Ransomware dates back almost a decade, when Eastern European cybercriminals infected individual computer users in Europe with malware that encrypted their data until they paid 200 to 300 euros.
But over the past decade, cybercriminals have moved on to big targets in the United States: major corporations like Honeywell, which was the victim of a ransomware attack and data leak this month; cities like Baltimore and New Orleans; and police departments, schools and hospitals, each with increasingly urgent reasons for needing to recover data and digital access amid the coronavirus pandemic.
The pandemic coincided with the worst year on record for ransomware attacks last year, with ransom demands to victims averaging over $100,000 and in some cases totaling tens of millions of dollars, according to the Justice Department.
Last week, the Biden administration tapped John Carlin, the acting deputy attorney general, to lead a ransomware task force of F.B.I. agents and prosecutors from the Justice Department’s criminal and national security divisions, among others.
“Ransomware can have devastating human and financial consequences,” Mr. Carlin wrote in a staff memo dated last Tuesday. “When criminals target critical infrastructure such as hospitals, utilities and municipal networks, their activity jeopardizes the safety and health of Americans.”
Some 27 ransomware groups are now stealing and leaking data, according to Brett Callow, a threat analyst at Emsisoft, a security company.
“The attackers are utilizing stolen data in more extreme ways,” Mr. Callow said. “In this case, they’re threatening to release informant data to gangs. In others, they have contacted customers directly asking them to pressure victims into paying, to stop their personal data from being released.”