Anatomy of a Ransomware Hack: A Modern Hostage Crisis
Photo Source: Wikimedia Commons
Just last week, a huge segment of the eastern part of the United States suffered fallout from a ransomware hack of the computers controlling the extensive gasoline pipeline system of Colonial Pipeline Co. On May 7, 2021, Colonial found a ransom note on a control room computer demanding a $4.4 million payment to unlock the pipeline's computers. The hack, called a ransomware attack, brought the pipeline to a standstill, effectively cutting off over 45% of the gasoline supply to the East Coast. (wsj.com) The immediate drop in gasoline availability sparked long lines at gas stations as drivers looked to stock up in the face of a deepening shortage. In the meantime, the CEO of Colonial, Joseph Blount, had to decide whether to pay the ransom or try to repair the damage done by the attack perpetrated by an Eastern European criminal gang known as DarkSide.
The attack on Colonial Pipeline serves as an example of a lucrative form of extortion for criminals—ransomware. According to Coveware, a ransomware response company, the average ransomware payment in the first quarter of 2021 equaled $220,298, up 43% from the previous quarter. (coveware.com) Not surprisingly, no sector of society appears off-limits to cybercriminals. Some of the most prevalent ransomware targets include hospitals and public sector institutions such as schools and municipalities. The allure of attacking hospitals derives from the critical nature of computers in everything in their operations, including essential instruments, lab records, pharmacies, and patient information. The imminent threat to patient safety drives the urgency to pay off the ransom. In September of 2020, amid the pandemic, criminals launched the most significant ransomware attack against a hospital system in US history. (nbcnews.com) The ransomware targeted United Health Services and impacted the 400 hospitals they service in the US and the UK. Although United Health Services did not pay the ransom, the attack cost them $67 million.
Ransomware works by infiltrating computer systems with software that takes control of computers and encrypts the data stored in these systems rendering them useless. Imagine if you came home to your house or returned to your car after work and the locks were changed, and it would take a master locksmith hundreds of years to pick the lock. That is what happens to files on ransomware computers. Special software jumbles up the computer's data, and only one specific key can unscramble the data. Unlike a physical combination lock which may have tens of thousands of possible combinations, computer encryption generates trillions and trillions of possible combinations. To put this in perspective, according to calculations provided by the data security firm Scram Software, it would take all the personal computers in the world working together 13,689 trillion trillion trillion trillion years to crack high level, 256-bit encryption. (scrambox.com) Clearly, brute force will not unlock a ransomware attack.
The best solution to a ransomware attack is not to get infected in the first place. Such a solution sounds glib, but hackers need to get past the security built into computer systems to start their attack. According to cybersecurity company, LastLine, hackers use different approaches to install their malicious software on victim's computers, including insecure passwords, malicious e-mail links, and drive-by downloads. Insecure passwords include short or obvious ones such as one's name, child's name, or company name. Hackers also use e-mail scams to trick people into revealing their passwords to the hacker. Drive-by downloads directly place malicious software on a victim's computer through insecure or out-of-date web browsers. Additionally, computer administrators need to keep their systems backed up and keep the clean backups utterly separate from the computer system to get fully restored to pre-attack working order.
Ransomware attacks continue to proliferate across the globe with increasing ransom demands. In the case of United Health Services, the company did not pay the ransom, but it cost the company close to $70 million in lost billing and repair. Fortunately, no patient was harmed in the attack. However, in Germany last year, a woman died due to a ransomware attack. In September 2020, because the system was down in the Dusseldorf Hospital treating her, the doctors needed to move her to another uninfected hospital in Wuppertal, about twenty miles away. Unfortunately, she did not survive due to treatment delays. (nytimes.com) The general position in the US to never pay ransom remains. Still, the CEO of Colonial pipeline decided to pay the $4.4 million ransom to try and get the pipeline up and running as soon as possible. Our lives now depend on computers to do their job and provide their support across every sector of society, from hospitals to pipelines and electrical grids. Ransomware hackers appear to have no regard for the health and safety of anyone, so we must double down on the defense against ransomware attacks and have solid preparation for when an attack occurs.
Dr. Smith’s career in scientific and information research spans the areas of bioinformatics, artificial intelligence, toxicology, and chemistry. He has published a number of peer-reviewed scientific papers. He has worked over the past seventeen years developing advanced analytics, machine learning, and knowledge management tools to enable research and support high level decision making. Tim completed his Ph.D. in Toxicology at Cornell University and a Bachelor of Science in chemistry from the University of Washington.