As ransomware rages, debate heats up on response

Ransomware attacks have crippled many municipal and corporate networks and created difficult choices on whether to pay the hacke
Ransomware attacks have crippled many municipal and corporate networks and created difficult choices on whether to pay the hackers to unlock data

City services in Baltimore, Maryland, were paralyzed earlier this year when a ransomware attack locked up computer networks and made it impossible for residents to make property transactions or pay their municipal bills.

Officials refused to meet hacker demands for a ransom of $76,000 to unlock the systems, but have been saddled with an estimated $18 million in costs of restoring and rebuilding the 's .

The dilemma in Baltimore and in a similar case in Atlanta a year earlier highlight tough choices faced by cities, hospitals and corporations hit by , which can shut down critical services for organizations with dated or vulnerable computer networks.

Two Florida cities reportedly paid a total of $1 million in ransom this year, after which a new attack by the same group hit the state court system in Georgia.

Globally, losses from ransomware rose by 60 percent last year to $8 billion, according to data compiled by the Internet Society's Online Trust Alliance.

At least 170 county, city or state government systems have been hit since 2013, with 22 incidents this year, according to the US Conference of Mayors, which adopted a resolution opposing ransomware payments.

"We're seeing more attacks against cities because it's clear cities are ill-prepared, and even if they know what's going on they don't have the funds to fix it," said Gregory Falco, a researcher at Stanford University specializing in municipal network security.

Some analysts say ransomware attacks may have political motivations as well as financial ones
Some analysts say ransomware attacks may have political motivations as well as financial ones

Epidemic proportions

Frank Cilluffo, head of Auburn University's Center for Cyber and Homeland Security, said the attacks have reached epidemic levels.

"The scale and scope of the problem is striking, affecting everywhere from relatively robust states to major metropolitan areas to smaller cities and counties," Cilluffo told a congressional hearing last month.

"Targets include police and sheriff departments, schools and libraries, health agencies, transit systems, and courts... no jurisdiction is too small or too large to go unaffected."

Ransomware has been a thorny cybersecurity issue for several years in the US and globally, marked by global ransomware attacks known as "WannaCry" and "NotPetya."

Health care institutions have been frequent victims, and Hollywood Presbyterian Medical Center revealed in 2016 it paid $17,000 to hackers to decrypt important data.

The French Interior Ministry said in a recent report authorities responded to some 560 ransomware incidents in 2018 but also noted that most incidents are unreported.

The same ministry report said hackers have shifted their strategy from attacking many systems with demands for small ransoms to more targeted attacks with higher potential payout.

Global losses from ransomware amounted to some $8 billion in 2018, according to a recent study
Global losses from ransomware amounted to some $8 billion in 2018, according to a recent study

Pay or resist?

While the FBI and others warn against paying ransoms, some analysts say there is no clear answer for victims when critical data is locked.

"You have to do what's right for your organization," Falco said. "It's not the FBI's call. You might have criminal justice information, you could have decades of evidence. You have to weigh this for yourself."

Josh Zelonis at Forrester Research offered a similar view, saying in a blog post that victims need to consider paying the ransom as a valid option, alongside other recovery efforts.

But Randy Marchany, chief information security officer for Virginia Tech University, said the best answer is to take a hardline "don't pay" attitude.

"I don't agree with any organization or city paying the ransom," Marchany said.

"The victims will have to rebuild their infrastructure from scratch anyway. If you pay the ransom, the hackers give you the decryption key but you have no assurance the ransomware has been removed from all of your systems. So, you have to rebuild them anyway."

A global cyberattack in 2017 infected more than 200,000 victims in more than 150 countries with ransomware, including Britain's
A global cyberattack in 2017 infected more than 200,000 victims in more than 150 countries with ransomware, including Britain's state-run National Health Service

Prevention is best

Victims often fail to take preventive measures such as software updates and data backups that would limit the impact of ransomware.

But victims may not always be aware of potential remedies that don't involve paying up, said Brett Callow of Emsisoft, one of several security firms that offer free decryption tools.

"If the encryption in ransomware is implemented properly, there is a zero chance of recovery unless you pay the ransom," Callow said.

"Often it isn't implemented properly, and we find weaknesses in the encryption and undo it."

Callow also points to coordinated efforts of security firms including the No More Ransom Project, which partners with Europol, and ID Ransomware, which can identify some malware and sometimes unlock data.

Analysts point out that ransomware attacks may be motivated by more than just money. Two Iranians were charged last year in the attack on Atlanta that prosecutors said was an attempt to disrupt US institutions.

"Attackers which aren't such big fans of the US might want to cause economic disruption," Falco said.

"Instead of trying to take down the whole electric grid, they may try to create chaos in a number of cities."


Explore further

Florida city pays $600,000 ransom to save computer records

© 2019 AFP

Citation: As ransomware rages, debate heats up on response (2019, July 14) retrieved 18 July 2019 from https://phys.org/news/2019-07-ransomware-rages-debate-response.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
42 shares

Feedback to editors

User comments

Jul 14, 2019
The two biggest risks to a computer network are of course lack of proper off and on line backup and outdated operating systems. Many municipalities and institutions are running old windows operating systems that have many security flaws.

Jul 14, 2019
Track down one ransomware outfit. Execute them in public. That'll send a message.

Jul 15, 2019
The post-modern equivalent of horse-thieves should be treated as horse-thieves have traditionally been treated. Often their rotting skeletons were found hanging with a scrawled sign around their neck, Hors Thef!

Jul 15, 2019
Ransomware – The solution disconnect this BT socket

Microsoft's latest windows 10 massive update
Has this solution to Ransomware
Download your data to Microsoft One-Cloud

But seriously
If you have sensitive data
Why have you got this sensitive data connected to a BT socket
For BT sends all your data round this interweb
BT sends your data at light-speed round this world for all to view
For
If you have fallen foul of Ransomware
The
Solution
Is
Simple
Go to the wall and you will see a BT phone socket

Pull This Telephone Wire Out This BT Socket

Jul 15, 2019
To pay your Ransomware Danegeld to decrypt important data makes you WannaCry

As this data is already in these hands of these Ransomware hoodwinkers
It has become this Danegeld
They can eternally threaten to reveal this data for more Danegeld

Ransomware is this Danegeld
Danegeld
Danish tax literally Dane yield or tribute
Was a tax raised to pay tribute
To the Viking raiders to save a land from being ravaged
It was called the geld or gafol in eleventh-century sources
It was characteristic of royal policy
In both England and France
During the ninth through eleventh centuries
Collected both as tributary
To buy off the attackers
https://en.wikipe...Danegeld

Jul 15, 2019
Dane-geld by Rudyard Kipling

It is wrong to put temptation in the path of any nation,
   For fear they should succumb and go astray;
So when you are requested to pay up or be molested,
   You will find it better policy to say: –

"We never pay any-one Dane-geld,
   No matter how trifling the cost;
For the end of that game is oppression and shame,
   And the nation that plays it is lost!"

https://en.wikipe...d_(poem)

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more