Finance

Push To Treat Ransomware Hacking Like Terrorism Is 21st Century Defense U.S. Investment Needs

The Department of Justice went so far as to declare 2020 the 'worst year ever' for extortion-related cyberattacks.

By  
on

In April, a hacking group with suspected ties to the Chinese government overcame the cyber defenses of the Metropolitan Transit Authority in New York. The MTA carriers millions of passengers every day. It is the largest transit network in North America.

Colonial Pipeline controls 45 percent of the fuel supply in the eastern United States. In May, a ransomware attack that was the result of a single compromised password breached Colonial Pipeline’s computer networks and shut down the largest fuel pipeline in the United States. Throughout its 57-year history, Colonial had never before had to shut down its entire gasoline pipeline system. Panicked consumers scrambled to fill their tanks, making supply problems worse.

JBS, the world’s largest meat processing company, faced its own ransomware attack in early June. Several plants across the U.S. had to be temporarily shut down. Hackers given haven in Russia were tied to the attack.

These may be the latest and largest examples of cyberattacks on critical U.S. supply chains and infrastructure, but there are dozens of others. From the District of Columbia police force to the agency that controls a Florida city’s water supply, cyber intrusions have affected a broad swath of American society in recent months. No one seems immune. The Department of Justice went so far as to declare 2020 the “worst year ever” for extortion-related cyberattacks. The DOJ also created a task force to specifically focus on ransomware.

Internal guidance sent to U.S. attorney’s offices throughout the nation on June 3 indicated that ransomware field investigations should be coordinated with the new Washington task force. A senior Justice Department official told Reuters that the agency is going to give investigations of ransomware cyberattacks a similar priority as terrorism investigations. FBI director Christopher Wray echoed those comments on June 4, when he warned that battling cyberattacks on American government and commercial entities would be similar to fighting terrorism in the wake of 9/11.

It seems this new ransomware prioritization is already bearing fruit. In its May attack against Colonial Pipeline, the hacker group known as DarkSide demanded a $4.4 million ransom, which Colonial Pipeline paid in order to restore operations. On June 8, the Justice Department announced that it had seized approximately $2.3 million in Bitcoins paid to the Colonial Pipeline hackers. Although the value of the seized Bitcoins falls short of the full amount paid to the hackers, more than half of the ransom was recovered.

While it is unclear how much the two events were related, shortly after U.S. law enforcement officials seized the Bitcoins used to pay part of the Colonial Pipeline ransom, the price of the digital asset slumped by seven percent. The price of Bitcoin aside, if more major law enforcement successes in the digital realm follow this one, the value of almost every real-world, tangible asset that relies on computer networks would be effectively safeguarded.

Sponsored

Ransomware hackers and other types of digital thieves, especially those operating abroad, have been a difficult nut to crack for American authorities. But just because a real-life hijacking has higher production values than a cyber intrusion does not mean the latter is any less threatening. Hackers might not immediately jeopardize lives in the same way as a man waving a gun. Yet, when their targets include transportation systems, critical food and power infrastructure, and even law enforcement entities, as they have in recent months, real lives are impacted. Left unchecked, hackers can operate from just about anywhere, and the proliferation of ransomware attacks has demonstrated that digital crime is on the rise even as its analog counterpart continues to decline in the U.S.

The hackers may have finally gone too far. With U.S. authorities seizing their ill-gotten gains and threatening to go after them as aggressively as terrorists, even the DarkSide hacking group issued a rare mea culpa. Hopefully the DOJ’s promise to more aggressively pursue criminal hacking groups will help provide the type of 21st century protection businesses and other entities need.

Jonathan Wolf is a civil litigator and author of Your Debt-Free JD (affiliate link). He has taught legal writing, written for a wide variety of publications, and made it both his business and his pleasure to be financially and scientifically literate. Any views he expresses are probably pure gold, but are nonetheless solely his own and should not be attributed to any organization with which he is affiliated. He wouldn’t want to share the credit anyway. He can be reached at jon_wolf@hotmail.com.

Sponsored

Topics

, , , , , ,