The federal departments of Justice and Homeland Security both reported recently on the considerable costs associated with the ever-growing number of ransomware attacks.
Not only are there the financial risks associated with recovering critical data and control of systems hijacked by hackers, but organizations also risk serious damage to reputations and potential loss of business.
A growing threat
According to the Justice Department, its Internet Crime Complaint Center (IC3) logged almost 7,700 complaints about ransomware from 2005 to the present, resulting in $57.6 million in damages to affected organizations. This figure includes ransoms paid to regain control of systems that range from $200 to $10,000 along with the costs associated with the value of lost data and coping with the attack itself.
Yet the costs are increasing in recent years. The IC3 reported 2,500 cases in 2015 alone, with victims paying $24 million to regain control.
Ransomware is a program that, once installed within a computer system, allows a hacker command and control of critical files and access to proprietary data. Often access is gained when an unsuspecting employee clicks on what looks like a legitimate attachment in an email. The attachment may appear to be a document but in actuality is an executable program that infects the user’s computer, allowing the hacker to infiltrate the system.
Once inside, a hacker will encrypt critical files, whether proprietary information, customer data, operating controls or other key functions. When the hacker springs the trap, organization employees are unable to use systems or needed files.
Hackers then offer to turn over a decryption key in return for payment, usually requested in a virtual currency such as bitcoin, which is difficult to trace.
No sector has been off limits to ransomware attacks. Businesses of all sizes, municipal governments, schools and even law enforcement agencies themselves have been victims.
Congress wants answers
The federal agencies reports were in response to a request in December 2015 by U.S. Sen. Tom Carper, a Delaware Democrat, who serves on the Senate Committee on Homeland Security and Governmental Affairs. Carper asked the agencies how the government was fighting back against ransomware attacks and the extent of damage to federal agencies.
Homeland Security, in its response letter, indicated that the National Cybersecurity and Communications Integration Center (NCCIC) had received or started reports on 321 ransomware attacks involving 29 federal agencies since June 2015 alone. These incidents include both actual attacks addressed by the center’s security teams and attempted attacks. Homeland Security reported “minimal impact” from these attacks and that all systems were cleaned and replaced.
At the state and local level, the numbers are worse.
Homeland Security used data from the Multi-State Information Sharing & Analysis Center (MS-ISAC), a nonprofit agency that partners with Homeland Security to track, address and prevent cyberattacks among its roughly 1,000 members.
In 2015, MS-ISAC, using a network monitoring service, found and alerted government agencies about 2,000 ransomware infections to the roughly 65 members that use the service. The agency also offered forensic assistance to analyze 45 different attacks on government computers last year.
For attacked agencies, the impact of a system attack is not just financial. The attacks undermine the credibility of the agencies and businesses attacked. Customers and citizens may be wary to do business with and provide personal data to organizations that are attacked or are not taking preventive measures.
Ironically, police departments are among the most vulnerable agencies to ransomware attacks. Departments are more likely not to have off-site data backups that would allow agencies to regain access in the case of an attack. Already, departments in Illinois, Massachusetts and Tennessee have had to pay ransoms.
The government faces additional problems with one of its own solutions.
Homeland Security recently discovered that its EINSTEIN cybersecurity service, which many federal agencies rely upon, is vulnerable to newer viruses because of its reliance on known virus signatures.
There is hope, however. The Justice Department noted that a recent operation has shut down one of the most prolific online cybercrime forums, Darkode, and had stopped a botnet called Gameover ZeuS used to distribute a popular ransomware virus called Cryptolocker.
The risks remain for both private and public organizations as the hacker methods become more complex. Protecting systems and educating employees are critical to stopping further attacks.
Amnet is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at (719) 442 or send us an email at -firstname.lastname@example.org for more information.