Contributed by Micki Boland, Cyber Security Expert and Evangelist, Check Point Software
As a security panelist at a Dallas Cyber Security Summit in 2016, I lightly sparred with another cyber security expert panelist regarding a question the audience posed to the panel. The question was: “What do you think is the greatest cybersecurity threat is in the coming years?”
Here was my answer: I predicted that ransomware would become increasingly more dangerous. I backed this with the fact that SamSam ransomware was evolving at that time, using a JBoss flaw to attack servers, which then self-propagates to perpetrate an enterprise level attack rather than going after individual endpoints. In this way, the cyber criminals could demand much more in bitcoin ransom. The fellow panelist disagreed, indicating that his firm, a cyber security start up, “had ransomware all figured out.” In this case, I think my crystal ball was more accurate.
So what’s the state of ransomware in 2021? Ransomware indeed has become an increasingly dangerous threat in 2021. Enterprise cyber criminals are becoming bolder, upping the ante in ransomware attacks and increasingly using publicity to threaten, expose and shame the victim organization into paying the demanded ransom.
These enterprise cyber criminal groups are using a double extortion approach: steal highly sensitive private data, demand higher ransom and force the enterprise to negotiate. If demands are not met, then threaten to release the victim organization’s private data to the world. If this sounds a bit like the beginning of James Bond movie Skyfall to you, then I should have your attention.
In April 2021, Babuk, an enterprise cyber criminal organization, hacked Washington DC Metropolitan Police Department (MPD) and stole over 250mb of highly sensitive data. Babuk was initially indicated to have involvement with DarkSide, the group attributed to the recent U.S. pipeline ransomware attack. However, investigators now think these attacks are unrelated.
Babuk has been busy negotiating with MPD, initially demanding $50m in cryptocurrency, then negotiating for $4m. According to ArsTechnica, when MPD would only agree to pay $100k ransom, Babuk released 161mb of data on the dark web, including the personal records of 22 MPD police officers. The released data is critically sensitive PII related to police officer HR process: psychological evaluations, polygraph test results, driver license information, fingerprints, social security numbers, date of birth, financial background checks, marriage and residence records, and possibly disciplinary files.
MPD identified and blocked the “mechanism” used in the intrusion and the FBI is investigating. However, Babuk is now threatening to release the identity of MPD informants if MPD does not pay.
Is help on the way? On April 22, 2021, the Department of Justice announced that it is forming a new task force dedicated to going after enterprise cybercriminal organizations to help respond to the growing threat of ransomware. This seems to be good news, though taking down enterprise cyber criminal organizations takes years along with transnational collaboration.
On May 7, 2021, the DOJ announced that four Eastern European nationals (Aleksandr Grichishkin and Andrei Skvortsov Russia; Aleksandr Skorodumov Lithuania; and Pavel Stassi Estonia) plead guilty to conspiring to engage in a Racketeer Influenced Corrupt Organization (RICO), which stemmed from providing their “bulletproof hosting” services to cyber criminals for the purpose of distributing malware and attacking banks.
Between 2008 and 2015, this group rented IP space, servers, and domains to cyber criminal clients that used this infrastructure to host and disseminate malware including Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit, gain access to victim computers, form botnets, and steal banking credentials for use in financial fraud that resulted in millions of dollars of losses to US financial institutions.
With all that said, it goes without saying that your organization must be craftier than the cyber criminals!
Check Point Research’s 2021 Cyber Security Report indicated double extortion ransomware attacks rise: in Q3 2020, nearly half of all ransomware incidents involved the threat of releasing data stolen from the target organization.
On average, a new organization becomes a victim of ransomware every 10 seconds worldwide. In 2021, ransomware is becoming a more dangerous threat to organizations; the cyber criminals are getting bolder and craftier; and investigation, attribution, and prosecution of these enterprise criminal organizations takes years.
The DOJ is planning to devote more resources to training and intelligence sharing, and further increase outreach to the private sector to gain more insight into ransomware and extortion threats.
Protect your organization from ransomware attacks: Deploy Gen V advanced threat prevention to prevent malware and ransomware attacks, encrypt your data, back up your data, lock down endpoints, use multifactor authentication and zero trust, establish relationships with your FBI and law enforcement partners, and prepare your IR/IH response in the event of a ransomware attack.