Recent Ransomware Attacks and Our Current State of Security

Author: Guerino Tondreau

Date: June 14, 2021

  • Abstract

We have recently seen a change in how companies are attacked by cybercriminals and their organizations. Banks and other information rich businesses were at one point the main victims of hackers ransomware attacks. Now we have seen a shift to hospitals and other service based industries being attacked. With this shift in targets the FBI has requested that businesses stop paying the ransoms that are being requested in return for control of their systems. They say this in hopes that it discourages the hackers, because there would no longer be a monetary rewards for these attacks. Private businesses will do what is best for them however, and are not required to follow the advise of the FBI. With better antimalware systems, securtiy protocols, proper training, and multi-national collaboration, ransomware attacks would soon become much more difficult and less sought after.

  • Recent Ransomware Attacks and Their Impact:

Ransomware attacks are not new incidents. In the month of May alone 13 ransomware attacks against businesses were reported. The one that received the largest national coverage occurred on May 7th, 2021. On that date the Colonial Pipeline was attacked by a suspected hacker group known as Darkside, a gang from Eastern Europe. Colonial Pipeline provides gasoline and fuel to the Southeastern region of the United States. Their attackers used technology known as ransomware to hold the company captive. By doing this they managed to cause fuel prices in the area to skyrocket. The fear that a gas shortage was on the horizon caused mass hysteria. This hysteria brought about the shortage even more rapidly. The criminal organization asked for approximately $4.4 million, to be paid in the cryptocurrency known as Bitcoin, to allow the company to resume normal business practices. CEO, Mark Kennedy, elected to pay his company’s attackers to cut his losses stating, “It was the right thing to do for the country”, (3).

The next attack was committed against JBS foods. They are responsible for approximately 20 percent of the nation’s meat supply and are considered the world’s largest meat seller. The cyberattack took a temporary but otherwise undisclosed amount of time to negotiate and hash out a resolution. JBS fought valiantly against their attackers and seemed to have protocols in place to defend themselves against such issues. They had secondary backups of all their systems and even shut down their primary systems to further slowdown the attacker’s ability to encrypt their database. Unlike the Colonial Pipeline debacle, less has been reported about exactly who attacked JBS. However, it is understood that following serious negotiations the company paid out an $11 million ransom, (2).

Attacks against both JBS and Colonial Pipeline are showing a disturbing trend. It was previously understood that cybercriminals would mainly target and attack companies with large amounts of data to either sell the data themselves or hold them for ransom. However, these attacks that have been perpetrated against the two companies listed above seem to show this is no longer the case. Now businesses that provide an essential service are likely to be targets as well. The Federal Bureau of Investigations has officially advised businesses against paying ransoms to these hackers. Some legislators have even gone as far as considering a ban on allowing private businesses to negotiate and pay for their information, data, and services back, (2). However, they have not done enough to ensure the safety of these companies against these malicious activities.

The introduction of the internet has brought many benefits to the local and global community. It has provided us with an easier existence. Furthermore, it has allowed us to stay connected to each other from all around the world through various forms of social media. There are music streaming platforms that allow us to listen to our favorite artists whenever we desire to do so.  We have also seen the dawn of cryptocurrency. It has created the possibility for a new form of commoditized currency in the world economy. However, it has not been all good. The internet has also brought many new challenges to both local and global communities. It has made it possible for criminals to engage in criminal activities that can have a profound and negative impact on various aspects of our lives.  The use of ransomware is a nefarious example of the disadvantage of the wide scope of abilities of the internet.

  • Examples of Ransomware

Ransomware is defined as malware. This malware is used by hackers to take control of their victims’ resources. The user blocks access to the systems from the victim and subsequently requests a ransom for the victim to receive control over their business again. This in theory can be interpreted as a kidnapping of sensitive information, (4).

Ransomware can be installed through Trojans. Like the Greeks storied in the Iliad, a Trojan is meant to allow the hackers to attack their target from the inside. Once allowed inside, they install their malicious software remotely. So, what are some examples of these different forms of ransomware?  At this point in time, there are two distinct types of ransomware that are most often used. They are known as Locker ransomware and Crypto ransomware.  Locker ransomware simply prevents a user from doing its normal activity. They prevent the user from being able to have full functional use of the mouse, desktop, or keyboard. It typically is not meant to target critical files. The crypto ransomware however is meant to encrypt a user personal data rather than interfere with basic computer functions, (5). Therefore, a hacker would be targeting items such as a user’s pictures or other important documents.

  • How Ransomware Attacks Occur

These are some examples of how different types of ransomwares are used to penetrate various organizations systems. Cryptolocker is the name of a form of ransomware that popped up in the late 2000’s. It encrypts the victims’ data by accessing their email. The targeted victims would click on email attachments which were infected with the malware, thus infecting their computers. Once infected the malware would overcome and corrupt important data and files, locking the user out. Another form of ransomware is known as Bad Rabbit. Cyber criminals who use Bad Rabbit infect their victims’ computers using insecure websites. The user would click on the insecure webpage and get a notification to update their Adobe Flash Player. This would be a fake Adobe Installer and thus once the user clicks on it, they would be installing malware onto their own computers, (5). Two of the most well-known ransomware software are WannaCry and NotPetya. Both use software stolen from the NSA called EternalBlue, (6). EternalBlue allows hackers to autonomously spread their malware from one computer to the next using the cloud network.

Ransomware attacks occur in a methodical fashion. The attackers as stated before must first do something to gain access. This phishing technique is then followed by the cybercriminals doing surveillance on the network. The reconnaissance performed allows them to assess what exactly their target has that is of worth. Following the surveillance, the next step naturally would be for the attackers to steal any of the data that they deem important. By stealing the information, attackers can now use it as leverage. They would now have enough power to request a ransom in exchange for the stolen information, (6).  

  • Effective methods to enhance security

Prevention is the name of the game. If employees are trained to be more vigilant about what emails and links they click on, then companies may be at less risk to suffer from these attacks in the future. Companies must do a better job backing up their systems of operation and data, as well as having more in-depth protocols moving forward against ransomware attacks. The difference in how the attacks between both JBS Foods and Colonial Pipeline speaks volumes. It would also be beneficial if they performed more vulnerability tests to see what areas they could further fortify against ransomware attacks. Also, if countries like the United States and Russia were able to work together to handle these attacks it would likely go a long way to dispel sentiments that ransomware attacks are allowed or encouraged by either government. Private companies and the government can also work together and invest more in cyber security to better secure their information, data, and resources. Lastly, more needs to be done about Crypto currency. Although cryptocurrency like Bitcoin, Ethereum, and Dogecoin recently market have provided a new generation of investors with large financial gain. Their untraceable nature makes it a perfect tool for cybercriminals to use in making their ransom demands.

  • Sources
  1. Blackfog, B. (2021, June 1). The State of Ransomware in 2021. BlackFog. https://www.blackfog.com/the-state-of-ransomware-in-2021/.

2. Bunge, J. (2021, June 10). WSJ News Exclusive | JBS Paid $11 Million to Resolve Ransomware Attack. The Wall Street Journal. https://www.wsj.com/articles/jbs-paid-11-million-to-resolve-ransomware-attack-11623280781.

3. Eaton, C., & Volz, D. (2021, May 19). WSJ News Exclusive | Colonial Pipeline CEO Tells Why He Paid Hackers a $4.4 Million Ransom. The Wall Street Journal. https://www.wsj.com/articles/colonial-pipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636.

4. Fruhlinger, J. (2020, June 19). Ransomware explained: How it works and how to remove it. CSO Online. https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.html.

5. Kaspersky, K. (2021, June 11). Ransomware Attacks and Types – How Encryption Trojans Differ. usa.kaspersky.com. https://usa.kaspersky.com/resource-center/threats/ransomware-attacks-and-types.

6. Logan, M., Mendoza, E., Maglaque, R., & Tamaña, N. (2021, February 3). The State of Ransomware: 2020’s Catch-22. Security News. https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/the-state-of-ransomware-2020-s-catch-22.

7. Lynn, S., & Thorbecke, C. (2021, June 4). Why ransomware cyberattacks are on the rise. ABC News. https://abcnews.go.com/Technology/ransomware-cyberattacks-rise/story?id=77832650.

8. Moreh, J. (2021). Ransomware Concept with Hooded Hacker – On-Line Security. Free Stock Photo of Ransomware Concept with Hooded Hacker – On-Line Security | Download Free Images and Free Illustrations. https://freerangestock.com/photos/89539/ransomware-concept-with-hooded-hacker–on-line-security.html.

Leave a Reply

Your email address will not be published. Required fields are marked *