Ransomware
36
July 2019 FCW.COM
When ransomware strikes...
When hackers launch a ransomware attack against companies, they’re usually after money. But when ransomware strikes a government agency, the hackers might be after something else.
Gregory Falco, CEO of industrial internet-of-things security company NeuroMesh, said the hackers who used ransomware to attack the city of Albany, N.Y., in March did not expect officials to pay a big ransom. Instead, their goal “was to cause disruption.”
Why would hackers want to disrupt government agencies if not for money? “Street cred,” said Falco, who is also a security researcher at MIT’s Computer Science and Artificial Intelligence Laboratory.
With that in mind, Falco has urged government officials to use negotiation tactics with ransomware hackers. That does not necessarily mean paying the ransom but rather managing risk. It’s about being flexible and
knowing how to manipulate the situation before, during and after an attack, Falco wrote in an MIT blog post.
“There are other ways that you might be able to ‘give in’ than paying ransom,” he said. “One way might be to cry uncle and acknowledge the fact that your city has been taken down.”
Falco and his team have
created a set of social
engineering strategies that use negotiation tactics to alter the
way ransomware attacks unfold. Ransomware is one of the rare types of hacking in which victims have an opportunity for direct communication with the hacker, he said.
“The pathology of most ransomware attacks matches
up nicely with what happens in other kinds of negotiations: First, you size up your opponent, then you exchange messages, and ultimately you try to reach some kind of agreement,” Falco wrote.
“While we found that no
one wants to negotiate with
an attacker, under certain circumstances negotiation is
the right move, especially when agencies have no real-time backup systems in place,” he added.
For example, last year’s ransomware attack on Atlanta affected the city’s utility, parking and court services, and although officials did not pay the demanded ransom of approximately $50,000, it spent more than $15 million to recover and figure out what went wrong.
Falco also said manufacturers must pay more attention
to ensuring the security of embedded devices that they sell to government and private-sector customers. “We have a culture of complacency among the [original equipment manufacturers] that create this technology,” he said. “They just don’t really have a requirement to ensure that there is no liability.”
NeuroMesh has developed what it calls an “unhackable botnet”