Understanding the rising threat of ransomware attacks

A rude awakening came to thousands of Americans successful aboriginal May. Many motorists who had ne'er seen the effects of a devastating ransomware onslaught recovered themselves scrambling to find a flowing state pump, and waiting successful monolithic lines erstwhile they did.

This came aft a suspected Russian-linked transgression radical breached the machine web of the East Coast's largest lipid supplier, Colonial Pipeline, shutting down its operations and threatening to leak stolen sensitive data if a $4.4 cardinal ransom was not paid. Within days, pumps up and down the East Coast were taped disconnected with "Out of Gas" signs.

It took an onslaught of this capacity, affecting lives truthful directly, for the mean idiosyncratic to announcement what tin hap erstwhile information and bundle are held for ransom. The Colonial Pipeline onslaught was 1 of thousands each year, galore of which spell unnoticed contempt the information that millions of dollars are cumulatively spent successful ransoms.

Between 2019 and 2020, ransomware attacks roseate 158% successful North America alone, and the corporate outgo of attacks reported to the FBI went up 200%, from $8.9 cardinal to $29.1 million.

According to Don Brown, elder subordinate dean for probe astatine the University of Virginia's School of Engineering, Quantitative Foundation Distinguished Professor successful Data Science and W.S. Calcott Professor successful the Department of Systems and Information Engineering, transgression acts of this quality are not going distant anytime soon, particularly if companies proceed to wage ransoms.

As the looming menace plagues organizations—from nationalist information agencies and Fortune 500 companies to schools and small businesses—UVA Today asked Brown to explicate the nature, commonality, protections and aboriginal of ransomware attacks.

Q. What are ransomware attacks? What bash they do?

A. Ransomware attacks penetrate information absorption bundle and past encrypt entree to the information utilizing a cardinal known lone to the criminals. The archetypal owners of the information tin past nary longer entree it. Once the information is hijacked, the criminals past request wealth to decrypt entree to the data.

Q. Almost fractional of the East Coast's substance proviso was halted owed to the Colonial Pipeline attack. How are perpetrators capable to bash this?

A. Ransomware attacks participate done a assortment of methods, but the astir communal are done exploitation of elemental passwords (e.g., "password"), done phishing attacks (i.e., posing arsenic a morganatic tract successful bid to get a password oregon log-in credentials), and done bundle (e.g., M.S. Windows) with known bugs that has not been updated.

Q. What different monolithic attacks has the United States seen?

A. The U.S. has seen a batch of attacks. There is the well-known onslaught connected the Democratic National Committee successful 2016, though that was a information breach, not ransomware. The aforesaid groups (they look to beryllium Russian) that attacked the Colonial Pipeline look to person attacked galore businesses worldwide implicit the past period done the exploitation of a information bug successful the Kaseya software. Also, China is wide suspected of breaching the United States Office of Personnel Management successful 2014 to get arsenic galore arsenic 32 cardinal records of authorities unit and their families with information clearances.

Unfortunately, determination are much than these.

Q. How often bash smaller ransomware attacks spell unnoticed by the public? Where bash these instrumentality place?

A. Since not everyone reports attacks, we don't cognize the afloat scope. But caller attacks exploiting the Kaseya bug person apt affected thousands of businesses worldwide. These attacks are against proviso concatenation companies, but they person besides targeted manufacturers, hospitals and wellness attraction providers, and adjacent schools, since they cognize these organizations often person anemic information and are critically babelike connected their data.

Q. What are governments, organizations and companies doing to support themselves? What are they not doing, oregon what should they beryllium doing?

A. The Biden medication is presently successful discussions with [Russian person Vladimir] Putin, arsenic you tin spot successful the news.

The U.S. needs to determine connected an wide argumentation regarding cyberattacks. Are these nation-state attacks? For instance, the onslaught connected the Colonial Pipeline by criminals successful Russia was not needfully by the Russian government, but Russia has done thing to halt these attacks connected different countries, peculiarly Western countries. Also, the U.S. has condoned outgo for exploits successful commonly utilized bundle specified arsenic Windows and IOS. This creates a worldwide marketplace for imaginable exploitation.

Q. Why should individuals beryllium acrophobic astir ransomware attacks? Can individuals bash thing to support themselves?

A. Clearly these attacks impact each of us, arsenic we saw with lines astatine state stations pursuing the Colonial Pipeline attack. Attacks connected hospitals and schools whitethorn beryllium section and not arsenic disposable oregon highly publicized, but could besides person terrible and rippling consequences.

The main happening individuals tin bash is to usage beardown passwords, beryllium precise cautious astir opening email attachments oregon responding to emails that privation idiosyncratic accusation and support bundle up to date.

Q. What does the aboriginal of ransomware attacks look like?

A. Unless governments hold to cooperate and spell aft the criminals, we're astir apt lone going to spot much ransomware attacks. Sadly, it could get overmuch worse earlier it gets better.

---

---