Corporate Ransom Hacks: When a Sci-Fi Film Becomes a Documentary

Dan Daley • Last WordSeptember 2019 • August 30, 2019

Photo by Pete Linforth

Digital piracy has entered a new era, and MI needs to know about it. The days of relatively sophisticated black-hat hackers hitting up an insurance company’s website for a measly $100,000 ransom are over. Now, entire cities and nonprofits such as hospitals and universities are finding that their enterprise networks have been frozen, awaiting

payments reaching into the millions to free them. And the perpetrators now range from well-trained Russian ex-military to teenagers in Lagos and Riga breaking into and locking up anything from multinational corporations to mom-and-pop stores. That’s the thing about digital: whether you apply it to music or to crime, the zeros and ones on the front door all look the same to malware.

They’re Here…

It didn’t take much asking around the MI business to find that this kind of piracy is already hitting home. The CEO of one multinational conglomerate of iconic brands acknowledged that it had already happened to one of their non-U.S. offices. “I can tell you that it’s happened to more than just us, and that it’s into the millions of dollars now for companies in the MI business,” he informed me on background. “The biggest firms are already creating crypto-currency reserves for that purpose. You have to, when you think about the amount of money you’ll lose when it takes you weeks or months to restore your systems if you don’t pay the ransom.”

It’s infuriating and it’s anxiety-provoking, but if you can put the emotional part aside (which is not easy), it’s clear that this has become kind of like music itself: the technology has become so powerful and pervasive that almost anyone can do it. This isn’t some elaborate “Oceans 11” caper; it’s more like a round of “Fortnite,” but with more prizes. And as the age of pirates gets younger and the targets more diverse, it’s not surprising that the most well-known brands in music will draw their attention. Some compare battling pirates to playing whacka-mole, but it’s actually infinitely harder; you need to figure out where the mole is going to come up before he does.

Ransomware attacks, like the insidious LockerGoga code that’s hit companies large and small globally, are terrifying aside from the demands made for payment. Often, IT managers will tell everyone at the company not to connect any devices to the network. It shuts down not just transactions but even basic communications.

Some sobering information: 71 percent of ransomware attacks targeted small businesses in 2018, with an average ransom demand of $116,000, according to a recent report from Beazley Breach Response Services. An analysis of 3,300 ransomware attacks last year found the highest ransom demand was $8.5 million. The highest demand paid by one of their clients was $935,000. Coveware’s 2018 Q4 Ransomware Marketplace Report found that ransoms have increased by an average of 13 percent over Q3 in 2018, to $6,733. The average victim company size is from 38 to 71 employees. Does that sound like anyone you know?

One is reminded of the AIDS crisis 35 years ago, when the disease was suddenly real, but treatments weren’t. Backing up data is the first line of defense, we’re told, but Coveware’s research also found that attacks on backups as part of the ransomware attack have increased by 39 percent over 2018. And you might not be able to rely on your insurance to help. At the enterprise level, major insurance carriers have been refusing to cover ransomware loses, citing the “Act of War” exclusion when it can be reasonably proven that a state actor is behind the hack, as the Russian government was when it accused by the UK of circulating the NotPetya malware.

This is like robocalls – everyone’s vulnerable and there aren’t a lot of workable solutions. Vigilance, in the form of firewalls, constantly changing passwords, and educating employees about phishing, are what can be done for now. We’ll figure it out, hopefully before the pirates discover the next flaw to work on.

The Latest News and Gear in Your Inbox - Sign Up Today!