CYBERATTACKS used to be considered an arcane realm of national security and geopolitical competition, but not anymore. Given the proliferation of hacker groups using ransomware, cyberattacks are now a genuine global commercial enterprise for a new wave of organized crime.
In contrast to cyberespionage, where a foreign agent remotely collects sensitive information from a rival government, company or research centre over a period of time, ransomware attacks are abrupt, profit-driven and apolitical. Hackers code their way into a person’s device or an organization’s computer network through digital loopholes and install malware that scrambles and encrypts internal file systems, taking the data hostage.
The owner must pay a ransom — typically $100,000 or more in untraceable cryptocurrency such as bitcoin — otherwise their files will be deleted, sold on the dark web or posted online as a form of public humiliation.
According to researchers, ransomware attacks netted hacker groups US$350 million in 2020. In the U.S. alone some 2,400 government entities, health-care facilities and schools were victimized. Hijacking the computer networks of companies managing critical pieces of infrastructure can also generate other destabilizing effects.
A May 7 ransomware attack on Colonial Pipeline — America’s largest fuel artery, carrying 45 per cent of the east coast’s oil and gas supply — forced a company shutdown that plunged Florida, Georgia, North Carolina and Virginia each into a state of emergency due to fuel shortages. At one point more than 12 per cent of gas stations in North Carolina ran empty as panic-buying led to hours-long queues for several days across the region.
A Russia-based group called DarkSide claimed responsibility and was paid US$4.4 million by Colonial Pipeline for the company to regain control over its operations.
And while the episode affected millions of unsuspecting people, experts have warned for years that cyberattacks of this magnitude were inevitable, especially after the infamous “WannaCry” ransomware attacks.
Over three days in May 2017, hackers thought to be from North Korea, using WannaCry malware, infected hundreds of thousands of computers across 150 countries by emulating methods allegedly devised by the U.S. government’s National Security Agency — the same entity exposed by whistleblower Edward Snowden in 2013 to be unilaterally conducting illegal open-ended worldwide mass surveillance.
WannaCry hit organizations ranging from the U.K.’s National Health Service and blue-chip corporations, such as FedEx and Honda, to Portugal and Spain’s largest telecoms companies, a multinational Asian cinema chain, Chinese oil and gas companies and universities worldwide.
Since then, a whole shadowy ransomware industry has emerged. Cybercriminal gangs in Russia and allegedly other former Soviet republics are now advertising ransomware services for hire. Along with conducting their own ransomware attacks, these groups are contracting themselves out to third parties seeking to financially cripple or embarrass their competitors, or steal their information.
In May alone, besides the Colonial Pipeline attack, various groups targeted the Washington, D.C., police department, Ireland’s health service, the European branch of Japanese conglomerate Toshiba, and Brazilian-owned JBS, the world’s largest meat-processing company, disrupting operating facilities in North America and Australia.
The Communications Security Establishment (CSE), Canada’s cybersecurity agency, predicts ransomware attacks will only increase as cybercriminals improve at infiltrating corporate IT systems and computer networks that control industrial equipment and critical infrastructure.
According to CSE, many Canadian ransomware victims — among them the College of Nurses of Ontario, Canadian Tire, municipal governments in B.C., and even a Toronto-area dentist — acquiesce to ransom demands out of fear of losing business and having to rebuild their file systems, though many experts argue paying ransoms only invites more attacks by emboldening hacker groups.
Private companies can be reluctant to even disclose data breaches in the first place, worried over how such revelations might damage their reputation with clients.
Unfortunately, ransomware attacks against individuals too will escalate with the advent of 5G networks, which will help grow the burgeoning Internet of Things. Here, users’ personal data is harvested and shared, not just across mobile phones and computers, but integrated smart networks of appliances, home security systems, personal fitness device, and eventually self-driving vehicles and beyond.
The good news is that digital security advisers say organizations and individuals can protect themselves a lot by simply following the basics of digital safety: installing updates to operating systems and antivirus software, creating offline back-ups of key files, changing passwords often, and avoiding dubious links and email attachments.
Because as with nearly all things technology-related, the limited reach of law enforcement and plodding pace of reactive government policy are plainly incapable of keeping up with online threats that are constantly evolving — including ransomware.
Kyle Hiebert is a Winnipeg-based researcher and analyst, and former deputy editor of the Africa Conflict Monitor