The growing threat of ransomware attacks
Rebecca Zisser / Axios
Get used to the kind of ransomware attack that crippled critical infrastructure and shut down major corporations yesterday. It was an escalation of the kind of cyber attack that's becoming a regular occurrence worldwide with a reach that's threatening key elements of national security.
Why it matters: These kinds of attacks are affecting more people as they spill out of the cyber realm and impact hospitals, power grids, and multi-national corporations. At the same time, consumer anxiety about security is at an all-time high, according to the recent Unisys Security Index, and EY's Global Capital Confidence Barometer, which shows cybersecurity concerns are delaying business deals. The physical and digital worlds are converging, and consumers are more vulnerable to threats as our lives become more connected than ever.
Ukraine's prime minister, Volodymyr Groysman, called yesterday's cyberattack — which targeted government workstations, power companies, banks, state-run TV stations, airports and ATMs — "unprecedented" in scope. The so-called Petya attack reboots victims' computers, encrypts their hard drive's master file (instead of individual files) and renders their entire hard drive inoperable. The ransom requested for access to an infected computer is $300 in bitcoin, and "doesn't seem consistent with state-sponsored attackers," Bret Padres, a former intel official and CEO of The Crypsis Group, tells Axios, although he would not rule out a state-sponsored attack.
An escalation: Monzy Merza, Director of Cyber research for Splunk, told us the attack is "a change in behavior" by hackers. It comes just over a month after the massive WannaCry ransomware attack, conducted by a North Korean hacking group, spread to 300,000 breaches across 150 countries. "As far as we can tell this is an escalation or at least a similar attack as the WannaCry ransomware," Padres said. Plus, if Ukraine is really a "testing ground" as Merza suggests, this ransomware attack shows the perpetrators are trying to perfect their techniques before carrying out another, potentially larger one.
Implications for the U.S. Padres says that "Eastern European systems are more likely to be running unpatched and could be more vulnerable to this type of attack," but the "bulk of the U.S. capability in cyber security is in it's offensive operations. We are in a very vulnerable place when it comes to defenses." A State Department official said, "We are actively monitoring the situation."
The attacks and its results are becoming more targeted. While it may seem that attacks are happening more frequently, what's actually happening is that hackers are choosing to publicly showcase the ramifications of the attack:
- During WannaCry, consequences, such as preventing hospital systems from working, showed how a virus can bring vital technology systems to a screeching halt.
- During Petya, attackers aimed to show their ability to destroy the systems that just about everyone relies on, from power grids to banks to a country's oil supply.
- "There's something to be said that if you target critical infrastructure and the like, putting safety at risk, you are a little closer to the 'payday' you are after – especially if the time to recover through in-house processes is longer than is acceptable," said David Kennerley, director of threat research at Webroot.
- For example, the attack had direct ramifications for Ukraine's nuclear power management:
Be smart: Herberger says that no matter the size of your business, you can become a victim in today's cyber-landscape. So "patch your systems, properly back up your network, educate your employees on potential threats, and should you fall victim to an attack, don't pay the ransom."