Why the ransomware crisis suddenly feels so relentless
Just weeks after a major American oil pipeline was struck by hackers, a cyberattack hit the world’s largest meat supplier. What next? Will these criminals target hospitals and schools? Will they start going after US cities, governments—and even the military?
In fact, all of these have been hit by ransomware already. While the onslaught we’ve seen in the last month feels new, hackers holding services hostage and demanding payments has been a huge business for years. Dozens of American cities have been disrupted by ransomware, while hospitals were hit by attacks even during the depths of the pandemic. And in 2019, the US military was targeted. But that doesn’t mean what we’re seeing now is just a matter of awareness. So what’s different now?
It’s the result of inaction
You cannot explain the metastasizing of the ransomware crisis without examining years of American inaction. The global ransomware crisis grew to incredible proportions during the Donald Trump presidency. Even as US critical infrastructure, cities, and oil pipelines were hit, the Trump administration did little to address the problem, and it went ignored by most Americans.
The ransomware boom started at the tail end of the Obama White House, which approached it as part of its overall cybercrime response. That involved putting agents on the ground around the world to score tactical wins in countries that were otherwise uncooperative, but defense against such attacks fell down the list of priorities under Trump even as ransomware itself boomed.
Today, the Biden administration is making an unprecedented attempt to tackle the problem. The White House has said that the hackers behind both the Colonial Pipeline and JBS ransomware attacks are based in Russia, and have current efforts involving Homeland Security and the Justice Department But while President Biden plans to discuss the attacks in an upcoming summit with Vladimir Putin on June 16, the problem goes deeper than just relationships between two countries.
It’s also the result of new tactics
When the ransomware industry was taking off half a decade ago, the business model for such attacks was fundamentally different—and far simpler. Ransomware gangs started out by indiscriminately infecting vulnerable machines without much care for exactly what they were doing or who they were targeting.
Today, the operations are much more sophisticated and the payouts are much higher. Ransomware gangs now pay specialist hackers to go “big game hunting” and seek out massive targets that can pay out huge ransoms. The hackers sell the access to the gangs, who then carry out the extortion. Everyone gets paid so handsomely that it’s become increasingly irresistible—especially because the gangs typically suffer no consequences.
There’s safe harbor for criminals
That leads to the next dimension of the problem: The hackers work from countries where they can avoid prosecution. They operate massive criminal empires and remain effectively immune to all attempts to rein them in. This is what Biden will bring up to Putin in the coming weeks.
The problem extends beyond Russia and, to be clear, it’s not as simple as Moscow directing hackers. But the Kremlin’s tolerance of cybercriminals—and sometimes even direct cooperation with them—is a real contributor to the booming criminal industry. To change that, America and other countries will have to work together to confront nations who otherwise see no problem with US hospitals and pipelines being held for ransom. The safe harbor for cybercriminals, combined with the mostly unregulated cryptocurrency used to facilitate the crime, has made it very favorable for the hackers.
And we’re all more connected and insecure than ever
And then there is the unavoidable fact that weak cybersecurity combined with ubiquitous connectivity equals increasingly vulnerable targets. Everything in America—from our factories to our hospitals—is connected to the internet, but a lot of it is not adequately secured.
Globally, the free market has repeatedly failed to solve some of the world’s biggest cybersecurity problems. This may be because the ransomware crisis is a problem at a scale that no private sector can solve alone.
As ransomware and cybercrime increasingly becomes a national security threat—and one that risks harming human beings, as in the case of attacks against hospitals—it’s become clear that government action is required. And so far officials from the world’s most powerful nations have chiefly succeeded in watching the disaster unfold.
Instead, what must happen to change this is a global partnership between countries and companies to take ransomware head on. There is momentum to change the status quo, including a major recent cybersecurity executive order out of the White House. But the work is only beginning.