WASHINGTON – Virtually unheard of five years ago, “ransomware” attacks have emerged as a serious and growing risk to governments and businesses operating in the digital age.
Ransomware is designed to lock up critical computer data until the victim pays hackers a fee that can range from a few thousand to hundreds of thousands of dollars. Some 70 states and local governments in 2019 alone have been victimized by these malicious attacks, according to one U.S. cybersecurity firm.
We spoke with Herbert Stapleton, the FBI’s cyber section chief, about the growing threat.
1) How big a problem is ransomware?
Some 1,493 cases of ransomware attacks were reported to the FBI in 2018. The annual adjusted loss tied to these attacks shot up 55% to $3.6 million in 2018, though some cases go unreported and the true costs are almost certainly higher.
The financial toll is more than just the ransom payment itself, Stapleton said. Victims need to spend money to restore systems from backup or invest in new technology to prevent future attacks.
Take Baltimore. The city recently spent more than $5.3 million to restore and repair its data network after refusing to pay a $76,000 ransom.
Why not just pay the ransom? Stapleton and other law-enforcement experts warn that paying a ransom doesn’t always resolve the problem and will just encourage more cybercrime.
2) How have ransomware attacks evolved?
Stapleton said ransomware targets have shifted from individuals to larger organizations such as cities, companies and hospitals. What’s more, the amount of ransom demanded has increased from a few hundred dollars to thousands or even hundreds of thousands of dollars.
Cybercriminals have also shifted to more sophisticated techniques to cover their tracks, particularly how they are paid. Just a few years ago ransomware attackers relied on Western Union, wire transfers or other forms of payment using regular currency, making it easier for the FBI to hunt them down.
Now almost all ransomware attackers demand payments in some type of cryptocurrency such as Bitcoin, making it more difficult to identify who the actual person behind the keyboard is.
3) How do cyber criminals obtain hostages?
Ransomware is just another kind of malware that could affect any kind of organization. Attackers try to obtain legitimate credentials such as a user’s password or log-on information to gain access to a network.
One common way to carry out an attack is through phishing email. These sorts of attacks happen when someone receives an email with a malicious link or an attachment.
“When the user clicks on it, [the ransomware] gets downloaded onto their system,” Stapleton said.
4) Who’s responsible for ransomware attacks?
Most of the ransomware attackers are based outside the U.S., Stapleton said, but the physical location really doesn’t matter as long as criminals have internet access.
Stapleton said the FBI is constantly adapting to fight off ransomware attacks. The agency tries to trace ransom payments; to search “darknet” and online forums where criminals communicate about new variants of malware; to cut off internet equipment such as servers used by ransomware attackers; and to identify the malware developers themselves.
“We look for any opportunity we can to bring the criminal to justice through indictment or to disrupt their ability to be successful by targeting their payment structure, their criminal infrastructure or their communication platforms,” Stapleton said.
5) How can ransomware be prevented?
Stapleton said organizations should routinely maintain and patch software vulnerabilities to block ransomware entry points. A lot of known vulnerabilities are exploited by attackers.
It’s also important, he said, for individuals and companies to practice “good cyber hygiene.” Use strong passwords and user names and ignore or delete suspicious emails, among other things.
Finally, make sure to maintain off-line backups that are kept separate from main networks.