Five facts about ransomware attacks

A Colonial Pipeline facility in Baltimore, Maryland on May 10, 2021. PHOTO: EPA-EFE

NEW YORK (REUTERS) - A ransomware attack on top US fuel pipeline operator Colonial Pipeline has brought attention to the growing area of cybercrime.

The following are some details on ransomware and the issues around it:

What is ransomware?

- Ransom software works by encrypting victims' data; typically hackers will offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of dollars. If the victim resists, hackers are increasingly threatening to leak confidential data in a bid to pile on the pressure.

The ransomware group DarkSide suspected by United States authorities of the Colonial Pipeline attack, said in an unusual statement that it wanted to make money but did not say how much.

How widespread is it?

- Ransomware gangs collected almost US$350 million (S$464 million) last year, up threefold from 2019, according to members of a public-private group called the Ransomware Task Force. While the magnitude of the DarkSide breach is significant, other kinds of attacks have arguably been more destructive. In 2017 the so-called WannaCry cyber attack crippled hospitals, banks and other companies across the globe.

The US government said the attack cost billions and blamed North Korea.

NotPetya malware, which struck Ukraine the same year but also did damage worldwide, similarly racked up billions in costs.

What is being done to stop it?

- In April the US Department of Justice established a government group on ransomware. Central bank regulators and financial crime investigators worldwide are also debating if and how cryptocurrencies, which are used to pay the ransoms, should be regulated.

What was the last major attack on US infrastructure?

- In October 2020, Eastern European criminals targeted dozens of US hospitals with ransomware, including in Oregon, California and New York. The Federal Bureau of Investigation and Homeland Security officials subsequently led a conference for hospital administrators and cyber-security experts.

What can be done to stop ransomware?

- Criminals using ransomware to extort money do not always use the most sophisticated methods. Biden administration official Anne Neuberger said, for example, that the DarkSide ransomware was a "known variant" and said some breaches can be thwarted by making sure computer networks have installed up-to-date patches.

Join ST's Telegram channel and get the latest breaking news delivered to you.