Ransomware used to be mainly on the radar of people who worked in IT security. That is no longer the case. Even John Oliver knows about it now, and is talking about it, leading to his viral video. It’s easy to see why, as these attacks are now arguably the single-biggest threat prowling the Internet today. A ransomware attack allows malicious parties to obtain or lock valuable data, forcing the data owners to pay a ransom to retrieve their information or to prevent its release to the public. In case you haven't seen the video - here it is, it's hilarious:
This past year saw the risks of ransomware expand beyond compromised data and into business operations and social behaviors. While the Colonial Pipeline attack, which Oliver referenced, did not impact the pipeline system’s ability to supply gasoline, panic buying by consumers led to gas shortages throughout the Southeast. Further, Kaseya, an IT software provider for businesses, was compromised by ransomware and unintentionally infected many of its clients.
The cities of Baltimore and New Orleans and various police departments were targeted as well, with 85% of these victims lacking IT security staff. Perhaps the most disturbing trend has been the attack on healthcare facilities, with 560 institutions hit by ransomware in 2020. There is a fast payout for attackers when targeting a hospital, adding to the risk of operation. One attack was so severe for a Vermont hospital that it had to turn cancer patients away from scheduled treatments.
Ransomware’s growing prominence in the media and, hence, to the general public, is due in large measure to the simplicity of launching an attack and the resulting financial rewards. Ransoms paid in 2021 quadrupled to over $350 million.
Attacks on businesses rarely make the news, as organizations scramble to prevent PR nightmares. And while the revenues generated by ransomware attacks continue to increase, the tools for carrying them out have become more accessible.
There are three factors that help attackers reap financial benefits:
The U.S. government has been slow in developing a response strategy to ransomware attacks. That said, the U.S. Department of Justice has formed a task force for discouraging such attacks, and $1 billion has been allocated to help local governments improve security. This provides a fair middle ground of relief, but more action is needed to stay ahead of the curve.
There are a few actions you can take that will go a long way toward keeping you and your organization from becoming a statistic:
As our reliance on being interconnected increases, including an expansion of the IoT into home systems and appliances, so does potential areas of harm caused by a ransomware attack. Building and maintaining awareness is key in the fight against the proliferation of ransomware.
John Oliver has made us more aware of the problem, and it's up to us to provide solutions.