A Threat That Is Here to Stay

A Threat That Is Here to Stay

Dean Barber Dean Barber

Dean Barber

Getting smarter about Mexico

发布日期: 2021年6月20日
+ 关注

Note: This is one of seven articles in the latest edition of BBA Economic Digest, a weekly online publication for economic developers and business people. To read the others. Subscribe here.

From hospitals, to schools, to businesses, large and small, cybercrime is a threat that affects us all. And billions of dollars are at stake. 

Cybercrimes cost companies in the United States $1.87 billion last year, but the problem may be much larger, according to The Wall Street Journal.

Workers logging in from home during the pandemic certainly added to the risk. The number of affected firms is at a record high.

 Ransomware, a program that hackers use to hold digital information hostage, has become the top choice of malware for criminals in recent years.

In 2020, the total amount of ransom paid by cyberattack victims reached nearly $350 million worth of cryptocurrency, a 311 percent increase compared with the previous year.

Most of the ransom is paid to a relatively small number of highly organized groups of criminals with names such as Evil Corp. or DarkSide. One group, known as Ryuk out of Eastern Europe, has hit at least 235 general hospitals and inpatient psychiatric facilities, plus dozens of other healthcare facilities in the U.S. since 2018.

Ryuk accounted for about one-third of the 203 million U.S. ransomware attacks last year. according to cybersecurity firm SonicWall. Ryuk collected at least $100 million in paid ransom last year, according to the bitcoin analysis firm Chainalysis.

Not Only the Large

Typically these criminal gangs target large organizations with deep resources, breaking into their networks and installing malicious software that locks every file on every computer with an encryption key, essentially an uncrackable password.

Ryuk routinely extracts six- and seven-figure payments from victims in exchange for revealing the encryption key, according to security companies tracking the group.

But some cybercriminals are targeting smaller groups. 

Hackers stole $650,000 from the San Francisco nonprofit One Treasure Island through an email compromise attack. The money stolen had been earmarked for affordable housing projects.

Sherry Williams, the organization's executive director, told The Wall Street Journal that she contacted the FBI, the police, and others for help, but was that told the money was gone.

Authorities are unlikely to pursue a case unless the loss is at least half a million dollars and leads haven’t dried up, John Bennett, a former FBI agent and now the managing director in consulting firm Kroll Inc.’s cyber risk unit told the Journal.

“That’s because tomorrow we’re going to get a $15 million one and that one’s going to take a lot of time and effort,” he said.

Such triage helps the FBI deal with thousands of complaints. Last year, more than 19,300 reports of email-compromise crimes came in nationwide, according to the FBI's Internet Crime Complaint Center.

All countries have vulnerable physical nodes such as oil pipelines, power plants, and ports where failure can bring much economic activity to a standstill.

In the U.S., roughly 85 percent of critical infrastructure is privately owned, and the private sector is not required to follow the strict cybersecurity guidelines set by the government.

“We’ve got electric grids in this country, we have water systems, we have pipelines. We have a lot of critical infrastructure that is really open to some of these ransomware attacks and cyberattacks,” said Rep. John Katko, R-N.Y. “And we need to do a much better job than that.”

Here to Stay

Commerce Secretary Gina Raimondo says that ransomware attacks "are here to stay," and that businesses should plan accordingly. 

"The first thing we have to recognize," she said, "is this is the reality, and we should assume and businesses should assume, that these attacks are here to stay and, if anything, will intensify."

The good news in all this was that businesses can make relatively simple precautions against such attacks, Raimondo said.

"Some very simple steps like two-factor authentication, having proper backups and backup technology, can be enormously helpful against a wide variety of these attacks. So it is clear that the private sector needs to be more vigilant, by the way, including small- and medium-sized companies."

Dean Barber is the principal of BBA, a Dallas-based consultancy that helps economic development organizations unleash and create a better business environment within their communities. BBA also helps companies find optimal locations where risks are reduced and a return on investment is enhanced. Visit us at barberadvisors.com

要查看或添加评论,请登录

Dean Barber的更多文章

社区洞察

其他会员也浏览了