Blake Dowling: A strategy to win the ransomware war

ransomware
The solution is to stop paying the ransoms, now.

Our leaders on Capitol Hill, the national media (“60 Minutes” on Sunday), and the world are finally starting to recognize that ransomware is a massive national security risk.

Why it took years to get to this point? No idea.

I guess when you take away our meat and fuel (everyone in gas-crazy Florida knows about Colonial), Americans start paying attention; not just paying attention, but creating a Justice Department Ransomware Task Force.

On our podcast last week, my exact words were: “Follow what President (Ronald) Reagan did with terrorists, and do not negotiate or pay ransoms to them — ever.”

If you read my columns over the past 10 years, one in four is about cybercrime and usually, ransomware is in the mix.

What’s new with these threats, besides making an appearance on 60 Minutes and being discussed by the White House?

What’s new is that people keep paying the ransom; more hacking groups are getting in the mix because it is extremely lucrative.

We have seen the payouts and we have to stop paying them, CNA Insurance paid out $40 million and Colonial $5 million. Even if you bribe to pay to your host government, those are some steep margins for setting up some email blasts loaded with malware.

Hackers are getting more creative/devious with these attacks; not only do the latest strains encrypt your data, but they also steal it.

Essentially, there’s double extortion going on: First you pay to get the encryption keys back to unlock your data. If you have rock-solid data backups and wipe and reload your systems so you don’t have to pay to get the keys. But if you have private and sensitive info, you might be tempted to pay to stop the release of the data where it might end up for sale on the dark web.

Granted, there is no guarantee that the criminals will give you encryption codes nor any assurances that they will not release your stolen info regardless, especially if you have valuable data, like Social Security numbers, state secrets, credit card numbers, etc.

By the numbers, a report from Cybersecurity Ventures says ransomware damages would cost the world $5 Billion USD in 2017, up from $325 million in 2016 and rocketing to $20 billion in 2021. That’s approx. 57 times more than that 2015 number.

Why the jump? You could see it right here in Florida with small business ransomware attacks for $ or $10K, and people paid them so they went up to see what the market could bear. As cities like Stuart, Riviera, Lake City, and Key Biscayne were all attacked, Riviera paid $500k in ransom, Lake City around the same. This is why more hackers are getting in the game.

The solution is to stop paying the ransoms, now. I wrote about these cities in 2019.

Two Florida hospitals were hit in the last week, UF Health Leesburg and The Villages. Little info is available on what went down and the amount of ransom demanded or paid, but, hopefully, they restored from backups and did not pay the criminals.

Ultimately, Broward County Schools took the same approach this year when they were attacked. Granted, they were asked to pay $40 million in ransom, and they said the best they could do was approximately $500K, which the criminals laughed at.

So, they restored their systems from backups. The process can be arduous, but that is how it must be done to put these folks out of business.

This situation isn’t going away anytime soon. We are like Rocky in the eighth round, getting pounded by Ivan Drago — this analogy fits nicely since most of these ransomware gangs are in Russia.

Just like in Rocky IV, we will eventually be victorious, but we must take our beating first. And man, are we.

But wait, just like in Rocky, he starts suddenly swinging again. To that end, the new Justice Department Ransomware Taskforce recouped some of the ransom Colonial paid to hacking group Darkside this week. It’s about time we got a punch in.

So do your part, stop clicking on emails without verification; think of every email as potentially devious and email (as a whole) being a threat delivery system — then, you are on the right track.

Deploy two-factor authentication, robust backups and tighten up those open ports and passwords.

And if attacked — wait for it — stop paying ransoms. Then we will see the tide turn in this brutal cyber-war.

___

Blake Dowling is CEO of Aegis Business Technologies and over the years, he penned around 25 columns on cyber incidents. You can email him at [email protected].

Blake Dowling

Blake Dowling is CEO of Aegis Business Technologies. His technology columns are published by several organizations. Contact him at [email protected] or at www.aegisbiztech.com



#FlaPol

Florida Politics is a statewide, new media platform covering campaigns, elections, government, policy, and lobbying in Florida. This platform and all of its content are owned by Extensive Enterprises Media.

Publisher: Peter Schorsch @PeterSchorschFL

Contributors & reporters: Phil Ammann, Drew Dixon, Roseanne Dunkelberger, A.G. Gancarski, William March, Ryan Nicol, Jacob Ogles, Cole Pepper, Jesse Scheckner, Drew Wilson, and Mike Wright.

Email: [email protected]
Twitter: @PeterSchorschFL
Phone: (727) 642-3162
Address: 204 37th Avenue North #182
St. Petersburg, Florida 33704