Ransomware has surged — Why the attacks are ‘going crazy right now’

·5 min read

Ransomware cyberattacks have skyrocketed, and no part of the economy is safe. From infrastructure companies like Colonial Pipeline to meat producers like JBS to a huge attack linked to Russia just over the Fourth of July weekend, the attacks have escalated.

According to George Kurtz, CEO of cybersecurity firm CrowdStrike (CRWD), the company is seeing a “massive” increase in ransomware attacks. And they’re targeting everything from private businesses to government entities.

“Ransomware is going crazy right now. What we’ve seen at CrowdStrike, is...almost 50 attacks per week, targeted attacks,” Kurtz told Yahoo Finance. “And it’s only getting worse.”

The most recent high-profile attack saw IT remote management software maker Kaseya hit by a supply chain-style ransomware attack, which impacted as many as 1,500 businesses. The suspected group behind the attack, REvil, is seeking a $70 million ransom to call it off.

What’s turned ransomware from a nuisance crime that impacted everyday people via email scams to a national security-level threat? A new business model for cybercriminals, a lack of accountability on the parts of foreign governments, and plenty of money to go around.

Cybercriminals have created a dangerous business model

Cybercriminal gangs like REvil (which stands for Ransomware Evil) have a business model that allows them to contract out their ransomware to smaller gangs that launch attacks.

“They have an affiliate model where anybody who contributes to the successful ransomware payment gets a profit share in the ransom,” explained Liam O’ Murchu, director of Symantec’s (AVGO) Security Response Group.

“They've got a lot of people in the cybercriminal underground, who want to help and want to participate in these attacks, and basically sucked the air out of all of the other economic models that were in the underground,” O’ Murchu said. “This is the biggest game in town right now.”

Cybercriminals have also taken their attacks to a new level that forces companies to respond as quickly as possible. In a normal ransomware attack, criminals target victims’ computer systems by encrypting them and keeping them locked down until the victims pay a ransom for the digital keys to regain access to their files.

FILE - In this Oct. 12, 2020 file photo, a worker heads into the JBS meatpacking plant in Greeley, Colo.  A weekend ransomware attack on the world’s largest meat company is disrupting production around the world just weeks after a similar incident shut down a U.S. oil pipeline. The White House confirms that Brazil-based meat processor JBS SA notified the U.S. government Sunday, May 30, 2021, of a ransom demand from a criminal organization likely based in Russia.  (AP Photo/David Zalubowski, File)
JBS was hit with a massive cyberattack that took its systems offline. (AP Photo/David Zalubowski, File)

More recently, however, cybercriminals have added a new threat. Now in addition to locking down victims’ systems, they’ll exfiltrate sensitive data and threaten to release it online if the victims don’t pay up quickly.

It’s not just sensitive corporate information either, O’ Murchu explained.

“Recently...a CEO of one of the companies that [cybercriminals] got into was having an affair with someone...and they leaked photographs of the person he was having the affair with,” he said. “They also get the phone numbers of the executives and they call them on the phone to put pressure on them.”

The ransoms are huge

Beyond a new business model and pressure tactics, cybercriminals are benefiting from huge wins in the amount they charge in ransom. In the instance of the Colonial Pipeline hack, the attackers got away with a $4.6 million ransom, though the U.S. recovered $2.3 million. JBS, meanwhile, paid $11 million. CNA Financial paid $40 million, and in the Kaseya attack, the hackers are seeking $70 million.

Those are massive numbers when you consider hackers were previously targeting individual consumers for hundreds or thousands of dollars. And as more companies pay exorbitant ransoms, more attacks will be launched.

“Attacks have been profitable, because people have been paying ransom,” NYU Tandon School of Engineering professor Justin Cappos explained. “So, effectively, if no one had ever paid ransom for ransomware, there would have been an initial sort of speculative thing where people were trying to do it and then it would have faded away.”

The government says companies should avoid paying ransoms, since it only invites more attacks. But there’s nothing to stop private businesses from paying up.

Legislation that forbids such transactions, however, could help put a stop to the ransomware outbreak.

“Let's say that [legislation] became nationwide and actually was enforced,” Cappos said. “Then that removes a lot of the economic incentive, because the attackers know there's a small, small chance they'll be paid, because an organization will have to find the money to do it, do it off the books, and face legal consequences if they did it.”

Cryptocurrencies have also facilitated anonymous payments, with hackers demanding ransoms in the form of bitcoin or ethereum. The rise in cryptocurrency prices, despite some pullbacks as of late, has made such currencies appealing for cybercriminals who want a big payday without being tracked.

Nations are turning a blindeye to criminal gangs

But cybercriminals can be tracked, and in the instance of gangs like REvil, they turn up in countries that either can’t or refuse to deal with them, such as Russia, China, or North Korea.

Oh Friday, President Joe Biden spoke with Russian President Vladmir Putin about the country’s inaction on ransomware gangs, and said the U.S. would respond if nothing is done.

“I made it very clear to him that the United States expects when a ransomware operation is coming from his soil even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” Biden said.

“And secondly, we’ve set up a means of communication now on a regular basis to be able to communicate with one another when each of us thinks something is happening in another country that affects the home country,” he said.

Asked if there would be consequences to further inaction, Biden said yes.

But until countries act to slow the spread of ransomware, the attacks will continue to haunt private companies and governments around the world.

Sign up for Yahoo Finance Tech newsletter

Got a tip? Email Daniel Howley at dhowley@yahoofinance.com over via encrypted mail at danielphowley@protonmail.com, and follow him on Twitter at @DanielHowley.

More from Dan:

Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, SmartNews, LinkedIn, YouTube, and reddit.