{"id":6408,"date":"2021-06-11T10:46:04","date_gmt":"2021-06-11T17:46:04","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=6408"},"modified":"2024-08-07T12:20:58","modified_gmt":"2024-08-07T19:20:58","slug":"ransomwares-assault-on-critical-industries","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/ransomwares-assault-on-critical-industries\/","title":{"rendered":"Ransomware\u2019s Assault on Critical Industries"},"content":{"rendered":"

Andy Warhol, the famous artist, film director, and producer, said in 1968 that \u201cin the future, everyone would be famous for 15 minutes.\u201d Ransomware attacks have stepped up and are commanding attention like never before. Unfortunately, this first 15 minutes of fame may be the first of many such periods that we\u2019ll see over the coming years. Ransomware has become the threat actor\u2019s weapon of choice. Ransomware attacks are being more frequently carried out by nation-states and organized crime and causing millions in dollars of reputational damage, recovery expense, extorted ransom payments, loss of revenue, inability to use critical infrastructure, and much more.\u00a0<\/span><\/p>\n

Just this month, top Justice Department officials cautioned U.S. business leaders to prepare for an increasing barrage of ransomware attacks. The Federal government’s efforts to organize a\u00a0 coordinated response have taken on an almost war-room effort as they seek to rally business to prepare for these increased attacks.\u00a0<\/span><\/p>\n

Lisa Monaco, the deputy attorney general, noted that \u201cto the CEOs around the country, you’ve got to be on notice of the exponential increase of these (ransomware) attacks.\u201d Monaco also recently issued a memorandum to the US\u2019s federal prosecutors requiring the centralization of ransomware reporting. Monaco also wrote, \u201cif you are not taking steps-today, right now-to understand how you can make your company more resilient, what is your plan?\u00b9<\/span>\u201d<\/span><\/p>\n

The attacks we see in the news are only the tip of an iceberg which is largely out of view of the public eye. Monaco has been on point for the DOJ\u2019s efforts against ransomware threat actors, and noted that the massive attacks against Colonial Pipeline and JBS USA, the largest meat processing company in the world, were representative of the ransomware attacks taking place every day.\u00a0<\/span><\/p>\n

Just this past week it was announced that JBS paid an $11 million dollar ransom after a cyberattack that shut down its entire US beef processing operation. At this time, the US government believes the ransomware attack was done by the threat actors REvil, likely based in Russia or eastern Europe. REvil is a ransomware-as-a-service threat actor that has successfully taken money from many organizations over the past year. REvil has also been known as <\/span>Sodinokibi<\/span><\/a> and may be linked to another ransomware threat actor, GandCrab.\u00a0<\/span><\/p>\n

The Colonial Pipeline ransomware attack was also a very dangerous attack. In this attack, the threat actors deployed <\/span>DarkSide<\/span><\/a> ransomware against the pipeline company\u2019s critical IT infrastructure, causing the company to take the precautionary measure of shutting down 5,550 miles of the pipeline, which left fuel stranded on the Gulf Coast.<\/span><\/p>\n

DarkSide is a ransomware-as-a-service (RaaS), where the threat actors who deploy the ransomware share a percentage of the profits with the ransomware developers. Threat actors use DarkSide to encrypt and steal sensitive data, and have been known to target large, high-revenue organizations that can afford to pay large ransoms.<\/span><\/p>\n

Once the DarkSide actors gain access to a victim\u2019s network, they deploy the ransomware to encrypt and exfiltrate sensitive data. The actors then use a double extortion method where they threaten to publicly release this data to pressure the victims into paying the ransom demand, as well as demand another ransom for a digital key to decrypt their files.<\/span><\/p>\n

DarkSide has not emerged from this attack unscathed. U.S. Law enforcement has placed a strong counter-punch and <\/span>recovered $2.3 million<\/span><\/a> in bitcoin paid in the Colonial Pipeline ransome. U.S. officials identified a virtual currency wallet used by the DarkSide threat actors that was used to collect payment from Colonial Pipeline\u00b2<\/span>.\u00a0<\/span><\/p>\n

Of course, the rabbit hole may go far deeper than that. Cryptocurrency may be the key to a strong counterpunch. The U.S. government has not revealed their ways and means or the full extent of the Federal agencies involved in recovering the $2.3 million and may now have far deeper visibility than we know into cryptocurrency transactions. In the final analysis the use of ransomware is almost wholly dependent on cryptocurrency. Without a secure and confidential cryptocurrency, ransomware threat actors might be driven out of business.<\/span><\/p>\n

The US Government Decides to Step In<\/span><\/h3>\n

Given the increasing tide of ransomware attacks, and the threat of burgeoning investment by threat actors in ransomware-as-a-service platforms, the U.S. Government White House has also gone on record this month about the extreme dangers of ransomware. Earlier in May President Biden signed an <\/span>Executive Order<\/span><\/a> to improve the nation\u2019s cybersecurity and protect Federal government networks. This Executive Order makes a significant contribution toward modernizing cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the United States\u2019 ability to respond to incidents when they occur.\u00a0<\/span><\/p>\n

Anne Neuberger, President Joe Biden\u2019s deputy national security advisor for cyber and emerging technology has noted that, \u201cThe threats (ransomware) are serious and they are increasing.\u201d Neuberger further wrote, \u201cThe private sector also has a critical responsibility to protect against these threats. All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location \u2026 to understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations,\u201d Neuberger added<\/span>.\u00a0<\/span><\/p>\n

This recent White House memo circulated internally in June has been cited by CNBC as listing five best practices for safeguarding against ransomware attacks:<\/span><\/p>\n