RANSOMWARE
Ransomware moves to the big time
Affairs Committee written responses to questions about what those two agencies are doing to combat such attacks.
In the letter from Justice, Assistant Attorney General Peter Kadzik said the Internet Crime Complaint Center has received 7,694 ransomware complaints since 2005, totaling $57.6 million. Although ransom fees “are typically between $200 and $10,000,
victims include additional costs they incurred due to the ransomware incidents,” including network migration, countermeasures, loss of productivity, legal fees, IT services and credit- monitoring services for employees or customers.
“As actors become more sophisticated,” Kadzik wrote, “it has become paramount for the FBI
and DOJ to coordinate and collaborate closely with the private sector and foreign law enforcement partners to understand how the [malware] variant works, what vulnerabilities exist, what legal options can be utilized, and where the actor’s infrastructure is located. This collaboration is also used to prioritize law enforcement efforts and target the highest
priority botnets and malware variants.”
In its response to
the Senate committee, DHS said it collaborates with the FBI through its National Cybersecurity
and Communications Integration Center (NCCIC) to disseminate information about cyberthreats through public alerts;
Joint Indicator Bulletins, which are distributed on
a more timely basis to cybersecurity stakeholders on a need-to-know basis; and Joint Analysis Reports, which offer a technical evaluation of tactics and procedures for detecting and combating threats. DHS’ letter states
that NCCIC coordinates with other federal law enforcement agencies, such as the Secret Service and FBI, and uses the DHS-administered Einstein 3 Accelerated system for detecting and preventing intrusions. E3A conducts email filtering, which protects against malicious file attachments and embedded links, and Domain Name System “sinkholing,” which prevents malware already on government computers from reaching command and control servers.
— KAREN EPPER HOFFMAN
s ransomware exploits and their
perpetrators become more
sophisticated, hackers are moving beyond targeting local agencies for a few hundred dollars and into the federal ranks and beyond.
When it comes to ransomware, there
has typically been a dividing line between large federal agencies and smaller local ones, just as there is between Fortune 500 companies and small businesses, said Mark Weatherford, senior vice president
of vArmour and former deputy undersecretary
for cybersecurity at the Department of Homeland Security. Online criminals often target smaller organizations first because they lack the resources
or the experience to fight back.
“It’s the result of poor user awareness and social engineering — that’s what makes this easy pickings,” Weatherford said. “If the [agency] needs to pay a few hundred dollars, they can often take that out of
petty cash.”
But ransomware
criminals are getting better at what they do and upping the ante by attacking
larger organizations and demanding more money. In February 2016, Hollywood Presbyterian Medical Center in Los Angeles reported that it had paid $17,000 in bitcoins to hackers who had ransomed the hospital’s computer systems.
Like a hospital, a government agency depends on its information and systems to operate, said Kristine Trierweiler, assistant town administrator for Medfield, Mass. The hackers are banking on “the importance of our data and the need to have our data at any cost,” she added.
By April 2016, ransomware attacks
on the U.S. House had reportedly increased so much that the use of third-party email providers such as Yahoo Mail and Gmail were blocked. The previous month, the Justice and Homeland Security departments sent the Senate Homeland Security and Governmental
30 GCN AUGUST/SEPTEMBER 2016 • GCN.COM