A once-quiet epidemic, ransomware has emerged in 2021 as a major national security issue.
Fuel holding tanks at Colonial Pipeline’s Linden Junction Tank Farm on May 10, 2021 in Woodbridge, N.J.Michael M. Santiago / Getty Images fileJuly 8, 2021, 1:03 PM PDT / Updated July 9, 2021, 3:36 AM PDTBy Kevin Collier
Charles Carmakal has a problem: Ransomware has become so prolific that he has too much business.
“We’re getting calls from organizations almost every single day,” Carmakal, the chief technology officer at the cybersecurity giant Mandiant, said in a phone call. “We’re barely able to keep up.”
And that was before cybersecurity professionals had to deal with one of the most pervasive ransomware attacks ever: the hack of the software company Kaseya, which allowed one ransomware group to infect more than 1,500 organizations last weekend.
The cybersecurity industry is stretched thin. Ransomware attacks are now so prolific that some companies simply cannot help every newly hacked victim get back online. And a shortage of workers means no immediate help in sight.
“I feel bad, but we turn down a lot of organizations because we don’t have the capacity to help them,” Carmakal said.
A once-quiet epidemic, ransomware — in which hackers, often from Russia or other former Soviet bloc countries, break into private computer systems to encrypt and often steal files to hold for ransom — has emerged in 2021 as a major national security issue. In recent months, ransomware gangs have launched several high-profile attacks, including on a major pipeline and a meat supplier, and frequently hampered schools and hospitals. Ransomware cost American victims an estimated $1.4 billion last year.
The pace of attacks is relentless, leading to renewed efforts from President Joe Biden to “deliver“ a message to Putin that they’re unacceptable. In mid-June, Biden met with Russian leader Vladimir Putin and discussed the issue, stressing how much ransomware emanates from Russia, where the criminals behind it seem to operate with impunity. Over the following two weeks, confirmed ransomware attacks briefly went “down” to just over 100 publicly confirmed new cases, said Allan Liska, an analyst at the cybersecurity company Recorded Future. Most victims were American.
But then ransomware exploded again. One of the most prolific ransomware gangs, REvil, conducted its boldest attacks yet over the Fourth of July weekend, on Kaseya, which services customers who in turn contract with thousands of businesses. Though the dust has yet to settle, researchers say the hack allowed REvil to infect more than 1,500 different organizations. The gang seems to have bitten off more than it can chew and has asked for a $70 million lump sum to unlock all infected computers.
Jake Williams, the chief technology officer at the cybersecurity company Breachquest, said his company had drastically increased the number of ransomware cases it handled even before the Fourth of July spree.
“We’re having to be selective on some of the cases we’re taking,” Williams said. Breachquest has had to hire subcontractors to manage the influx of work, he said.
At Raptor IT Consultants, our goal is establishing a foundation for your business network that empowers its users to work efficiently, while leveraging technologies that save time and money, and offering scalable IT solutions that work with any business model. #raptoritnetwork