Ransomware is all over the news. Israeli insurance company Shirbit is responding to a ransomware attack as of this writing. The attackers are demanding millions of dollars (paid in Bitcoin of course). They are releasing and dumping private customer data to the public.
Government agencies and private companies are assisting Shirbit with negotiations. Some media articles suggest the cyber attackers are not interested in receiving money, but are sowing chaos as a primary goal. Others suggest that at least one of the attackers is Israeli, based on analysis of the English used during chat negotiations.
The Dark Web & Silk Road as a Model
Is ransomware the new big online evil? Yes. For the path it will take, I suggest we take a look at the dark web, and especially Silk Road and other online illicit marketplaces. Silk Road was launched in 2011 and shut down by the feds in 2013.
The founder was sentenced to two life sentences plus 30 years. Though his supporters are pushing for his release, judges and politicians see Silk Road as a drug and gun market – the fact that it was based on TCP/IP or the TOR network doesn’t interest them (if they know what that means in the first place). The media reported that Silk Road led to the deaths of six people.
If you remove the aura of the dark web from Silk Road, the danger is simple. Every product that we consume is regulated. Food and medicine require FDA approval in the US, which is considered a gold standard around the world. Unregulated hard drugs and weapons for sale? No thanks. We disagree on legalization of certain items and consumables, but we should all agree that we have a democratic, legal system for changing laws. You don’t want to live in a “free for all” world. When people start to die, the romanticism of the dark web fades away.
The same goes for ransomware. Remove the layer of internet and ransomware is mafia-style extortion and protection money. The technology leveraged doesn’t change the essence of the crime.
Dark web marketplaces still exist, but it is a very dangerous game to open an illegal market online. In many cases, the FBI arrests people years after the crimes took place. The feds have time on their side. They meticulously collect evidence and prosecutors issue indictments when the case is ready for judge and jury.
Back to Ransomware
Today, ransomware attackers are getting away with perpetrating their crimes. They have good reason not to fear arrest or incarceration. This won’t last forever. It may take a year or a few years, but eventually the world’s powerful law enforcement agencies will step up their game and go after the cyber attackers.
One day we will wake up to a ransomware attack akin to Silk Road – a major attack that captures the attention of the media and the public. Politicians will call for arrests and US federal agencies will go after the perpetrators. When the feds decide to go after a person or organization, it is just a matter of time before they are caught. Conviction rates in the US federal justice system hover around 98-99%.
Ransomware – What to Expect
Expect more ransomware attacks. We are still in the “takeoff period” of this new type of criminal activity. Large companies that you know of, and are possible a customer of, will be hit by ransomware. Like any gold rush, more criminal minds will join the game.
And then one day, a ransomware attack will hit the headlines all over the world at once. American and European law enforcement agencies will collaborate and soon after, arrests will be made. A year later, the ransomware perpetrators will be sentenced to decades in prison.
Within weeks, more cyber attack groups will get busted. This will go on for years. Yes, ransomware will continue to occur – it is rare that a new type of crime totally disappears. But the risks of joining a ransomware attack gang will be huge and criminals will think twice before joining the wrong club.
2021 – the Year of Ransomware
2021 will be the year that ransomware becomes a household word. The topic will be splattered all over the news. What can companies do?
• Take a proactive approach – don’t wait to be hit
• Go over cybersecurity rules and policies
• Educate employees as to the danger of ransomware
• Secure computers – look for weak points
• Hire a company to run penetration tests so you know your weak points before attacker do
• Be prepared to hire an incident response team immediately upon being attacked by ransomware – don’t dare negotiate alone
• Are all of your computers exposed to the internet? Consider “offlining” servers and desktops that don’t need to be online
• Review remote access to your network – of employees and your supply chain. Limit and remove access to those who do not need access. Remote access is a major weak point when it comes to cybersecurity
The latest headlines are a great excuse to review your cybersecurity policies and practices. The good guys will beat back ransomware. Until then, take proactive efforts to prevent your company from becoming a headline for the wrong reason.