It’s just another day at the warehouse, and everyone has settled into their usual rhythms. Pick orders have been printed, organized, and distributed to the warehouse team. The flow of productivity maintains a steady pace, even as new orders are received, pulled, packaged, and shipped.
Every mechanism in the daily workflow is dependent on one critical component - undisrupted network uptime. If the computers go down, the workflow comes to a screeching halt. What if you came into work one day only to learn that every computer system on the company network had become locked from a ransomware attack?
This is exactly what happened to a company I worked for a week before I was hired. At the time, a threat actor discovered an intrusion point and encrypted every computer on the network. They demanded a million US dollars to be paid in cryptocurrency.
The incident was beyond the owner’s control, and even the system administrator’s hands were tied. The FBI had to be called in to investigate and help remediate the situation. All systems were encrypted, rendering all files inaccessible, impacting the revenue of the entire company from top to bottom. Employees were without work for eight days, while the pandemic was still raging, and the computers didn’t come back online for another five days after that.
The company scrambled to contain the incident as quickly and quietly as possible. Every day of downtime meant another day of customers inquiring why their orders were not shipping on time.
If they ever became privy to the intrusion, the good reputation of the company would be ruined. Perhaps they would even take their business elsewhere if they felt their personal information wasn’t safe.
Ransomware 101 For The Uninitiated
Ransomware is a kind of malware from the cryptovirology family designed to encrypt a user’s computer hard drives, preventing them from being able to access their files. If you’ve ever seen a message pop-up on your computer saying, “YOUR FILES ARE ENCRYPTED,” with instructions on how to pay a ransom to the hacker, then you know what I’m talking about.
Attacks can be faked, and that goes for fake ransomware attacks, too. Malicious browser pop-ups, unsolicited emails, and text messages could contain a clever illusion that can simulate an intrusion taking place. This gives the appearance that your internet devices have fallen prey to an attack, with scary messages designed to compel victims into paying a ransom. Don’t be tricked.
Sometimes the attacker may leverage their blackmail pitch by threatening to publish embarrassing private information if their greedy demands aren’t met. Last year alone, the FBI’s Internet Crime Complaint Center (IC3) received 2,474 complaints of ransomware attacks. The numbers are even more staggering when you factor in the unreported incidents. According to research published by the Israeli cyber threat intelligence group Cognyte, ransomware attacks nearly doubled in the first half of this year.
Their research showed that the total of reported incidents involved 1,097 organizations within the first six months. This compares to last year, where the total reported ransomware incidents for 2020 was just 1,112. Additionally, the reported attacks involved the victim’s data being stolen and leaked. Ultimately, this means that ransomware is growing in popularity, with threat actors looking to make easy money.
The Ransom Disclosure Act
In recent news, legislation called the Ransom Disclosure Act was introduced by US Senator Elizabeth Warren and Representative Deborah Ross. This would allow the Department of Homeland Security (DHS) to obtain analytical data concerning ransomware payments in order to increase the government’s understanding of the machinations of cybercriminal operations.
The bill is designed to help reveal the scope of ransomware attacks, the groups behind them and the scope of their operations.
“Ransomware attacks are skyrocketing, yet we lack critical data to go after cybercriminals,”
Senator Warren said.
“My bill with Congresswoman Ross would set disclosure requirements when ransoms are paid and allow us to learn how much money cybercriminals are siphoning from American entities to finance criminal enterprises - and help us go after them.”
In other words, if passed, US companies would be required by law to disclose information with law enforcement no later than 48 hours after the event of a ransomware payment. This includes the amount demanded by the threat actor, the amount received by the threat actor, the type of currency required, as well as additional information that might prove useful in identifying the attacker.
Additionally, the DHS would be mandated to carry out research focused on analyzing behavioral patterns among ransomware attacks and the cryptocurrencies demanded by the attackers. In all, this would create grounds for the DHS to provide recommendations to help companies strengthen their cybersecurity and protect sensitive company data.
Furthermore, they would be required to publish a public report of the collected reports from the victimized companies during the previous year, which would not include any personal identifiers of the affected parties. The department would also provide an online platform for individuals to voluntarily report the amount paid in a ransomware incident.
“Ransomware attacks are becoming more common every year, threatening our national security, economy, and critical infrastructure,”
Congresswoman Ross said. She explained that because victims are not obligated by law to report ransom payments, the government lacks critical data that would otherwise be vital to countering these cyberattacks.
“I’m proud to introduce this legislation with Senator Warren which will implement important reporting requirements, including the amount of ransom demanded and paid, and the type of currency used,”
Ross further explained.
“The US cannot continue to fight ransomware attacks with one hand tied behind our back. The data that this legislation provides will ensure both the federal government and private sector are equipped to combat the threats that cybercriminals pose to our nation.”
The news report on Senator Warren’s website explained that ransomware attacks are a “significant national security threat” that has inflicted harm on critical infrastructures, not limited to businesses. This includes military facilities, healthcare companies, hospitals, schools, and municipal governments.
Threat actors strike indiscriminately, looking to make fast cash by holding hostage the very thing that keeps these companies afloat - data. Without access to important information, operations grind to a halt. Doors close and jobs are jeopardized, making ransomware one of the most damaging economic crimes.
Perhaps, this Ransom Disclosure Act could bring about a new era of cybersecurity awareness and eventually help deter and mitigate future attacks when bad actors come calling.
An article by Jesse McGraw
Ana Alexandre Like this content? Subscribe to our newsletter to get weekly cybersecurity insights and top news - straight to your mailbox!