Ransomware - Digital extortion goes mainstream by ASCF Senior Fellow Scott Tilley
By Scott Tilley, ASCF Senior Fellow
The hacking of the Colonial Pipeline is just the latest in a series of ransomware attacks that are plaguing the nation. Ransomware is a form of malware used in a cybersecurity attack. Hackers infiltrate a computer network and install a special kind of program that either encrypts or deletes the data on the computers. This renders the computers effectively useless for the owners. They can’t access the data, so they can’t use other programs to perform daily tasks. Instead, they are forced to pay a ransom, usually in an untraceable digital currency, like Bitcoin, before the hackers give them the key to decrypt their data. Once encrypted (or deleted), it’s completely inaccessible.
Besides the Colonial Pipeline, organizations that have been infected with ransomware include hospitals, schools and universities, and many corporations. Unfortunately, we don’t often hear about ransomware attacks because organizations don’t like to make these attacks public. That’s understandable because it affects their reputation.
Our government’s policy is not to pay ransom demands in the real world, but in the online world, ransoms are now paid all the time; there’s little choice. Moreover, hackers can be located anywhere in the world, so we usually don’t have legal recourse against them. All they need is access to the Internet and a supportive, or least indifferent, nation-state to operate. Russia is the prime example often cited, but the usual culprits are also in play.
Defending against ransomware is challenging. It requires secure networks and knowledgeable personnel, both of which are in short supply. As long as a network, or any device, is connected to the Internet, it is hackable. The Internet of Things (IoT) is making the situation worse since many devices are not engineered with security in mind. Some of them are engineered with back doors in place, which means there is a built-in mechanism to access the network.
The owners of the Colonial Pipeline are reported to have paid nearly $5 million dollars to unlock their systems (some of which the FBI was able to recover), only to find the decryption key they paid for