Ransomware: Paying the Price for Poor Cyber-Security?
In our extensive series on cybersecurity in the water utility sector, we explored many of the ways that organizations can help harden their infrastructure and computing resources against intrusion. But there are still many threats that have the potential to disrupt critical services. One “prevalent and increasing threat”, according to the FBI, is the use of ransomware to target victims from small businesses up to large organizations.
A Clear and Present Motive
Cyberterrorists might seek to damage utilities for the sake of chaos and to create a human health crisis. A disgruntled ex-employee might want to do harm for simple revenge. But cybercriminals who specialize in using ransomware are much more pragmatic. Their goal is to extract as much money from a target as they can without running a high risk of getting caught or having their demands denied.
Why Are These Criminals Thriving?
There are a number of reasons it is simple for IT “kidnappers” to continue their practice of holding data and systems hostage. First, the technology that makes this possible is easy to come by. There are any number of readily available subscription software packages such as CryptoWall or TorrentLocker that can be deployed to lock authorized users out of their own PCs. Some ransomware is also designed to lock down servers as well, allowing criminals to target entire networks.
The risk of getting caught is fairly low for a savvy cybercriminal. Unfortunately, many of these criminal organizations are located in Eastern Europe and other places that can’t be touched by United States law enforcement. They often demand the ransom to be made in BitCoin so that even tracing where the money goes is difficult.
The Problem Is Growing
The FBI points out that one of the main reasons criminals keep using ransomware is because victims keep paying ransoms. In 2015, targets of such attacks reported $24 million in losses. That’s likely just the tip of the iceberg since many organizations don’t want to report or otherwise publicize security breaches. The attacks are likely to continue or escalate as cybercriminals re-invest their ill-gotten gains in developing better ransomware.
Big Industries Make Tempting Targets
Financial services and healthcare are two sectors that have been targeted recently for specialized ransomware attacks. These victims tend to have deep pockets and can’t afford to have any interruption in their business processes. But criminals are always looking for more victims who have a strong motivation to pay up to prevent disaster. What can organizations do to make themselves an unappetizing target?
First, it’s important to use up-to-date anti-malware software to detect and block suspicious activity. Keeping current data backups on isolated media is another important step in protecting an organization from being held hostage. Finally, the FBI cautions against ever paying a ransom so that criminals will learn that it isn’t worth the time and effort to continue holding computer resources for ransom. For a water utility, the steps taken to isolate critical infrastructure should definitely include a plan to keep things running even if there is an attempted ransomware attack.