Early last year, many cybercriminals pledged not to attack essential businesses during the coronavirus outbreak out of the criminal goodness of their hearts, but a slate of recent ransomware attacks indicate that the underworld benevolence is over, apparently has economies reopen and sympathy is no longer at an all-time high
Two weeks ago, the Colonial Pipeline, the largest pipeline system for refined oil products in the U.S, paid ransom to the tune of almost $5 million.
Then, last week, it was reported that in March one of the largest insurance companies in the United States, CNA, had quietly paid $40 million to regain control of its network after a ransomware attack.
According to a Bloomberg report citing people with knowledge of the attack, the hackers were paid two weeks after company officials were locked out of their network and had valuable data stolen.
CNA has never shared any details about the attack; nor, will it comment on the ransom, saying only that it “followed all laws, regulations, and published guidance, including OFAC’s 2020 ransomware guidance, in its handling of this matter”.
Just like with terrorists, the FBI discourages organizations from paying ransom for the obvious reason that it encourages more attacks.
Although the ransomware attacks and payments are rarely disclosed to the authorities and public, the $40-million payment is bigger than any previously disclosed.
While the FBI pinned the Colonial Pipeline cyber-attack on DarkSide, an Eastern Europe-based cybercriminal hacking group, CNA said its investigation concluded that the attackers used a new variant called Phoenix CryptoLocker, malware developed by Russian Evil Corp cyber group.
Following the Colonial Pipeline attack, President Joe Biden signed an Executive Order to improve the nation's cybersecurity and protect federal government networks.
The order lays out a series of new requirements for companies that do business with the federal government, requiring companies to report certain information about cyber breaches. It also establishes a Cybersecurity Safety Review Board to analyze incidents.
Still, even last year many failed “honor amongst thieves” code even though health-care and other essential institutions were spared to some extent.
Yet, global ransomware attacks soared in 2020, when we saw a 62% increase in ransomware globally and 158% spike in North America over the previous year. The total amount paid, at least what was reported, was $350 million, a 311% increase over 2019.
2021 wasn’t peaceful, either.
Among several, computer maker Acer has been hit by a ransomware attack in March, with the attackers demanding the largest known ransom to date--$50 million. There is no confirmation that it was paid.
In February, a water treatment plant in Florida came under cyberattack via a remote access system with the authorities claiming that the attackers wanted to poison the water supply.
Tens of thousands of organizations around the world had their email servers compromised in attacks targeting Microsoft Exchange Server. More than 30,000 organizations have been impacted since the attack began in early January until Microsoft released security updates. The company said that the attack was probably sponsored by the Chinese government.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) also said that state-sponsored Chinese hackers were targeting US researchers, both state-run and private, in cyberattacks seeking information on vaccines for COVID-19.
Even though both ransomware attacks, Colonial Pipeline and CNA, originated from the same region, there is not any evidence or rumors yet that they might have been state-sponsored.
By Michael Kern for Safehaven.com