Can Ransomware Be Stopped?
Ransomware attacks have become an increasing trend over the years, with hackers targeting crucial business and personal files, including data in government institutions and high-risk industries such as healthcare. This continues to paralyze different sectors, despite efforts by authorities to slow or stop ransomware attacks. Since hackers use sophisticated tools and software to encrypt files, most people and organizations are forced to pay the ransom and access crucial files “locked” by attackers.
Recent attacks on the largest U.S. fuel pipeline company and the leading meat-packing company have shown how cybercriminals can cripple the economy and put lives and livelihoods at risk. In 2020, for instance, hackers launched multiple coordinated attacks that hit over 100 federal, state, and municipal agencies, about 1,700 educational institutions, over 500 healthcare centers, and thousands of businesses. This resulted in tens of billions of dollars being paid as ransom and most victims losing their data in the same period.
With this trend, hackers present a significant threat to U.S. information systems, although the threat has been around for decades. Besides, these attacks seemed to be channeled towards specific companies such as water, energy, fuel, utilities, and meat-packing plants. These industries have direct links to foreign governments, have rising competition, and higher payouts, making them highly targeted by attackers. So, can ransomware attacks be stopped, or will hackers continue to win? Read on to find out.
What Is Ransomware? And How Does It Work?
Ransomware is a malware attack that infects and encrypts a victim’s data and other crucial files. Attackers will then demand a ransom to unlock or decrypt the data, or else the victim will never gain access to this information. Ransomware attacks usually exploit human, software, network, and system vulnerabilities to infect targeted systems and files.
Generally, a ransomware infection begins with malware accessing a victim’s device and launching an attack. The malware may either infect the entire system or target specific files and encrypt them. Hackers will then communicate anonymously with the victims to demand payments (ransom) before allowing them to access these files or their systems.
Ransomware Attacks as A National Security Menace
According to the FBI, ransomware attacks are inspired mainly by money, where most organizations are likely to pay a ransom and protect their reputation. However, meeting cybercriminals’ demands encourages more hacks, as attackers view it as a non-violent way of obtaining money. But ransomware attacks continue to leave a path of destruction, especially with actors getting more ruthless and bolder in demanding ransom after an attack.
This has made ransomware attacks a national security threat. Various organizations, including Amazon, the National Governors Association, Microsoft, the FBI, and Canada’s elite crime agencies, continue to work in unison to fight and stop ransomware attacks in North America. This shows that ransomware attacks pose not only a threat to private organizations, but also government institutions. For this reason, different agencies strive to stop ransomware attacks and prevent further loss of money due to ransom.
Why Do Ransomware Attacks Keep Rising?
Colonial Pipeline, the largest pipeline system dealing with refined oil products in the U.S., confirmed that it paid a total of $4.4 million to restore its data from a gang of hackers. Although the FBI discourages paying ransom in an attack, most organizations consider it for recovering or accessing their data.
Contrarily, prominent tech companies, including U.S. Canadian and British agencies, suggest that it would be difficult to ban ransom payments after an attack. This is because it is considered the only option for businesses to retrieve or access their information once attackers get hold of it. Besides, an organization will likely lose critical files and data, as it is difficult to reverse such attacks with standard software security features.
Furthermore, paying ransoms enables afflicted businesses to avoid bankruptcy because most attackers conduct in-depth research to learn financial capabilities and cybersecurity insurance coverage limits before launching an attack. This is the leading factor that drives ransomware attacks, besides vulnerabilities and weak cybersecurity protocols implemented by specific organizations.
So, Can Ransomware Attacks Be Stopped?
The 1998 Presidential Decision Directive saw the U.S. government taking steps to protect the country’s critical infrastructure against cyberattacks. This comprises infrastructure in transportation, banking, and finance, energy, and water systems. Several cybersecurity-related regulations were changed, but most industries were reluctant to embrace new changes. The slowness was primarily attributed to organizations wanting to avoid additional operational and financial burdens that accompany changes in networks and systems.
And with most businesses and organizations running on outdated technology and infrastructure, these systems were incapable of handling advanced and sophisticated attacks. Together with the willingness of victims to pay a ransom, outdated IT infrastructure makes it challenging to stop ransomware attacks. Besides, more organizations find it burdensome to replace their existing IT infrastructure with more advanced systems to prevent ransomware attacks and other cyber threats.
Another reason that makes it hard to stop ransomware is that cybercriminals are scattered globally and do not require a complete IT system to launch an attack. Ransomware gangs also have their identities concealed, making it difficult to pinpoint specific attackers or their locations. Most hackers share their resources for a fee, and this is another way that makes it hard to stop ransomware altogether. Ransom payments are often anonymous, untracked, and unmonitored, which essentially makes it almost impossible to stop ransomware.
In May 2021, U.S. President Joe Biden issued an Executive Order aimed at boosting U.S. cybersecurity measures. The EO appealed to the Department of Homeland Security (DHS) and the Department of Defense (DOD) to require organizations to secure their data, recuperate information sharing, and institute a Cyber Incident Review Board. The intent is to enhance their systems against cyberattacks, including ransomware attacks.
According to Joe Biden’s Executive Order, organizations should implement Multi-Factor Authentication (MFA) and encryption to limit access to their systems. There is also a need for organizations and businesses to back up their data offline on a regular basis, keep software and systems up-to-date, and patch systems to help prevent attacks.
Ransomware Cannot Be Stopped.
Although the White House, DOD, DHS, the FBI, and other agencies are working towards preventing and stopping ransomware attacks, more is yet to be done. Most organizations and businesses are not ready to devote themselves to defending against cyber threats and cyberattacks, even with adequate resources and modern technologies to prevent these attacks.
At HRCT, we understand the importance of keeping your IT infrastructure secure against attacks, including ransomware threats. For more cybersecurity information and how to protect your business against ransomware attacks, contact us to learn more today!