Ransomware Increasingly Targeting SMBs and Impacting Individuals, Say Experts
Cybersecurity technology is not seen as a solution for smaller organizations that cannot afford it. What's needed is government action on cryptocurrency transparency to help deter attacks.
- By Richard Seeley
- August 4, 2021
Ransomware attacks are expanding beyond targeting large enterprises; SMBs and individuals are being hit in a widespread blitz, according to two U.S.-based experts on the international impact of cybercrime.
Beyond encrypting business and personal data and holding it hostage, ransomware damages Americans' confidence in infrastructure, said Matthew Rojansky, director of the Kennan Institute at the Wilson Center, a nonprofit forum chartered by the U.S. Congress, which sponsored a recent press briefing on the topic. Despite the availability of cybersecurity software, experts expressed doubts about a technological solution, instead advocating for stronger diplomatic efforts aimed at law enforcement cooperation in Russia, where most of the ransomware attacks originate.
A more helpful deterrent would be government action to control cryptocurrency, the crooks' preferred ransom payment method, said the other expert on the call, Dmitri Alperovitch, chairman of the Silverado Policy Accelerator and the former CTO of CrowdStrike.
"In terms of regulatory control, the thing that is enabling this whole ransomware epidemic is cryptocurrency," Alperovitch said. "It's no accident that prior to 2009 -- when Bitcoin was invented -- we had no ransomware. It was not because the technology wasn't available. It was because there was no anonymous way to receive ransom payments without exposing your identity. If you provided instructions for a bank account, it would be very easy for law enforcement to trace that back, shut it down, and (in some cases) recover the funds. Cryptocurrency provides that anonymous way of doing the payments."
One way to discourage ransom payments in Bitcoin would be a global expansion of the know your customer (KYC) standards used within the investment and financial-services industries to cover cryptocurrency, Alperovitch said. Enforcement of money-laundering prevention measures would have a "huge impact" on ransomware by making sure payments were "de-anonymized." He also pointed to the deterrent impact of the U.S. Justice Department's recovering $2.3 million of the ransom paid in the Colonial Pipeline attack.
Technology solutions for ransomware are promising but are limited in what they can accomplish.
"There are a lot of good cybersecurity companies out there, but the reality is we're not going to defend our way out of the problem," Alperovitch said. "Technology is not a panacea."
The human and financial resources an organization needs to build a software security wall to stop ransomware are not available to most hospitals, municipalities, and SMBs that are increasingly the targets of ransomware attacks, the experts said.
"We have way too many companies, way too many nonprofits, school districts, municipal governments, etc., that will never be able to afford the technology, the expertise, or have the funds necessary to do what's needed," Alperovitch observed. "So even if you can protect the Fortune 500 companies and the military and major government agencies, we still have a huge underbelly of vulnerability that we'll never solve."
He acknowledges that it is important for organizations to make every effort to protect themselves from cyberattacks but expressed doubts about a technological solution to the overall problem.
Rojansky and Alperovitch are focused on the Biden Administration's diplomatic efforts to persuade Russia to crack down on the ransomware operations that are based there. They do not accuse Russian President Vladimir Putin of being behind the attacks, but Russia is suspected of being the home base for hacker groups such as REvil, which many believe is behind a July attack targeting an IT operations tool used by about 40,000 companies worldwide.
Attacks have also come from China, North Korea, and other countries, but Rojansky and Alperovitch say well-organized and technologically savvy hacker groups based in Russia represent the largest threat to American businesses, municipal governments, and individuals.
The two experts recently wrote an op-ed piece in the Washington Post, Ransomware Attacks Won't Stop Unless Biden Keeps the Pressure on Putin, arguing that if the recent blitz "becomes routine, businesses and the economy will suffer."
"Because smaller and medium-size businesses and organizations were targeted," the two experts wrote, "it represents a chance for Biden to make good on his promise of 'a foreign policy for the middle class' and his pledge that 'economic security is national security.'"
Beyond the economic impact that grabs all the headlines in ransomware attacks, Rojansky said that collateral damage such as the gasoline shortages resulting from the Colonial Pipeline attack is undermining Americans' faith in infrastructure. Attacks on hospitals have caused delays in surgeries directly affecting patients and demonstrating ransomware's potential to threaten the lives of individuals. The attack in early July on Kaseya, a Florida-based IT monitoring software provider, shows how ransomware is targeting smaller businesses and individuals.
"This is a criminal act," Rojansky said. "It can appear to be relatively small scale, but clearly something like Kaseya -- which wasn't targeting what we traditionally define as critical infrastructure -- needs to be taken deadly seriously because it's a direct attack on the livelihoods of ordinary Americans."
Rich Seeley is an editor at TDWI.