Let's Talk Ransomware - and the Solution
Within the last year, the general public has seen how ransomware can cripple municipalities and companies. Yes, ransomware is a hot topic in 2019 because with the media focusing on the issue, we are reminded that cyber/digital systems are sometimes fragile.
Ransomware has been around for many years. The first time I heard of a ransomware attack was about six years ago when hackers told a friend's mother she needed to pay to regain access to her grandchildren's pictures. Although it has been around for years, we are seeing cyber criminals use ransomware against more high profile targets and seeking higher ransoms.
Last year, the City of Atlanta was crippled for weeks. Reportedly, Atlanta spent $2.6 Million to recover its systems instead of paying the $52,000 ransom.
Earlier this year, the City of Baltimore was the victim of a ransomware attack causing residents to lose access to basic city services. Baltimore did not pay the ransom and officials estimate that the attack could result in about $18 million in recovery costs.
Closer to home, the city of Riviera Beach, Florida, agreed to pay more than $600,000 worth of bitcoin to unlock its network. There are reports that insurance covered most of the payment.
Weeks later, Lake City in Florida paid $460,000 in ransom to unlock its own computer network.
The Administrative Office of the Georgia Courts just recently reported that it is the latest victim when an attack forced a shut down of its online systems.
The insurer, Beazley Group, reported that its clients have reported twice the number of ransomware cyberattacks in the first quarter of 2019 as they did last year.
So what's the deal?
Ransomware attacks are an opportunistic, low risk, lucrative scheme for cyber criminals. Just think, a cyber criminal sends out thousands of phishing emails with embedded ransomware to government employees. It only takes one unwitting click by an employee to open pandora's box of binary code to cripple the online system.
Then there are local governments that rely on outdated software and systems. In the case of the Atlanta attack, the virus was the SamSam Ransomware, which differs from other ransomware in that it does not rely on phishing, but rather utilizes a brute force attack to guess weak passwords until a match is found. It is known to target weaker IT infrastructures and servers.
The cyber criminals are playing a numbers game with odds in their favor.
Then, after the cyber criminals hook a target, the decision makers have to decide between:
(1) paying the ransom, which will then encourage future bad behavior, without any guarantee that the attackers will release their systems upon payment, or
(2) refuse to pay the ransom and suffer millions of dollars in damages based on lost revenue, information technology remediation, bad publicity, etc.
While the decision makers are agonizing over this decision, the cyber criminals are drinking lattes and Monster drinks in a foreign country with little or no worries that they will be brought to justice.
For a cyber criminal, this is good business.
Some think the solution to the ransomware problem is that governments should allocate more funds to cybersecurity. True, government leaders should appreciate that we are now in a digital world and having up-to-date cybersecurity is just as important as having locks on doors (though way more expensive). But, more funds is not the only solution.
In my view, people are the solution. When you realize that most of the malware attacks are coming from emails and phishing schemes, it becomes clear that even with up-to-date cybersecurity (like a lock on the door), if your people do not actually lock the door, then it is worthless.
As we move towards a complete digital environment, people need to be more cyber-aware and cyber-hygienic. People need to think twice before clicking a link or opening a document from an unknown email address. People need to know the red flags for a phishing scheme. In other words, people need create a second or third layer of authentication before inviting a criminal into the “candy shop.”
This requires constant vigilance and a certain level of paranoia. While embracing the benefits of being digital, we cannot be as trusting.
~ Florida Cyber Lawyer, Robert Stines, Esq., CIPP