The United States has seen a drastic increase in ransomware attacks over the past two years. American IT infrastructure drastically needs an overhaul before critical infrastructure, which has already been targeted, is affected to the point that the country is crippled as a result of an attack.
Ransomware is a type of malware that encrypts the files of a targeted computer, rendering them inaccessible. The name ransomware comes from the fact that information is kept encrypted until a ransom is paid to the cybercriminal. Encrypted data is extremely difficult to decrypt, and in some cases, impossible with the technology. This usually leaves the victims little to no choice but to pay the ransom to save their data.
Ransomware attacks are nothing new. However, what has changed in recent years is the breadth and scope of these campaigns. Current ransomware variants are being designed not to infect a single computer, but to spread throughout entire networks within an organization. One of the most infamous cases that demonstrates this shift is the WannaCry Ransomware Outbreak. The WannaCry ransomware infected around 200,000 terminals in 150 countries around the world. The attack showed how ransomware could cause mass disruptions and damage to businesses and infrastructure.
Ransomware Incidents Keep Increasing
At this point, cybercriminals have definitely caught wind of the profitability of ransomware campaigns. To that end, bad actors have switched their modus operandi and are going for bigger payouts by targeting large organizations. The idea behind this “big game hunting” is due to the fact that big companies have massive amounts of valuable data and are more likely to pay to have it decrypted.
There has also been a noticeable increase in “ransomware-as-a-service” – groups hired to issue ransomware on behalf of someone else. This makes the situation worse by allowing individuals with little technical knowledge to launch their own ransomware campaigns.
This has started a trend of ransomware infections that seem to happen every other day. McAfee published a report that shows cyberattacks involving ransomware has more than doubled in 2019.
Examples of Ransomware Attacks in the United States
There have been several high-profile ransomware attacks within the United States. According to cybersecurity researchers at Emsisoft, at least 621 American organizations have been affected by ransomware. These include governmental institutions, healthcare providers, educational institutions, and even private entities.
One of the recent ransomware campaigns targeted at governmental institutions occurred in Texas, where computer systems across 23 local cities and towns infected were encrypted by ransomware. Security researchers suspect that it may have been a strain of the GandCrab Ransomware known as Sodinokibi, or possibly the infamous Ryuk ransomware.
In the educational sector, Emsisoft’s report states that ransomware incidents have been reported in at least 68 school districts, impacting over 1056 schools.
Another prime target for ransomware attacks is the Healthcare industry. Several hospitals across the United States have already been hit with ransomware attacks. Most recently, three hospitals in Alabama were hit with an attack, forcing them to divert patients to other medical centers.
Hundreds of American businesses have also been the target of multiple ransomware attacks in the past year. A prime example of this is how two chemical manufacturing plants were infected with the Lockergoga ransomware. Additionally, the FBI has reported hundreds of ransomware attacks employing Ryuk ransomware.
How Ransomware is a Public Safety Issue
The most obvious way that ransomware is a public safety issue is that it has the potential to render critical infrastructure systems inoperable.
A ransomware infection on a cities power grid could potentially leave millions without electric services. In fact, in the case of hospitals, the attacks disrupt operations to the point that in some cases, patients had to be diverted elsewhere. Transportation services could be brought to a standstill, as was the case with Kiev’s metro system and the Odessa Airport in Ukraine during the “Bad Rabbit” ransomware outbreak.
Lastly, with the coming 2020 presidential elections, there are looming fears of a ransomware attack being used to disrupt the electoral process.
What Steps Can be Taken?
There are several steps that can be taken to fight against ransomware. It all begins with providing more cybersecurity training to federal and civilian IT workers and generally improving awareness. By training IT workers to spot common routes of infection, such as phishing emails, the odds of being victimized drastically decrease.
Another way to fight ransomware is to adopt mitigation protocols. Several companies are already doing this as part of their efforts to counteract ransomware. By keeping files on several separate servers, companies can mitigate the damages by taking down one server. Even if an individual server is affected, information on other servers is safely isolated.
There should be more law enforcement driven efforts to track down cybercriminals and hold them accountable for their actions. One reason that ransomware has become so prevalent is that it is difficult to track down where the attack began. We might know the names of the groups distributing the malware, but we don’t know the people behind them. There has to be more effort put forth to develop technology to track down these ransomware actors and find them before their efforts lead to widespread pandemonium.
Julio Rivera is the Editorial Director for ReactionaryTimes.com, a political columnist and commentator, and a Business Strategist.