Ransomware attacks: the new top threat to national security?
Joe Biden orders probe into latest hack of hundreds of US businesses
Joe Biden has said US intelligence agencies are investigating a ransomware attack that hit hundreds of businesses last week, prompting suspicions of Russian gang involvement.
Security firm Huntress Labs said it believed the Russia-linked REvil ransomware gang were behind the sophisticated attack. The same group was blamed for a hack on the JBS meat processing company last month.
During a trip to Michigan, the president told reporters that “we’re not certain” who coordinated the ransomware attack. “The initial thinking was it was not the Russian government but we're not sure yet,” he added.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
The attacker “hijacked widely used technology management software from a Miami-based supplier called Kaseya”, Reuters reports, allowing the hackers to “encrypt the files” of around 200 businesses “simultaneously”. Huntress senior security researcher John Hammond told the news agency that it was a “colossal and devastating supply chain attack”. The Russian embassy in Washington has denied any Russian involvement.
Cyber pirates
The concept of a ransomware attack “can feel abstract”, The Washington Post says, and typically brings to mind images of “a group of organised but faceless criminals hijacking corporate computer systems and demanding millions of dollars in exchange for their safe return”.
But in reality, the paper continues, “the impact of these ransomware attacks is increasingly, unavoidably, real for everyday people”.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Such attacks often begin with “phishing” - emails sent to fool employees into giving passwords or access to their company’s computer systems. Once inside, the hackers isolate key information, lock the system and demand a ransom in exchange for its release.
In May, an attack on Colonial Pipeline disrupted an oil supply that carries 2.5 million barrels a day - representing 45% of the East Coast’s supply of diesel, petrol and jet fuel. In the following six days, US fuel prices rose by six cents per gallon, according to the American Automobile Association (AAA).
The US government “relaxed rules on fuel being transported by road to minimise disruption to supply”, allowing delivery drivers across “18 states to work extra or more flexible hours when transporting refined petroleum products”, as the BBC reported at the time. But independent oil market analyst Gaurav Sharma told the broadcaster that oil companies were still “scrambling” to meet demand.
Similar attacks across the US have “resulted in missed chemotherapy appointments and delayed ambulances, lost school days, and transportation problems”, The Washington Post reports. And a recent hack on the JBS meat processing company triggered “worries about meat shortages or other key food providers being at risk”.
The US is not alone in facing an increase in hostile efforts to access key infrastructure. The UK’s National Cyber Security Centre (NCSC) last week warned of a spate of “ransomware attacks against schools, colleges and universities” in recent weeks.
The increase in ransomware campaigns “emphasises again the need for organisations in the sector to protect their networks”, said the NCSC said, which noted that the attacks can “have a devastating impact”.
The spike in attacks worldwide “is exactly what cybersecurity professionals have been warning about for years”, The Washington Post adds. “But it’s partially the impact on everyday people - far from the executive suites, cybersecurity companies, or government agencies that regularly fret about the criminal enterprise - that has made the risk more visible.”
Defences dilemma
“Our goal is to make money and not creating problems for society,” DarkSide, the group behind the Colonial Pipeline attack, said in a statement sent to US news network CNBC in May.
The group of hackers is “apolitical” and “do not participate in geopolitics”, according to the statement, which claimed that DarkSide had been unaware its affiliates planned to target the US fuel pipeline. “From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future,” the group added.
Despite that promise, the recent string of high-profile attacks on key US infrastructure has “saddled” the Biden administration with a “grave national security crisis” that is “putting civilians on the front lines of an invisible conflict likely to defy quick fixes to lessen the threat”, writes CNN White House reporter Stephen Collinson.
The attackers are “targeting the country's vulnerable infrastructure as it struggles back to life after pandemic shutdowns”, Collinson continues, leaving the president with “thorny dilemmas about how to respond without escalating a full-on international cyberwar”. The “White House must hurriedly muster the defences of a vulnerable private sector”, while delivering on a pledge to “make culprits pay a painful price”.
Following the Colonial Pipeline hack, US Commerce Secretary Gina Raimondo told reporters that the administration was considering “all of the options” to confront the threat of ransomware criminals, adding: “We’re not taking anything off the table as we think about possible repercussions, consequences or retaliation.”
The issue was also on the agenda when Biden met with Vladimir Putin in Geneva for talks last month, amid the widely held belief that Russia “harbours some perpetrators” of major cyber assaults, The Guardian adds.
Biden wants Nato “to play a bigger role in tackling challenges facing the US from the Pacific and globally, while maintaining its foundational focus on Russia”, The Times reports.
Yet the “question of what kind of retaliation the US should launch is a fraught one”, says CNN’s Collinson.
“The cyber warfare battlefield is in the shadows, meaning there is little public evidence of actions the US may already have taken or the cathartic satisfaction of visible reprisals,” he writes.
“But any counter-attacks need to be calibrated to avoid an escalation that could not only cause a dangerous stand-off between the US and other nuclear powers but could also simply invite more attacks on US soil.”
-
The key financial dates to prepare for in 2025
The Explainer Discover the main money milestones that may affect you in the new year
By Marc Shoffman, The Week UK Published
-
Crossword: December 19, 2024
The Week's daily crossword
By The Week Staff Published
-
Sudoku medium: December 19, 2024
The Week's daily medium sudoku puzzle
By The Week Staff Published
-
Questions arise over the use of an AI crime-fighting tool
Under the Radar The tool was used in part to send a man to prison for life
By Justin Klawans, The Week US Published
-
RuWiki: Russian Wikipedia rival that censors everything from Ukraine to oral sex
Under the Radar Kremlin-backed project to create censored encyclopaedia could be a sign that Wikipedia's days are numbered in Russia
By Chas Newkey-Burden, The Week UK Published
-
Why Captchas are getting harder to solve
Under The Radar If the process continues to get harder, it could cause problems for people trying to book tickets for popular shows
By Chas Newkey-Burden, The Week UK Published
-
How social media is limiting political content
The Explainer Critics say Meta's 'extraordinary move' to have less politics in users' feeds could be 'actively muzzling civic action'
By Chas Newkey-Burden, The Week UK Published
-
Data breaches increased in 2023 and with them, internet security concerns
The Explainer One report found a 78% year-to-year increase in breaches from 2022 to 2023
By Justin Klawans, The Week US Published
-
Cyberflashing, fake news and the new crimes in the Online Safety Act
The Explainer UK's first conviction demonstrates scope of controversial law that critics describe as a threat to privacy and free speech
By Harriet Marsden, The Week UK Last updated
-
Russian hackers allegedly breach US government agencies in cyberattack
Speed Read
By Theara Coleman Published
-
Clop gang: Russian hackers issue ‘dark web ultimatum’ to BBC, Boots and BA
Under the Radar Affected companies urged to install security patches and not pay cyber criminals behind hack
By Rebekah Evans Published