Surge in ransomware ‘terrorism’
FBI warns data theft threat is ‘as serious as 9/11 attacks’
The White House calls it a “rising national security threat”. The United States Justice Department has been instructed to treat it as seriously as terrorism. And President Joe Biden is to raise it with Vladimir Putin at a summit with the Russian President in Geneva next week.
Ransomware, malware that forces companies to pay millions to cyber criminals for the return of stolen data, has reached heights of greed and audacity unmatched since the heyday of Somali piracy.
The gangs carrying out the attacks pose such a threat to infrastructure, including the supply of food, energy and healthcare, that the director of the FBI has compared ransomware to the 9/11 terrorist attacks.
“There are a lot of parallels and a lot of focus by us on disruption and prevention,” Christopher Wray said in an interview with the Wall Street Journal last week.
The events of the past few weeks have prompted alarm at the top of Western governments. Since April, ransomware hackers have targeted Quanta Computer, a Taiwanese firm that supplies Apple; Exagrid, a US firm that provides back-up data storage (ironically, partly as insurance against ransomware attacks); the Colonial Pipeline for fuel in the US; Ireland’s healthcare body, which saw its systems frozen for a week; and, in New Zealand, an attack on Waikato DHB’S IT services.
The most recent attack, on May 30,
led to JBS, a multinational meat supplier, being forced to halt cattle slaughter operations in Australia and the US.
Charl van der Walt, global head of security research at Orange Cyber Defence, has identified three shifts that have led to today’s crisis. The first was the emergence of cryptocurrencies in 2012, offering a secure way of sending big sums without using international bank transfer and credit card systems that could easily be traced or shut down.
That fuelled the rise of what
hackers call “big game hunting”, targeting major firms, freezing their data systems and demanding hundreds of thousands or millions of dollars in ransom.
The second shift came in 2019, when Maze, a criminal group, told one victim if payment was not prompt they would leak sensitive commercial data on to the internet. This double extortion was a feature of the recent high-profile attacks. The hackers who targeted Ireland’s health system last month eventually handed over the decryption tool for free, but said patient data would still be leaked if a cash settlement was not forthcoming.
The third shift came recently when ransomware evolved from opportunistic criminality into a sophisticated industry that employs multiple highly skilled specialists, including code builders, hackers and money launderers.
Paul Chichester, director of operations at the NCSC, said in a statement: “It is vital preventive measures are put in place, including additional security around sensitive data and up-to-date offline back-ups.”
Others have pushed for a war on cryptocurrency that would emulate the crackdown on payments via the international banking system that destroyed the Russia-based Viagraspamming empires in the late 2000s.
Almost all the big groups involved in the recent attacks are run by native Russian speakers and based in the former Soviet Union. The other major source of ransomware activity is North Korea. Many Western cybersecurity experts assume the gangs enjoy some protection, or indifference, from the Russian state.
Biden is expected to raise the issue with Putin at their summit in Geneva on June 16. — Telegraph Group Ltd