Home Blogs Anatomy of Ransomware Crimes – Part One

Anatomy of Ransomware Crimes – Part One

Anatomy of Ransomware Crimes – Part One

Cyberattacks are becoming so sophisticated that hardening network defenses won’t be enough.

By Nazarul Islam

Ten years ago, ransomware was the domain of mostly small-fry hackers encrypting files to squeeze a few hundred dollars out of random individuals. Today it’s an urgent issue of national security.

Cybercriminals have been escalating their attacks for years — locking up the computer systems of police stations, city governments and hospitals. But the ransomware attack in May on the operator of the largest petroleum pipeline in the U.S. — which disrupted gasoline supplies in much of the country — is one of many cyberassaults that are tiptoeing closer to an act of war.

DarkSide, the hackers-for-hire believed to be based in Russia, dropped out of sight after the company Colonial Pipeline paid $4.4 million in bitcoin. But cybercrime groups frequently reorganize and rebrand. Haron and BlackMatter are among the new names that have emerged this summer. The FBI recently announced it was tracking more than 100 active ransomware groups.

To rein in ransomware attacks, the U.S. needs to upend the risk-reward ratio for hackers — and for the countries that harbor or support them. Such a national deterrence strategy would make networks harder to breach, hit back harder against hackers and claw back gains from those who succeed.

Many corporations and other private-sector organizations haven’t sufficiently hardened their own defenses, despite repeated warnings. In part, this is because they’ve paid too little a price for their negligence. In 2013, Target suffered what was then the largest-ever data breach, which compromised the financial data of 40 million customers.

In 2017, the sensitive financial records of more than 140 million people were exposed in the data breach of Equifax, a credit-monitoring company.

Neither company — nor many others like them — were punished by their shareholders or their customers over the long term.

That could change if companies start to be held legally liable — beyond government fines — for damage caused by their lax security. For instance, a class-action lawsuit has been filed on behalf of 11,000 gas station owners who are seeking damages for sales lost because of the Colonial Pipeline shutdown.

Their claims of negligence may have merit. Colonial and other pipeline operators had been alerted to ransomware threats months before the attack by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. And yet DarkSide easily made its way into Colonial’s networks using an inactive Virtual Private Network log-in found among many stolen passwords from the dark web.

The incursion might have been prevented by basic internet hygiene practices — deactivating old accounts, mandating frequent password updates and two-factor user authentication, and practicing running company operations from backup data.

Still, cyberattacks are becoming so sophisticated that hardening network defenses won’t be enough. The hack of developer SolarWinds, discovered in 2020, corrupted a routine update of its widely used IT management tool, while the Microsoft Exchange breach in March took advantage of four vulnerabilities in the email software that were exploited before a patch could be issued.


[author title=”Nazarul Islam ” image=”https://sindhcourier.com/wp-content/uploads/2021/05/Nazarul-Islam-2.png”]The Bengal-born writer Nazarul Islam is a senior educationist based in USA. He writes for Sindh Courier and the newspapers of Bangladesh, India and America. He is author of a recently published book ‘Chasing Hope’ – a compilation of his 119 articles.[/author]