The Week (US)

Ransomware: An epidemic of digital extortion


Our nation’s infrastruc­ture is facing an unpreceden­ted onslaught of cyberattac­ks, said Rishi Iyengar and Clare Duffy in Last week, the country’s biggest meat processor became a target of hackers demanding ransom—even as a major oil pipeline was just recovering from a ransomware attack that shut off oil to much of the Southeast. The latest victims even include the ferry to Martha’s Vineyard, the Obamas’ vacation spot. Hackers used to focus mainly on stealing data. But increasing­ly brazen perpetrato­rs, often based in Russia, have “found a significan­t moneymaker in targeting physical infrastruc­ture” and demanding payment to unlock critical systems. FBI director Christophe­r Wray compared the urgency of the threat to the scramble against internatio­nal terrorism after 9/11. By tracing the route of the Bitcoin payment, the FBI was able to recover most of the $4.4 million paid to reopen the Colonial Pipeline. But the attacks on the oil and food industries have demonstrat­ed “the potential to spark mayhem in people’s lives.”

The FBI advises victims not to pay hackers, said Rachel Monroe in The New Yorker. But many feel they have no choice, giving rise to a small industry of “ransomware negotiator­s.” These halfdozen specialist­s, “and the insurance companies they regularly partner with, help people navigate the world of cyberextor­tion.” They have been “accused of abetting crime” by incentiviz­ing the holding of digital hostages. But “they have no lack of clients.” According to one negotiatin­g firm, “the average ransom payment in the first three months of the year was $220,000,” said Adrian Croft in Fortune. That’s a 43 percent increase from the previous quarter. One consultant, Kurtis Minder, said the most “he’d ever paid on behalf of a client, a large engineerin­g company, was $2.75 million.” The fact that such payments often go unreported suggests “the scale of the problem is much bigger than publicly disclosed.”

The recent surge feels new, but ransomware “has been a huge business for years,” said Patrick Howell O’Neill in the MIT Technology Review. “Years of American inaction” have let the problem metastasiz­e, while cybercrime gangs have become much more sophistica­ted. They used to “indiscrimi­nately infect vulnerable machines without much care” for the payoff. Now they are going “big-game hunting.” Despite the years of warnings, many businesses are woefully unprepared, said Nicole Perlroth in The New York Times. Their systems run on “buggy and out-of-date software nobody bothers to patch,” and in some cases employees aren’t even trained to “use different passwords.”

“Regulators and legislator­s rushed to Capitol Hill” after the pipeline attack to implement new requiremen­ts, said Tim Culpan in But oil companies and pipeline operators have successful­ly lobbied against stricter cybersecur­ity rules for more than a decade. “The fact that any one industry has the power to stymie” cybersecur­ity legislatio­n puts our entire nation in jeopardy. Yes, some systems—nuclear power stations, for instance—may hold special dangers. But the way to make our digital borders more secure is to make sure we have no weak links.

 ??  ?? The U.S. food supply is the latest target of hackers.
The U.S. food supply is the latest target of hackers.

Newspapers in English

Newspapers from United States