Ransomware and cybercrime are critical infrastructure issues

[Brexiter]

Last week it was revealed that Colonial Pipeline had been struck by a massive ransomware attack. Ransomware has one goal: to shut down the end user and demand money, often in the form of bitcoin, to pay for decryption codes. As cryptocurrency values rise and the ease of access to encryption tools grows on the dark web, ransomware has become a blight on American infrastructure.

Americans can see problems with roads and bridges, and those provide visible signs that government investment is needed to preserve our future. When it comes to cybersecurity, however, it’s too easy to just blame a company or individual for their fate: “You were the one who followed that link, opened that email, downloaded that file.” As ransomware explodes and the impact expands into major business and funds illegal activities, we become more aware that cybersecurity is modern national infrastructure.

ZD Net addresses the heart of the issue:

Late last week, Colonial Pipeline, which accounts for 45% of the US East Coast's fuel, was forced to shut down its operations due to a ransomware attack against its systems.

Even President Biden was briefed on in the incident; it doesn't get much more high profile than that.

….

If a ransomware attack means your company loses the sales data held on a few servers, no one – apart from you and your boss – is going to be too upset. But say those servers were running the traffic lights on a busy stretch of road, or running the x-ray machines at the local hospital – then the attack has a real-world impact.

As more infrastructure becomes reliant on the internet or uses computer technology to operate, we become more at risk of a ransom attack wiping out critical data and completely destroying our infrastructure. The problem has extended into every operating system possible: PC, Macintosh, Android, etc.

Ransomware is being driven by the rise in the value of cryptocurrency and the access to the software to commit the crime.

Bitcoin and other cryptocurrencies are fueling a wave of ransomware attacks to the tune of $1.4 billion in the U.S. Hackers encrypt the victim’s data and then require the victim to pay a fee in bitcoin or certain other cryptocurrencies to obtain the decryption key needed to release the data. According to Coveware, which helps companies remediate ransomware, in Q4 2019, victims who paid a ransom to receive decrypting software successfully decrypted 97% of their encrypted data.

Ransomware isn’t new. The first ransomware attack was reported more than thirty years ago. But crypto makes it easier for the bad guys. “Cryptocurrency serves an important role in ransomware’s international chain of wealth transfer from victim to criminal,” says Ingalls.

The problem is that as individuals and companies get the ransom note, most believe that they have to pay it and not alert anyone else, as this could highlight their own security weaknesses. The problem with this is simple: The person you are paying is an unknown receiving large sums of money daily to fund illegal operations. Could you be the one funding human trafficking? Terrorism? Political oppression?

In the case of Colonial, it was the work of Russian organized criminals.

A Russian criminal group may be responsible for a ransomware attack that shut down a major U.S. fuel pipeline, two sources familiar with the matter said Sunday.

The group, known as DarkSide, is relatively new, but it has a sophisticated approach to the business of extortion, the sources said.

Commerce Secretary Gina Raimondo said Sunday that the White House was working to help Colonial Pipeline, the Georgia-based company that operates the pipeline, to restart its 5,500-mile network.

The good news is that despite Trump’s cozy attitude with nation states that engage in cyber crime, the Biden administration is moving ahead to help companies become more prepared.

The Biden administration is escalating efforts to safeguard the U.S. power grid from hackers, developing a plan to better coordinate with industry to counter threats and respond to cyber attacks, according to people familiar with the matter.

Top administration officials, including Energy Secretary Jennifer Granholm and Deputy National Security Adviser Anne Neuberger, briefed top utility industry executives on the efforts in a March 16 meeting, said the people, who requested anonymity because the session was private.

I’ve worked with several companies that have faced issues with ransomware. Here are some key points of advice:

1. Engage cloud-based data backup services. Microsoft Azure, Crashplan, Amazon AWS, and other clients exist and can help you keep multiple versions available.
2. If your business relies on operating software daily, look to a NAS imaging solution, with an offsite backup. If you need to come up and be accessible in minutes, or at most an hour with no operating system loss, this is really the strategy. Cloud-based backups protect data, but they do not protect operating states. Combine it with something like Acronis backup services, Veeam, or Veritas. If you’re using something like Microsoft Hyper-V or VMWare, you can put your imaged backups outside of access of any ransomware that gets loose using virtualized networks.
3. Check on your backups and verify them using a non-network connected computer.
4. Most important: Never, never, never pay those who want the ransom. Never. Yes, paying a ransom often will get your files back. Still, the cost can be incredibly high, and you continue to fund the criminals who will do the same to others. This is small comfort to people who wish they had their data back. I’ve seen this as companies were asked for $10,000 and $20,000 worth of bitcoin to retrieve their data. When you pay the criminals, the money is not going to good use. The funds you took out of your account don’t just encourage more ransomware. Veeam explains:

Paying the ransom, whether it’s by Bitcoin or another method, is always going to appear to be the easiest way out of the problem, but it’s never a guarantee that you’ll be able to resume normal operations. Firstly, the ransomware is unlikely to decrypt all of your data. You should expect about 80% of it back at most. Secondly, the ransomware is still resident on your system and could lead to further breaches or problems. And thirdly, understand that by paying the ransomware demands, you are effectively negotiating with terrorists and helping to fund the darkest, most sinister parts of human nature, such as terrorism, human trafficking, money laundering, drug running, prostitution and every type of criminal activity.

Ransomware is a critical part of the future of American security. The Biden administration understands the problem that faces our country. If only we had spent the last four years doing more to put a system into place that took the problem seriously. Instead, we played nice with the instigators.