These days, data is big business. It makes sense then, that ransomware attacks in which data is stolen or encrypted is a big modern category of crime. In fact, the ransomware threat is so significant that Wednesday, the Department of Homeland Security Secretary Alejandro Mayorkas said that it was at the very top of a list of high-priority cybercrimes that his department plans to take on. As such, he announced that it would be the first of several 60-day “cyber sprints” the department plans to execute in the coming months, meaning the issue will get intense attention over the next two months.
“Let us be clear: ransomware is not new,” Mayorkas said in a statement initially outlining the plan. “It has been around for years. What is new is the evolution of attackers’ methods, namely their ability to make money from it, and the increased frequency of these attacks. Tackling ransomware and protecting the weakest link will require partnering with state, local, tribal, and territorial governments and private sector entities across the country. This cross-sector collaboration is the hallmark of DHS’s approach to cybersecurity.”
According to cybersecurity firm Sophos, ransomware is expensive. Through a global survey, the group found that mitigating a ransomware attack costs on average, $732,520 for companies that don’t pay the ransom, and $1,448,458 for organizations that do. According to the FBI’s Internet Crime Complaint Center, ransomware attacks cost a total of $29,157,405 in the U.S. in 2020 alone.
In one of the most recent high-profile ransomware attacks, hacker group Ragnarok bragged Wednesday (March 31) that it stole about 40 gigabytes of data from luxury Italian men’s clothing line, Boggi Milano.
Ransomware attackers typically either lock down data or an entire computer network with a hack and refuse to remove it until a fee is paid, or they threaten to release stolen data until money — usually in the form of cryptocurrency — is sent. The latter seems to be the case for Boggi Milano, although the company hasn’t released the amount the hackers are demanding.
Other high-profile cases of late — and those that likely pushed ransomware to the top of Mayorkas’ list — are the exploits found on Microsoft Exchange servers as well as the SolarWinds hack. In the case of Microsoft, the attack was a zero-day exploit, which means hackers were able to penetrate Exchange servers before the company realized there was a vulnerability. The SolarWinds hack saw cybercriminals penetrate the IT company’s servers and gain access to a range of high-profile organizations, including Mayorkas’ own DHS and Treasury Department.
The increased focus on bad actors in the ransomware space may already be having an impact. In early February, the ransomware group Zippy announced that they would give back any money they stole, according to The Threat Post. This follows on the heels of a similar announcement by cyber-thieves Fonix, who said it would soon release a site to analyze malware as part of their efforts to make amends.
As to how the DHS plans to fight ransomware, it says it will use a tried-and-true approach: follow the money. In the meantime, organizations need to ensure their servers are properly protected with at least double-authentication protocols.
“Ransomware attacks are the new great digital train robbery, stealing data and crippling business through a constantly evolving attack ecosystem and malware that can evade perimeter controls,” Mark Bower, a data-security expert from comforte AG told Threat Post. “If data is neutralized using modern data-centric techniques that enable data use in the enterprise while protected, while restricting access to the minimum live data, attackers will get the equivalent of digital coal, not data gold, and soon move on to the next vulnerable target.”