If you’re like most people, you’d probably never heard of DarkSide before May. But when this little-known gang of ransomware attackers disabled the Colonial Pipeline, America started paying attention.
DarkSide isn’t alone; it’s joined by a host of nefarious criminal collectives, like Maze, NetWalker and Conti. These gangs specialize in hacking information technology (IT) systems, stealing sensitive organizational data and demanding lofty ransoms before they’ll back off. That’s why U.S. organizations have got to start preparing for the next ransomware attack before it's too late.
Ransomware attacks happen almost all the time. Last year, U.S. organizations were the victims of more than 65,000 ransomware attacks, an average of just over seven ransomware attacks every hour.
That’s because ransomware gangs are both prolific and unscrupulous; they will target anything from a city government to a vital infrastructure provider. The FBI has recently warned that the Conti ransomware group was responsible for 290 attacks on U.S. organizations, 16 of which targeted health care providers.
What’s more, they’re making too much money to even think about stopping anytime soon; in 2020, ransomware payments rose by 311 percent, and ransomware victims paid a combined total of nearly $350 million in cryptocurrency.
The bigger ransomware groups capture a huge share of these profits, with just 25 deposit addresses receiving nearly 50 percent of total ransomware payments last year. In the first three months of 2021, DarkSide raked in an estimated $46 million from ransomware attacks.
When you survey the threat landscape, it’s obvious that major foreign actors that specialize in ransomware attacks are highly skilled, incredibly active and extremely well-funded. There’s no denying it. Our digital world has a huge ransomware problem. And the damage that this ransomware can do is truly enormous.
The problem is that critical U.S. industries and infrastructure providers rely on digital IT systems to operate. In a cybercrime threat environment, where every online device or computer represents a possible attack vector, these industries and infrastructure providers have an extremely high level of exposure to cybercriminals.
What’s more, approximately 85 percent of America’s critical infrastructure is privately owned. That means there are very few enforceable cybersecurity standards or guidelines and very little government oversight when cybersecurity incidents occur.
As a result, everything from our water supply and electrical grid to our health system and our nation’s flood dams are vulnerable to ransomware attacks and other hacks. Without dramatic improvements in cybersecurity, the devastating ransomware attacks on Colonial Pipeline and JBS Foods will be just the tip of the iceberg.
So, what can organizations do to mitigate their risk of becoming the next victim of ransomware?
Perhaps the single most important thing is to implement best practices regarding data backups. Ransomware attacks work by capturing specific IT systems and locking out the rightful owner or operator from accessing them. This can be absolutely debilitating. But if organizations have ample and adequate data backups available, they can usually restore their system functionality without negotiating with the ransomware hackers — and without suffering significant interruptions in service.
To that end, organizations should follow the “3-2-1 rule.” This rule states that every organization should have at least three full copies of their critical data systems, keep two of these copies in separate locations and maintain one of these copies in an off-site location. Following this rule ensures that a secure data copy is available and ready to go when necessary.
Additionally, organizations should make cybersecurity a major internal priority. Software updates, cybersecurity training and password protection are easy but crucial steps in protecting your organization from cybercrime.
We can’t stop ransomware criminal groups from forming and targeting our organizations. But we can make sure we put up a fight when they do. Cybersecurity should be front and center of everyone’s mind these days. Otherwise, we won’t be ready for the next Colonial Pipeline attack.
Tom Kelly is president and CEO of IDX, a Portland, Oregon-based provider of data breach and consumer privacy services such as IDX Privacy. He is a Silicon Valley serial entrepreneur and an expert in cybersecurity technologies.