilities will only continue to be exploited if the correct steps are not taken.
Don’t let your company be the next to fall victim to ransomware. Reach out today to find out how Remedi Security can help protect you.