Ransomware

Ransomware attacks have gotten worse over time. Instead of mainly going after individuals, as attackers did in prior years, they now tend to go after organizations.  The Covid pandemic is one likely reason for the recent increase due to more people working remotely. Businesses, state and local governments, police and fire departments, hospitals, critical infrastructure groups, and so on are now the main targets rather than individuals.  One reason: like Willie Sutton said about why he robbed banks, because that’s where the money is.  

According to a 2020 FBI report, ransomware's total victim losses jumped from $8.9 million in 2019 to $29.1 million in 2020 (a 225% increase), while victim numbers increased from 2,047 to 2,474, respectively.

Typically, ransomware is malicious software installed on a computer or network by an organized crime group that is exploiting an organization’s security weakness.  The attacker installs the malware through email phishing or another security vulnerability. The malware secretly encrypts the organization’s sensitive data making it unreadable.  Then the cybercriminal asks the organization for a ransom to unencrypt the data and go away but threatens to leak the data, sell it, or delete it if the ransom is not paid promptly.

In April 2021, REvil hackers targeted a company in Taiwan that assembles Apple gadgets.   In May 2021, the Colonial Pipeline that runs from Texas to New Jersey was a victim of a ransomware attack creating a gasoline supply shortage in 11 states.  A ransom of $4.4 million [1]  was paid to DarkSide who claimed the attack. Ransom is usually paid electronically with a cryptocurrency such as Bitcoin.

Another example of ransomware attacks is on CNA Financial Corp., one of the largest insurance companies in the US.  CNA paid the attacker $40 million in ransom, the largest known payment (companies are reluctant to publicly disclose ransomware attacks on their systems for reputational reasons).

Additionally, local governments such as the cities of Key Biscayne, Stuart, and Riviera Beach in Florida have been targets of ransomware attacks. The first two cities did not pay a ransom but Riviera Beach paid $600,000 in Bitcoin.

Not even schools have been spared. Multiple school districts in the US have been attacked by cybercriminals. In Broward County, Florida, the local public school district was attacked in April 2021 but paid no ransom.[2]

The FBI has the following recommendations to defend against ransomware attacks:

• Train employees and individuals on how ransomware works and how it is delivered.       
• Make sure that anti-virus and anti-malware software are updated constantly and automatically installed.
• Assign computer privileges to only those who should have them.
• Back up data regularly and verify data has not been infected with a virus or malware.  Backups are critical in case of an attack with data encryption.
• Create a plan of action before an attack, not after.

If you are a victim of ransomware:

• Contact your local FBI  field office, https://www.fbi.gov/contact-us/field-offices
• File a report with the FBI, https://www.ic3.gov/

 
[1] Colonial Pipeline boss confirms $4.4m ransom payment. BBC News. https://www.bbc.com/news/business-57178503
[2] Spencer, T and Bajak, F.(2021, April 1).  ABC News. https://abcnews.go.com/US/wireStory/large-florida-school-district-hit-ransomware-attack-76818911