Cyber attacks have been on the rise across the board between 2020 and 2021. In fact this year, there has been a 102% rise in ransomware attacks carried out by hacker. This past week we have seen, and many of us have felt, two major ransomware attacks and their fallout. What was once something that was regulated only to businesses and smaller institutions have become big business to hackers, with companies paying out millions of dollars to get there networks back in order and mitigate damages.
WHAT IS RANSOMWARE
Ransomware is software that is designed to shut down a company or institutions network, till a monetary demand is paid. Think of it like digital kidnapping. Hackers use different methods to implant malicious software and access a system. From there they will encrypt the data it contains and lock out authorized users, until the demanded ransom is paid. Oftentimes these are sold as a service from one hacker to another, and usually target businesses or data reliant institutions such as schools and hospitals.
While at times, in the case of WannaCry, an early ransomware program, these issues can be handled without paying the ransoms, there can be consequences. In one case, a hospital dealing with a ransomware attack had to reroute an ambulance with a critical patient over 20 miles away, causing the patient to die in transit. At times, these hackers will threaten to
delete the data. Other times, they will threaten to leak the data to both the clear and dark webs, putting personal and proprietary information in jeopardy.
These attacks are proving to be more costly as time passes, as the ransoms paid have increased 171% averaging over $300,000 per payment. The two most recent cases of ransomware are also two of the most concerning examples, as they targeted both infrastructure and security. These attacks have caused massive panic in some cases, and in others, have put lives in jeopardy of those sworn to serve and protect the populace.
THE DC POLICE RANSOMWARE ATTACK
Early this week it was revealed that the Washington DC Metro Police department was hit with a ransomware attack that originated in Russia. The attack occurred late last month, and the threat was simple. The hackers demanded 4 million dollars in ransom to unencrypt the files they had. They were clear, if they were not paid, they would begin to release sensitive data on officers, including background checks, full names and information of officers in the field including undercovers, psych evaluations and improprieties that
had been brushed under the rug.
The attack was carried out by a group calling themselves Babuk. While they are relative newcomers to the ransomware world, this isn’t their first rodeo. Babuk made headlines last year by launching a ransomware attack on the Houston Rockets. Ironically, the Houston Rockets, a professional basketball team, had security protocols that were able to minimize their damages. The Washington DC Police, were far less equipped. Last week the department offered their counter offer, $100,000 dollars in exchange for getting their data back. Babuk was not having any of that however. In response, they leaked troves of information into the world. They released documents pertaining to hiring, including candidate
interviews and reviews, information that the police had on street gangs and other criminal organizations, and daily intelligence briefings that were meant for the police commissioners eyes only. On top of that, dozens of officers medical records, addresses, and financial records have been released as well.
While the ransom has not yet been paid, Babuk has gone a different, far more frightening route. They have decided to release their ransomware code to the dark web, so any hacker can use it. Analysts have conflicting opinions on this. Some are stating the reasoning for this is that the code is faulty, it deletes files whether the party demanding the ransom wanted them deleted or not. Others have stated that this “retirement” is due to the the fact they hit a high-profile target and become headline news, leaving themselves open to retaliation from law enforcement.
THE COLONIAL PIPELINE ATTACK
If you are reading this, I imagine you are familiar with the Colonial Pipeline attack. The internet has been flooded with memes and images of people filling up bags with gasoline. Long lines, shortages and panic buying have been seen up and down the East Coast. The White House, and President Biden have had to publicly address this multiple times last week. What happened though? Last week, hackers encrypted over 100 GB of internal data in order to hold the operators of the Colonial Pipeline hostage. The pipeline, which carries gas to much of the southeastern US, had to shut it’s systems down in order to stop the ransomware from spreading.
The ransomware was designed by a group called Darkside and sold to a secondary operator. This operator had a two fold plan of attack, hold the information hostage, and threaten to release the data, similar to how the DC police attack occurred. The fallout from this was nearly instantaneous. It caused the biggest gas shortage of the twenty first century, causing panic amongst customers, and legitimate shortages across the southeastern US. The panic however, spread across the east coast. In fact, this writer personally witnessed
three gas stations in PA that were without gas, not because of the pipeline, but because of panic buying.
Darkside, the group who created the malicious software, specialize in what is known as Ransomware as a Service. They are not the ones who carry out the attacks. They create the software, and also run a help desk to aid in negotiations and victims getting their information back. Even they were not expecting the fallout from this. In fact they released a statement that in effect served as an apology claiming they never intended for their product to be used to shut down infrastructure and would, in the future, better vette potential customers and add parameters to what the software could be used for.
While initially the administrators of Colonial denied paying the ransom, it was later revealed that they paid over $5 million dollars in Bitcoin to the hackers in order to shut down the attack and save their data. As of this writing, operations have restarted at the Colonial Pipeline, adverting a long term shortage. Ransomware is a problem that is not going away. However, these attacks have illustrated how we need to be prepared, both as citizens and as a nation to protect ourselves from the damaging attacks, and hackers who wish us harm for their own personal gain. In the wake of these attacks, the White House has announced the Industrial Control Systems Cyber Security Initiative.
It is now understood that these vulnerabilities must be recognized and protected to ensure that this pipeline attack is not the tip of the iceberg. These attacks are widespread and could potentially ruin their victims. It doesn’t matter if you are a local municipality, government agency, small business or major corporation, security should be your top concern. If you are interested in protecting yourself from these attacks, make sure to stay on top of your patches, and be sure to reach out to a security minded MSP, like Delval Technology Solutions