The following are some details on ransomware and the issues around it:
What is ransomware?
- Ransom software works by encrypting victims' data; typically hackers will offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars. If the victim resists, hackers are increasingly threatening to leak confidential data in a bid to pile on the pressure.
The ransomware group DarkSide, suspected by U.S. authorities of the Colonial Pipeline (COLPI.UL) attack last month read more , said it wanted to make money. Colonial Pipeline's CEO said his company paid a $4.4 million ransom as executives were unsure how badly its systems were breached or how long it would take to restore the pipeline.
How widespread is it?
- Ransomware gangs collected almost $350 million last year, up threefold from 2019, according to members of a public-private group called the Ransomware Task Force. While the magnitude of the DarkSide breach was significant, other kinds of attacks have arguably been more destructive. In 2017 the so-called WannaCry cyber attack crippled hospitals, banks and other companies across the globe. The U.S. government said the attack cost billions and blamed North Korea. NotPetya malware, which struck Ukraine the same year but also did damage worldwide, similarly racked up billions in costs.
Who is behind the attacks?
- A number of gangs, many of them Russian speakers, develop the software that encrypts files, demanding payment in cryptocurrency for keys that allow the owners to decipher and use them again. An increasing number of the gangs and affiliates who break in to the targets now demand additional money not to publish sensitive documents on the internet.
The surge in payments extracted and the strategic nature of the targets has raised new questions about the failure of officials in Russia and other countries to crack down on the gangs.
What is being done to stop it?
- In April the U.S. Department of Justice established a government group on ransomware. Central bank regulators and financial crime investigators worldwide are also debating if and how cryptocurrencies, which are used to pay the ransoms, should be regulated.
What was the last major attack on U.S. infrastructure?
- Last month Colonial Pipeline week fell victim to a cyber attack that shut its entire network. The ransomware attack was one of the most disruptive digital ransom schemes reported and the resulting shutdown disrupted fuel supply across the eastern United States.
Before that, in October 2020 Eastern European criminals targeted dozens of U.S. hospitals with ransomware, including in Oregon, California and New York. The FBI and Homeland Security officials subsequently led a conference for hospital administrators and cyber security experts.
What can be done to stop ransomware?
- Criminals using ransomware to extort money do not always use the most sophisticated methods. Biden administration official Anne Neuberger said, for example, that the DarkSide ransomware used in the Colonial attack was a "known variant" and said some breaches can be thwarted by making sure computer networks have installed up-to-date patches.
Our Standards: The Thomson Reuters Trust Principles.