Government raises alarm on ransomware threat as intensifying cyberattacks expose vulnerabilities
The Biden administration is ramping up efforts to combat ransomware, as hackers find new ways to exploit the vulnerabilities of corporations and governments for big payoffs by threatening to disrupt critical infrastructure.
The head of the FBI even likened the scale and stakes of the threat to those that emerged after the Sept. 11 terrorist attacks, emphasizing the necessity for coordinated action to combat it.
The agency is investigating about 100 types of ransomware, including many that trace back to Russian actors, FBI Director Christopher A. Wray told the Wall Street Journal in an interview published Friday, and each of those software variants — which can debilitate companies or key component's of the nation's supply chain — have targeted multiple victims throughout the U.S.
"There are a lot of parallels, there's a lot of importance, and a lot of focus by us on disruption and prevention," Wray said. "There's a shared responsibility, not just across government agencies but across the private sector and even the average American."
Headline-grabbing cyberattacks have shifted from massive data breaches meant to embarrass and expose private information, to a coordinated extortion business. Last month, a ransomware attack on Colonial Pipeline disrupted the East Coast's fuel infrastructure and triggered panic buying and shortages. This week, the world's largest meat processor was forced to suspend operations in the U.S., Australia and Canada after it was hacked, sparking worries of beef and pork shortages and escalating prices.
The attacks have kicked the government's cybersecurity efforts into overdrive.
A task force of dozens of experts from industry, government and academia called on the government and private industry to take aggressive action to combat ransomware in a wide-ranging April report, and leaders are encouraged by the early signs of actions this month.
"This is exactly the signal that needs to be sent to the ransomware criminals," said Philip Reiner, executive director of the Ransomware Task Force and CEO of the Institute for Security and Technology. "The status quo is over. We're not going to approach this in the same way anymore."
On Thursday, a top White House cybersecurity official called on businesses to adapt quickly and implement security measures to defend against ransomware attacks, mirroring efforts by the federal government to secure its own systems.
President Joe Biden has already launched a "rapid strategic review" to address the dangers of ransomware, including the creation of a global coalition to hold countries who harbor ransomware criminals accountable. The initiative builds on an executive order Biden signed last month to protect the federal government against cyberattacks — an effort that the administration would like to see extend to the private sector.
Still, Reiner and other experts note — this is just a beginning. In order to put a stop to large-scale ransomware attacks, private companies must invest in significant cybersecurity technology, governments must set standards and criminal groups must be investigated.
Ransomware attacks have become a lucrative enterprise for bad actors, who find ways into companies' networks through phishing or by exploiting outdated technology. Once inside, they take control of key parts of an organization's systems and demand a ransom to unlock them.
Such attack are extracting increasingly larger sums from individual companies. The average ransomware payment more than doubled in 2020 to $312,000, compared with 2019, according to the cybersecurity company Palo Alto Networks.
Hackers are also becoming more brazen with their biggest targets, the company said. This year, hackers attempted to extort victims for $50 million, up from the previous record of $30 million in 2020, and $15 million in 2019.
Wray said that ransomware incidents have tripled in the past year, based on incoming complaints to the FBI and reports from businesses.
REvil, the hacking group that the FBI said attacked JBS, engages in "big game hunting," said Assaf Dahan, Head of Nocturnus Threat Research at Cybereason. The hackers seek out large corporations to pull down higher fees, believing that bigger organizations have the resources to pay up and the financial and social incentives to restore their operations as soon as possible.
Hackers walked away with $4.4 million in the Colonial ransomware attack, according to chief executive Joseph Blount. Though acknowledging the payment was "highly controversial" because it might incentivize bad actors to pursue more attacks, Blount said it was "the right thing to do for the country," given the critical importance of his company's infrastructure.
Federal officials have linked the extortion scheme to a Russia-based group called DarkSide that researchers say has extracted $46 million in ransom payments so far this year.
The success of past attacks also plays a role, Dahan said, since potential victims are aware that the hackers aren't bluffing.
Experts say the recent waves of high-profile ransomware attacks highlight the massive vulnerabilities to the nation's critical infrastructure beyond the most obvious targets, like the power grid, and that securing physical structures, such as airports and warehouses, is only part of the equation.
"Most of these attacks can be prevented," Dahan said, so long as companies and organizations are proactively working to protect their networks.