A few weeks ago, the TV show “60 Minutes” ran an interesting piece on cybersecurity entitled “How Cybercriminals Hold Data Hostage.” If you’d like to view it, just click here.
We share some of the highlights below…
In April 2019, Cleveland Hopkins Airport suffered an extended power outage that plagued its computers. A computer attack with ransomware was believed to be behind the outage. The airport’s flight information, baggage displays, and emails were taken down. The FBI said it was another ransomware attack on a sensitive government network.
What Is Ransomware?
It locks up a victim’s files until a ransom is paid. It’s a type of malicious software that infects and restricts access to a computer. Although there are other methods of delivery, ransomware is frequently delivered through phishing emails and exploits unpatched vulnerabilities in software. Not only businesses but critical public service networks are being targeted.
What Other Public Service Networks Have Been Targeted With Ransomware?
Before the Cleveland Airport attack, ransomware affected:
- The City Governments of Newark, Sarasota and Atlanta,
- San Francisco’s Transit Authority,
- The Colorado Department of Transportation, and
- The Port of San Diego.
26% of cities and counties in the US say that they’ve fended off attacks on their networks every hour of every day.
Even Hospitals Aren’t Safe
And, dozens of hospitals across the country have had their data held hostage. For example, Hancock Regional Hospital in Hancock County, Indiana, was hacked and held for ransom. It’s a 100-bed hospital located in the suburbs of Indianapolis. All of their computer files were renamed and encrypted, so they weren’t accessible.
The hospital had to run on pen and paper. Emergency patients had to be diverted to a hospital 20 miles away. Hospital administrators were even concerned that the ransomware attack could jump to their hospital equipment like ventilators.
The ransom they had to pay to get their files back amounted to $55,000.
Who Else Had To Pay Ransom?
The City of Leeds, Alabama was hit with the same ransomware virus just three weeks after Hancock Hospital was attacked. Leeds is a small town of 12,000. Their mayor, David Miller, was surprised that a town of their size would be targeted. Just like the hospital, the City of Leeds had to resort to pen and paper. They didn’t have email, nor access to their personnel files or financial system.
And three weeks after Leeds was attacked, the City of Atlanta experienced the same type of attack. For a while, the police didn’t have the ability to do computer checks on license plates for cars they were pulling over. In addition, the City of Atlanta’s court system went down.
However, Atlanta refused to pay the $50,000 ransom that was requested. Instead, they spent $20 Million to recover on their own! It took months to do. And seven years of police dashcam video was never recovered.
What Does The FBI Say?
All companies and local governments are targets. Michael Christman, Section Chief for the FBI’s Cyber Division, says cyber crooks know that governments and hospitals are likely to pay these ransoms because they can’t afford not to. He also said that we should prepare for the possibility that a hacker could infect a 911 system and ask for $10 million.
Christman tells us that in 2017, 1,700 successful ransomware attacks were reported. But he believes that this number is less than half of what actually occurred. This is because most businesses would rather pay a ransom than admit they were hacked.
He also said that one ransomware variant affected all 50 states, resulting in approximately $30 Million in losses and over $6 Million in ransom payments. He said losses in the US are very significant and easily approach $100 Million or more due to ransomware attacks.
What Is Sam Sam?
The ransomware variant Christman mentioned is the same one that held Hancock Regional Hospital hostage. It’s called Sam Sam.
In December 2018, The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) issued an alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A.
They reported:
“Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for prevention and mitigation.
The SamSam actors targeted multiple industries, including some within critical infrastructure. Victims were located predominately in the United States, but also internationally.
Network-wide infections against organizations are far more likely to garner large ransom payments than infections of individual systems. Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms.”
Experts say that Sam Sam is unbreakable. And there was nothing the hospital could do to unlock their files. Their only choice was to wipe their system and hope that they had backups to replace them.
Unfortunately, Sam Sam had also infected the hospital’s backup files. The FBI advised them not to pay the ransom, but after two days of the hospital’s staff filling out 10,000 pieces of paper, their President & CEO, Steve Long, decided that they must. The ransom had to be paid in Bitcoin (digital money) because it’s difficult to trace.
What happened with the City of Leeds in Alabama? They held out for two weeks before finally deciding to pay the ransom. However, instead of paying the $60,000, the hackers demanded the mayor was able to negotiate the ransom down to $8,000 because that was all they could pay.
In these cases, the thieves were honorable and provided the decryption keys once the ransoms were paid.
How Does The Ransomware Select A Network To Infect?
Ransomware variations often scan the Internet blindly looking for vulnerable networks wherever they may be. They can attack from 1,000 to 10,000 networks at a time, according to Tom Pace, VP of BlackBerry Cylance, a leading security firm.
Ransomware attacks are automated and unleashed, so the hacker just sits back and waits until he finds a security gap in an IT system. Pace said that most ransoms are in the range of $50,000. But one of his clients had to pay $1 Million to get his files back.
And another client was threatened with not only holding his data hostage but releasing confidential information about his customers. This would result in massive litigation costs.
Ransomware For Rent
There are websites offering “Ransomware for Rent,” where an attacker can choose from many illicit products to infect IT networks. When the ransom is paid, the website gets a cut. There are even chat rooms the hacker can enter to ask questions about maintaining the ransomware software he rents.
Plus, the cybercrook doesn’t have to write code. The software does everything for him in a matter of minutes.
Is There A Way To Know You Won’t Be Attacked Again?
Tom Pace says no. There’s always a chance. The best thing to do is to reduce all of the vulnerabilities in your IT system and entry points.
Who Is Sam Sam?
The Justice Department said that they unmasked Sam Sam last year. Two Iranians were indicted. They collected $6 Million in ransoms before they were stopped. Unfortunately, the suspects are still in Iran where they can’t be extradited.
The most threatening ransomware comes from countries like Iran and Russia that the FBI can’t reach.
Is Cybercrime Now A Way Of Life?
According to Michael Christman of the FBI, it is. He compares it to the rash of bank robberies back in the 1930s. It’s now connected to everything we do and every crime that he sees. He believes that by 2020, we’ll see 50 Billion devices worldwide connected to the Internet.
Ransomware will continue to be used, even with our smartphones. He believes that any device connected to the Internet can be attacked or used to facilitate other attacks. This means not only our computers and phones but the computers in our cars, homes, etc.; anything connected to the Internet can be attacked.
Need more information about cybersecurity for your business in SE, Texas? Visit our Blog.
Malware attack hits US accounting firms