Feb 20, 2020 - Technology

The rise and rise of ransomware

Illustration: Aïda Amer/Axios

Ransomware attacks are becoming smarter, more common, and more dangerous.

What's happening: In ransomware incidents, attackers take systems down and demand payment (usually in bitcoin) to restore access to them.

  • Compared with the political impact of election hacking or the privacy violations of data breaches, ransomware has typically been viewed as the cyber equivalent of hit-and-run robbery.
  • But aggressive new tactics, including threats of massive file dumps, are blurring the lines between ransomware and other attacks, making them a national security issue as well as a business problem.

Driving the news: In the latest indication that ransomware is moving beyond its best-known targets — state and local governments and healthcare systems — a Department of Homeland Security advisory on Tuesday reported a ransomware attack that forced a natural gas compression facility to shut down two days.

  • Analysts at Dragos identified the incident as one reported in December by the Coast Guard.
  • Last month, researchers at Emsisoft warned that ransomware attacks could disrupt the 2020 U.S. elections. "[T]hreat actors could use ransomware to tamper with the 2020 election process by attacking county-level entities and lower-level election officials," according to the Emsisoft report. Attacks could "potentially disrupt local voting infrastructure, stifle access to information, leak voter data and ultimately undermine public trust."
  • The Palm Beach County, Florida, election supervisor told the Palm Beach Post last week that the county had suffered a ransomware attack in September 2016. The county's previous election supervisor, who was in office then, denied the report.

The big picture: A raft of recent ransomware research paints an alarming picture of a threat that's still evolving.

  • The threat analysis firm Recorded Future reports a 20% increase in ransomware incidents affecting state and local governments and healthcare institutions year-to-date for 2020 compared with the same period in 2019.
  • Recorded Future and other analysts note that many ransomware attackers now also seize mountains of data from target networks before shutting them down, then use the threat of publicizing the private documents to demand payment.
  • In another trend, a whole industry of "ransomware as a service" providers is emerging to handle the technical work for would-be ransom takers.
  • IBM reports "high levels of code innovation" in the ransomware realm, and finds that the most common vulnerability exploited by ransomware is a flaw in a part of the Windows operating system called SMB, or "server message block."

Yes, but: The full scope of ransomware activity is tough to gauge because private industry is under no obligation to report incidents — and many affected companies are unlikely to admit they've been had.

  • According to the FBI's Internet Crime report for 2019, the IC3 received 2,047 complaints identified as ransomware last year, with adjusted losses of over $8.9 million.
  • That's compared to a total of 467,361 complaints of all kinds in 2019 — an average of nearly 1,300 every day — with more than $3.5 billion in losses to individual and business victims.

Go deeper

Local governments' ransomware problem drags on

Illustration: Aïda Amer/Axios

At least 21 state and municipal government agencies in the United States this year were locked out of their own records and computer systems until they paid up, according to data disclosed to Axios by security company Emsisoft.

Why it matters: Ransomware attacks are among the most dangerous cybersecurity risks facing businesses and governments, Brett Callow, a threat analyst with Emsisoft, said. The threats cost the U.S. roughly $7.5 billion last year, the company estimates.

DHS official claims 2020 will be "most secure" election in U.S. history

Christopher Krebs, Homeland Security CISA director. Photo: Cheriss May

The 202o election will be "the most secure, most protected election in the history of the United States of America," Christopher Krebs, the director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, said at an Axios event on Tuesday.

Why it matters: State and local officials, even before the start of party primaries, have voiced concerns that outside interference could disrupt elections in 2020. The recent outbreak of coronavirus has also impacted some state primaries.

Federal report warns U.S. is unready for a cyberattack

Rep. Mike Gallagher and Sen. Angus King. Photo: Cheriss May

The U.S. should take a slew of steps today to prevent a major cyberattack that could wreak wide-scale devastation on the U.S., a year-long study mandated by Congress reported Wednesday.

Why it matters: "A major cyberattack on the nation's critical infrastructure and economic system would create chaos and lasting damage exceeding that wreaked by fires in California, floods in the Midwest, and hurricanes in the Southeast," the report predicts.