Ransomware attacks, why experts believe it will get worse
Ransomware has become the most chronic and common threat to digital networks. At a time when 41% of all cybersecurity insurance claims flow from ransomware attacks, it’s no surprise that ransomware is top of mind for leading security experts, government officials, and law enforcement leaders.
Mark Weatherford, chief strategy officer and board member of the non-profit National Cyber Security Center told attendees at the third annual Hack the Capitol event, “I think ransomware is going to get worse and I hate to say it, but it’s almost the perfect crime, it’s easy to pull off and it’s almost impossible to get caught.”
Mark Weatherford went further to express his worries about the smaller victims of ransomware attackers. “Small and medium-sized businesses simply don’t have the resources or the technical understanding to understand the threat environment that they live in,” he said. Sometimes it can seem like a ransomware attack is inevitable. “A lot of my friends in companies that I talk to regularly literally are waiting for that shoe to drop when they are the victim of a big ransomware event,” Weatherford said.
“Ransomware is a big deal, It may not be the most exciting kind of compromise; it may not always be the most sophisticated. Sometimes it’s honestly easily preventable,” Rex Booth, chief cyber threat analysis at the US Department of Homeland Security’s (DHS’s) said at CISA’s annual Cybersummit.
He went further to say “When you’re suffering through a ransomware incident, none of that matters. It’s a big deal. You can’t access your data. You can’t use your systems, and you don’t know if you’re going to get them back and you’re upset. You’re freaking out.”
According to Jonathan Holmes of the FBI’s Major Cyber Crimes Unit in Washington, DC, he said at the DHS Summit. “Over the last year, we have seen an explosion in ransomware, we have seen numerous new ransomware groups victimizing individuals. We have seen those ransom demands increasing from tens of thousands of dollars in 2015 to hundreds of thousands of dollars. Most recently we have seen ransom demands in the millions of dollars range.” Ransomware attacks are increasing in number, severity level, and origin points. The attackers are also changing their tactics, making it difficult to defend against them.
They are starting to band together, Holmes said. “We have seen some of these ransomware actors entering into a cartel with one another. As a cartel, they will share information, intelligence, and techniques among the group members. It’s a bit concerning to us as well because it shows a major shift among the ransomware actors.”
The ransomware cartels are forming into business-like organizations with specialization of labor, Jason Conboy of DHS’s Investigations division said. “You have your malware office and they have effectively built skills to write that malware. You have got your money mules. You have got the ones that are going to communicate with the victim, try to negotiate a ransom payment. Then they are going to have the job of moving the money for the bigger organization.” Some ransomware organizations, have customer service members that help you work with the threat actor
Mike Moran, who works in major case investigations at the US Secret Service said at the CISA Summit. “I just like ransomware so much because it’s just such a violent crime to the network, some people think it’s pretty simple, but it’s actually pretty sophisticated. It’s kind of both. I guess the sophistication might be in its simplicity.”
Like most other law enforcement specialists, Moran doesn’t see an end to the growing ransomware epidemic. “These trends are going to continue just like bank robberies are going to continue until there is no cash at the bank,” he said.
Trying to find these threat actors is a growing challenge for law enforcement. “The tools and techniques that these actors are using are all supported by anonymization,” Holmes said. Making it difficult for law enforcement to identify that infrastructure the bad guys are using.
Moreover, they use virtual currency such as Bitcoin to receive payments that can be very challenging to investigate. Sometimes they rely on email providers that don’t keep logs that could otherwise help law enforcement get access to information about the accounts they use. “It makes our ability to investigate those cases very difficultly,” Holmes said.
Despite these hurdles, victims should work with law enforcement if they come under a ransomware attack.