Try to deal with ransomware hacking as if terrorism had been the protection wants of the 21st century
In April, a group of hackers suspected of being linked to the Chinese government overcame cyber defenses at the Metropolitan Transit Authority in New York. The MTA carries millions of passengers every day. It is the largest transit network in North America.
The Colonial Pipeline controls 45 percent of the fuel supply in the eastern United States. In May, a ransomware attack based on a single compromised password broke into Colonial Pipeline’s computer networks and crippled the largest fuel pipeline in the United States. In its 57-year history, Colonial has never had to shut down its entire gasoline pipeline system. Panicked consumers struggled to fill their tanks, which exacerbated supply problems.
JBS, the world’s largest meat processing company, was exposed to its own ransomware attack in early June. Several plants in the USA had to be temporarily closed. Hackers who were granted refuge in Russia were bound to the attack.
These may be the latest and greatest examples of cyberattacks on critical US supply chains and infrastructure, but there are dozens of others. From the District of Columbia Police Department to the agency that controls the water supply of a city in Florida, cyberattacks have struck large swathes of American society in recent months. Nobody seems immune. The Justice Department even went so far as to declare 2020 the “worst year ever” for blackmail-related cyberattacks. The DOJ has also set up a task force specifically focused on ransomware.
Internal instructions sent to U.S. law firms across the country on June 3 indicated that ransomware field investigations should be coordinated with the new Washington Task Force. A senior Justice Department official told Reuters that the agency would give investigations into ransomware cyberattacks a priority similar to terrorism investigations. FBI Director Christopher Wray reiterated these comments on June 4th when he warned that the fight against cyberattacks on the American government and commercial establishments would be similar to the fight against terrorism after September 11th.
It seems that this new ransomware prioritization is already bearing fruit. In their attack on Colonial Pipeline in May, the hacking group DarkSide requested a $ 4.4 million ransom, which Colonial Pipeline paid to restore operations. On June 8, the Justice Department announced that it had seized approximately $ 2.3 million worth of bitcoins paid to the Colonial Pipeline hackers. Although the value of the confiscated bitcoins is less than the full amount paid to the hackers, more than half of the ransom was collected.
Although it is unclear how the two events are related, the price of the digital asset plummeted seven percent shortly after U.S. law enforcement agencies seized the bitcoins that were used to pay part of the ransom money from the Colonial Pipeline. Bitcoin’s price aside, the value of almost all real, tangible assets that rely on computer networks would be effectively protected if further major digital law enforcement successes follow.
Ransomware hackers and other types of digital thieves, especially those operating overseas, are a difficult nut to crack for American authorities. But just because a real hijacking has higher production values than a cyber break-in does not mean that the latter is less threatening. Hackers may not immediately put lives at risk like a man waving a gun. However, when their goals include transportation systems, critical food and energy infrastructure, and even law enforcement, as they have for the past few months, real life will be compromised. Unchecked, hackers can operate from almost anywhere, and the proliferation of ransomware attacks has shown that digital crime is on the rise, while its analog counterpart in the US continues to decline
Maybe the hackers went too far after all. Since the US authorities confiscated their ill-gotten profits and threatened to persecute them as aggressively as terrorists, even the hacker group DarkSide issued a rare mea culpa. Hopefully, the DOJ’s promise to more aggressively prosecute criminal hacking groups will help give businesses and other institutions the 21st century protection they need.
Jonathan Wolf is a civil litigation attorney and author of Your debt free JD (Affiliate link). He has taught legal writing, written for a variety of publications, and made it both his business and his pleasure to be financially and scientifically literate. Any views he expresses are likely pure gold, but are entirely his own and should not be attributed to any organization with which he is affiliated. He wouldn’t want to share the loan anyway. He can be reached at firstname.lastname@example.org.