Blake Dowling
Ransomware has been in the headlines for years. As a refresher: ransomware is defined as a type of malicious software designed to block access to a computer system until a sum of money is paid.
Last week, I was discussing the 25th anniversary of our company on our podcast.
Twenty-five years ago, cybersecurity was not top of mind for most of us. Ransomware did not exist by current definitions.
Faux faxes and bogus emails about paying “legal fees” to get your inheritance of $10 million in diamonds were the most common threat back then.
These days — every day — I bet everyone reading this knows an organization they work with that is dealing with a “cyber incident” of some kind.
But what happens when it’s a government that’s affected? In recent years, several Florida municipalities — Rivera, Stuart, Tallahassee, Naples, Lake City, Key Biscayne — have all had to deal with cyber incidents.
Depending on the nature of the attack, imagine the potential impact.
Fire department, electricity and other utilities, police, jail, ambulance, trash pickup; there’s a reason that those municipalities paid the ransom (although as a rule, you should not; it only keeps them in business and hunting for the next victim).
Unlike the others, the Tallahassee situation in 2019 was not ransomware; it was a different kind of attack. Speaking of which, USA Today ran this article describing the theft of city funds here in Leon County written by Karl Etters of the Tallahassee Democrat; I contributed to it.
I don’t just write about cybercrime. At our business, we live it — fighting hacking attempts and cybercrime every day for our clients.
A few years ago, I witnessed firsthand a ransomware attack at the county level in Florida. It took down all services for several days. They will remain anonymous, and kudos to them for not paying a ransom like some of the other entities mentioned here by name.
The county restored from backup (with our help) and continued business as usual. These instances were brutal and disruptive, but what happens when it hits at a higher level?
This week, in Costa Rica, the national government deals with a cyberattack that is having an impact on the entire country in one way or another, and not just all the services mentioned.
Hopefully, their armed forces are not affected.
Conti, the Russian hacking gang, was behind the attack and they are not just asking for money as in a normal ransomware attack. They threatened to overthrow the government (well, that escalated quickly, as the saying goes).
Could an online hacking gang do this? They are threatening to delete critical systems and are demanding a massive ransom ($20 million). But overthrow the government?
While a terrifying notion, it is extremely unlikely this could happen.
Costa Rican President Rodrigo Chaves declared a national emergency and the U.S. jumped to Costa Rica’s aid, with the State Department offering a $10 million award for information leading to the capture of the Conti gang.
The Conti group posted the following (according to The Associated Press): “We are determined to overthrow the government by means of a cyberattack, we have already shown you all the strength and power, you have introduced an emergency.”
This is not the first time we have heard the Conti name. The FBI estimates that they have been involved in 1,000 successful hacks with over $150 million paid out by victims.
While that is staggering, this looks to be their first attack on a regime.
The affected departments appear to be Ministries of Finance, Labor, Social Security, and others, but details are still coming in as this is happening right now.
What does this mean for us in Florida? When your IT department says to not click on anything suspicious, don’t! Ransomware most often comes in via email. When IT says they need to up their budget for redundant backups, two-factor authentication, advanced threat blocking, remediation, and threat isolation tools, say yes.
And when it is time to renew your firewall and antivirus defenses, make sure to do it.
What is happening in Costa Rica could happen anywhere, in theory. Expect a massive response as they are now using the term “terrorist” to describe these groups, not just hackers and cybercriminals.
The cyberwar is raging, and if you’re keeping score, we’re not winning.
It will take a swift tactical response to this group and a fast resolution to the situation in Costa Rica to make this right. The money lost and jobs impacted will be brutal, but think about those in the hospital, those needing an ambulance and the lives that could be lost in a cyber incident.
That, my friends, is reason enough for us all to rally on this cause. Stay safe, don’t click, and good luck to all in Costa Rica.
___
Blake Dowling is CEO of Aegis Business Technologies and the author of the book “Professionally Distanced.” He can be reached at [email protected]. You can also check out his review of the past 25th years of all things, technology, etc. in his latest podcast.
