Tough fight looms against ransomware 'epidemic'

Digitalisation of critical systems globally has opened up more avenues for hackers

A cyber attack last month crippled the biggest fuel pipeline in the US, run by Colonial Pipeline, and affected supply to petrol kiosks in parts of the country, like this one in Lakeland, Florida.
A cyber attack last month crippled the biggest fuel pipeline in the US, run by Colonial Pipeline, and affected supply to petrol kiosks in parts of the country, like this one in Lakeland, Florida. PHOTO: REUTERS

WASHINGTON • A latest wave of ransomware attacks hitting the United States and globally portends a difficult battle against hackers, even as government and the private sector ramp up defences.

Attacks hitting the Colonial Pipeline and the major JBS meatpacking operations are examples of a burgeoning cybercrime industry with the potential to inflict pain and extract profits by impacting "critical" networks, experts say.

Other recent targets include local governments, hospitals, insurers, a ferry system and others in the United States and elsewhere, with many of the attacks attributed to Russia-based hackers operating with at least tacit approval from the Kremlin.

At least US$18 billion (S$23 billion) was paid to ransomware attackers last year, according to the security firm Emsisoft, which has found "tens of thousands" of victims so far this year.

"Ransomware is hitting epidemic proportions and business as usual isn't going to cut it," said Mr Frank Cilluffo, director of Auburn University's McCrary Institute for Cyber and Critical Infrastructure Security.

Mr Parham Eftekhari, chairman of the Institute for Critical Infrastructure Technology, a think-tank focused on cyber security, noted that a rush to digitisation of more systems has opened up more avenues for hackers.

"We are prioritising speed to market, functionality, profits and business objectives over security," said Mr Eftekhari.

US officials in recent days have signalled a stepped-up effort on ransomware, calling these investigations a "top priority" and comparing the effort to the fight against terror following the Sept 11, 2001 attacks.

The Justice Department said on Monday that it had recovered more than half of the US$4.4 million ransom paid by Colonial Pipeline, in a rare success story.

Mr Brett Callow, an analyst at the security firm Emsisoft, said: "The recovery of the ransom is, obviously, a positive as it signals to cyber criminals that their ill-gotten gains are not necessarily beyond the reach of law enforcement."

But he added that ransomware remains a scourge because "the financial rewards are huge (and) the chances of being caught are near-zero... We still have a very, very long way to go before the ransomware problem will be solved".

Following sanctions imposed on Moscow, US officials have said little about future responses, but analysts believe there is considerable activity under the radar.

"The US government appropriately responds sometimes in a covert manner," said Mr Eftekhari. "We have the greatest cyber offensive and defensive abilities on the planet."

But security specialists say cyber defence is complex and requires actions across the board, including training for employees to avoid mistakes that let malicious actors into networks.

Security firm Proofpoint found in a recent survey that two-thirds of computer security officers acknowledge they are unprepared to cope with a future cyber attack, noted Ms Lucia Milica, Proofpoint's global resident chief information security officer.

"Human error is one of the biggest vulnerabilities and we've seen that remote work has made networks more vulnerable," she said.

The latest attacks, on the heels of big data breaches affecting Microsoft e-mail servers and the widely deployed SolarWinds security software, raise questions about protecting 16 "critical infrastructure" sectors including energy, utilities, defence, food and manufacturing.

Mr James Lewis, head of technology policy at the Centre for Strategic and International Studies, said these sectors have been victimised frequently but that successes are obscured by high-profile hacks.

"We probably need to rethink what critical infrastructure is," Mr Lewis said, suggesting that the label be used for public safety and national security.

Making cryptocurrency transactions easier to trace could aid the fight against ransomware by curbing anonymous transactions, some analysts say.


Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on June 10, 2021, with the headline Tough fight looms against ransomware 'epidemic'. Subscribe