Can Ransomware Be Stopped?
Hackers working for profit and spying have posed a threat to US information systems for decades. However, throughout 2021, hackers and ransomware gangs targeted companies running networks like the Colonial Pipeline fuel system, with greater tenacity.
The threat to these types of networks has been around for over 10 years. For many, there were fears about these types of attacks for a prolonged period, but finances and lack of interest or concern by others presented challenges to actions and solutions.
It isn’t known why ransomware gangs have become so invested in going after fuel companies, water companies, energy companies, meatpacking plants, and utilities. Experts believe contribute this to a rise in competition and higher payouts, in addition to the involvement of foreign government. The headline-breaking news articles are finally leading to more attention to the U.S.’s problem with cyberthreats and cyberattacks.
Cyberattacks as a National Security Threat
The costs of cyberattacks, particularly ransomware attacks, do not stop at the retrieval of the ransom payment. Many often view cybercrime as a white-collar crime. Ransomware attacks are motivated by money and are generally viewed as a non-violent type of crime, but ransomware gangs are leaving behind a path of destruction wherever they go.
Loss of Data
Ransomware gangs continue to expand their attacks. Ransomware gangs will demand ransom to de-encrypt the data that has been stolen and held hostage. Then, the gang will threaten to release the data to a website unless they receive the demanded ransom. In 2021, ransomware groups have exfiltrated data for extortion. The potential of sensitive and confidential data being exposed on the web, and the possibility of facing legal action have led some victims to pay the ransom.
The 1998 Presidential Decision Directive
In the late 1990s, the U.S. government began taking steps to defend cybersecurity. In 1998, under the Clinton administration, the Presidential Decision Directive was issued. What was the intent of the Presidential Decision Directive? It was intended to protect the United States’ critical infrastructure from cyberattacks. Critical infrastructures were identified, including energy, banking and finance, transportation, and water systems. This moved resulted in changes in regulation in the finance and energy industries. However, other industries were not as quick to make changes to their systems or networks.
Slow to Change
The belief is that many industries were slow to make changes because they wanted to avoid the operational and financial burden that would come with making changes to systems and networks.
Many businesses and organizations’ systems are operating on infrastructures that are full of outdated technology. Some systems are not equipped to handle the advanced and sophisticated tools that are needed to fully protect an organization.
Removing the current hardware and replacing it with updated hardware is seen by many as being more of a financial burden than service downtime. Many administrators fear that the replacement process can increase the vulnerabilities and make them more susceptible to cyberattacks.
Why Is It Difficult To Stop Ransomware?
The constant problems caused by ransomware gangs raise a commonly asked question: Why has it been so difficult for the United States to protect its citizens from cybercriminals?
Ransomware gangs can easily move around, they are scattered across the globe, they do not need much equipment to carry out an attack, and their identities can be hidden. Ransomware gangs also share resources. For example, the ransomware gang responsible for the Colonial Pipeline attack allows other ransomware gangs to use their ransomware software for a certain price.
The U.S. Recent Response
On May 12, 2021, President Joe Biden issued an Executive Order. The EO was aimed at improving the U.S.’s cybersecurity. This Executive Order was in the works after the SolarWinds cyberattack and gained steam after the ransomware attack on the Colonial Pipeline. The Executive Order called on the Department of Defense and the Department of Homeland Security to require agencies to do the following:
- Protect their data
- Improve information sharing
- Establish a Cyber Incident Review Board
The Executive Order includes a variety of information and procedures that will be relevant to all federal government contractors and subcontractors.
Cyber Defenses Are Needed
The Deputy National Security Advisor called recently urged the private sector to adopt the best practices outlined in President Joe Biden’s Executive Order.
The practices outlined in the Executive Order include the implementation of Multi-Factor Authentication (MFA) and the use of encryption. Companies and organizations should regularly back up data and keep backups offline so that they can reduce their vulnerabilities.
Companies and organizations are also encouraged to update and patch systems on a regular basis, in addition to building and testing incident response plans so that businesses and organizations will have the ability to pick up where they left off in the event of an attack.
The Work Cannot Stop
While the White House, the Department of Defense, the Department of Homeland Security, and other agencies have announced that efforts will be made to stop such attacks there is always work to be done. The technology and resources are available, but not everyone is willing to put in the time, effort, and financial resources that are needed to implement defenses that can serve as a protection against cyberthreats and cyberattacks.
Businesses and organizations have to put the proper measures and place and work hard to identify cyberthreats so they can stay steps ahead of the cybercriminals. When it comes to cyberattacks, it is no longer a matter of IF, but WHEN. When it comes to cybersecurity, you always have to be ahead of an attack. However, one of the main problems is that this does not happen as often as it should.
Anti-virus software, anti-malware software, and other detection tools are used to respond to threats. Businesses and organizations that do not have the proper measures in place will typically find themselves focusing on recovery because there were no prior conversations about prevention.
Reach out to Intelice to talk about the importance of protecting your business from ransomware attacks. Feel free to pick our brains on what you need to do to protect your organization.