Organizations located in the USA are under an unprecedented amount of ransomware attacks that will very likely to continue to grow. In 2020 alone, hackers executed more than 65,000 attacks on U.S. institutions, which equals to approximately seven attacks per minute. Even though most of those attacks are purely driven by greed, they often end up causing absolute havoc for companies and consumers.
Panic buying caused gas-shortage on the East Coast with customers paying north of $7 per gallon because of a cybersecurity incident at Colonial Pipeline back in May. Multiple media outlets reported beef supply shortages because of a ransomware attack on the world’s largest meat processing company JBS. And while people might still survive without beef and gas, similar attacks are observed on healthcare institutions all the time. A couple of weeks ago, the FBI warned that ransomware called Conti had hit at least sixteen U.S. health and emergency services over the last twelve months. The last thing people want when in a healthcare facility is to see that medical staff cannot properly care for them because of systems infected with a virus. Some hacker groups claim they have ethical codes not to target medical nor educational facilities. Yet again, businesses in those industries are often victims of cybercrime.
Why are hackers shifting from banking fraud to ransomware?
The short answer to this question is that the attacks work and hackers get away with it way too often. The ransomware technology has improved drastically over the years, allowing people with little to no knowledge to launch attacks, while many organizations have not adapted to the latest and greatest in cyber defense. Last but not least, the current climate allows for bad actors to move away from banking by skipping the banks with cryptocurrencies. Hackers no longer need to deal with banks to access the stolen money; now, victims make simultaneous direct transactions into the digital wallet of bad actors.
With the continuous adoption of cryptocurrencies whose transactions are hard to be tracked by governments and law enforcement agencies, more and more criminals feel more empowered to extort businesses and individuals. With only a few clicks, digital money worth millions of dollars can hop wallets located all around the world. And while U.S. crypto exchanges are relatively well regulated, with many asking for multiple identity and income verifications, this is not the case about exchanges located among many other countries worldwide that have zero to no observation of who their clients are.
Many businesses of all sizes are so afraid of ransomware attacks that they are stocking up on digital currencies in case they become victims. In addition, enterprises are actively trying to avoid the publicity, and regulatory nightmares that come after the news of a cyberattack breaks up. Arguably the last things any high-profile CEO want is giving testimony before Senate while losing millions in stock-price declines that usually comes with it.
Hackers are getting more creative too. For example, the Russian-based DarkSide criminal organization reportedly has a corporate-like setting with customer service teams taking questions from its victims. They are generating so many cyber-incidents that they need to assign account managers to deal with the targeted institutions. The White House has strongly expressed its opinion about countries harboring criminals, but this has not stopped many countries from not doing much to combat such problems and even not act at all.
Ransomware is officially a severe problem in the USA. The White House has always been encouraging the private sector to strengthen cybersecurity. However, the SolarWinds hack proved that even the government could be a victim too. So, no one is safe, organizations nor individuals. Anyone can buy cryptocurrencies which automatically makes anyone a potential target.
People are more and more relying on connected devices to do business and conduct life in general. Bad actors know that they can find crucial data when they enter a system that would cause devastation if encrypted and lost forever. Or they can discover compromising materials that could be used for extortion and blackmail. And all that without even leaving their homes probably located on another continent. So please make sure your devices are protected, especially if you work from home. Your old router or bad password hygiene should not be the a hacker’s entrance to your employer’s servers.