Only a few years ago, no one had ever heard of “ransomware.” Unfortunately, these days the word is mentioned all too often.
Ransomware is a type of malware attack that prevents or limits users from accessing information in their computers. In the case of companies, it blocks crucial information; in the case of individuals, it threatens to publicize highly personal or sensitive information. In both of these situations, hackers keep control of the computer until a ransom is paid.
Paying Through The Nose
If these seem like minor or isolated problems, they are not. The FBI’s Internet Crime Complaint Center noted that from January to July 31 of this year, there was a 62% increase in ransomware attacks.
Following is an even more amazing statistic. Approximately 37% of global organizations said they were the victim of some form of ransomware attack in 2021, according to IDC’s “2021 Ransomware Study.” And even though 32% of those firms paid the ransom that was demanded, only 65% of them recovered their data. Of course, all of these are multi-billion-dollar companies that had what they believed were tamper-proof security measures in place.
But some believe that the problem is even worse. They think that certain countries sponsor or at least condone major ransomware attacks overseas, such as the one that shut down all the rail traffic in Iran.
Whether that’s true or not, these crimes certainly have become a growing problem in countries around the world, including the US, and all kinds of companies and infrastructure have been targeted. Even so-called “soft” targets -- those that are related to health, education, and that provide social services -- often are victims. Many others are clearly part of infrastructure, such as a major gas pipeline in the eastern US, meat processing facilities, and water treatment plants.
According to the US Treasury, victims of ransomware paid $590 million in the first half of 2021 to regain control of their computers, but some estimates place this number even higher. Whatever the actual number is, obviously it is humongous and it measures only the crimes committed in the US.
Many large companies and organizations have been victims. Among them: The Washington DC Police Dept., CNA Financial Group (one of the largest insurance companies in the US), KIA Motors, and ACER Computers. Add to this list the Brazilian National Treasury, Ecuador’s Ministry of Finance, and Ireland’s Dept. of Health; each one of these were locked out of their own computers, with the data held for ransom.
Brenntag, a major chemical distribution company headquartered in Germany, experienced a ransomware attack so extensive that it affected customers in Europe and in North America, and the company suffered the loss of 150 gigabytes of sensitive data.
Back in the States, the University of Miami and the University of Colorado became victims. Moreover, at least eight cities across the US, including Atlanta, Pensacola, and Baltimore, suffered very painful cyber-attacks. In June, JBS Foods, the world’s largest meatpacking organization, was forced to shut down production at several of its plants.
Experts note that these crimes are becoming not only more common but also more brazen -- and they expect this trend to escalate because making ransom attacks is very lucrative and most of the perpetrators have never been caught, let alone punished.
Heimdal Security estimates that every day over 200,000 new ransomware strains are detected; in other words, every minute brings as many as 140 new ransomware strains, each potentially capable of evading detection and causing extensive damage. “Ransomware operators never stop,” says Heimdal, “even after the victim pays the demanded ransom.”
Try To Catch Me
According to City Prepping, hackers demand that ransom payments be made in cryptocurrencies, which takes a matter of seconds and are all but impossible to trace.
When attacks are made by sophisticated gangs of hackers, that’s scary enough. But if there is any truth to reports that some have been made directly or at least indirectly by governments, they are even more alarming, as they can easily be used in a hot and even in a cold war, and used to threaten or destabilize entire countries by sabotaging vital infrastructure.
For example, hackers could threaten or even block food, water, and power supplies. If sophisticated enough, they may even be able to take control of defense systems, knocking them out or causing them to go haywire. Even if regular people are not directly impacted by these activities they are affected indirectly because the costs of developing security systems, making ransom payments, and repairing damage caused by these kinds of attacks are ultimately passed along to consumers. Also, they can easily disrupt manufacturing and shipping, further exacerbating supply shortages and adding to already rising prices.
Cyber-attacks can and do come unexpectedly and out of nowhere. On December 8, Amazon’s cloud computing network suffered a major outage that, according to major news outlets, “severely disrupted services” at a wide range of US companies, particularly along the east coast. The incident impacted a wide range of services and many Amazon clients, including airline reservations, auto dealers, payment apps and even the Associated Press, whose ability to publish news was sharply limited.
Hours after the outage, Amazon still limited comment to brief technical remarks, and provided no details about what happened. All the company said was that it was “working to resolve the issue as quickly as possible.”
That same day, Social Security announced that its website crashed following a cyber-attack. SS added that its cyber and computer experts were working on resolving the problem.
According to City Prepping, as massive and widespread as ransomware attacks have become, “they are just the early shots of a much larger war,” and these attacks will become more sophisticated and coordinated. “Expect that these attacks will combine to inflict even more sophisticated damage and demand even more ransom,” it says.
The bottom line is that people have at best limited control over their fate. We certainly can’t protect some of the largest companies and organizations from cyber-attacks. But in our own very small way we can try to safeguard the data we have on our PCs. We cannot do more. But to do less is inexcusably careless.
Sources: cityprepping.com; heimdalsecurity.com; israelnationalnews.com; techtarget.com; trendmacro.com; YouTube: 10 things you must prepare for in 2022