On Memorial Day, the meat packing plant giant JBS was hit with a ransomware attack shutting down its computer systems both in the U.S. and Australia. In light of this and other recent cyberattacks, former senior Department of Homeland Security official Paul Rosenzweig said, “It shows that nothing is safe, not the meatpacking industry, not the chemical industry, not the wastewater treatment industry, not Sony. Nothing.”
He went on to say, “And the only way to be safe in this world is to unplug completely. And you can’t do that and be economically competitive.”
The reason ransomware continues to be an issue is because it pays. Colonial Pipeline paid $4.5 million, negotiated down from asked $5 million. In the case of JBS, they reportedly paid an $11 million ransom. It is interesting to note that JBS spends $200 million per year on keeping their networks up-to-date and has 850 full-time IT staff. The size of your staff or budget isn’t insurance against a cyberattack.
Successful attacks, ones in which the ransoms are paid, clearly embolden these cyber attackers to strike potentially bigger and more financially vulnerable targets, such as the latest with JBS. Recent experience has shown us that until they actually pay consequences for their actions, they’ll keep doing it. Many of the attackers are overseas and either sponsored or protected by their governments.
Ransomware’s affect on business
Ransomware incidents take time to recover from. Of course in the world of business, time is money. According to a recent report from the Ransomware Task Force, a business hit with ransomware on average is down for 21 days, and it can take up to 287 days to fully recover from an attack. That is one reason why many businesses just pay the ransom, get their threat resolved and move on. In most cases, it is cheaper than suffering the consequences of not paying.
What Is Being Done to Protect Against Ransomware Attacks?
According to the Ransomware Task Force Report, it’s proposing four goals:
1. Deter ransomware attacks through a national coordinated comprehensive strategy.
- Acknowledge that ransomware is an international diplomatic and enforcement priority
- Advance a U.S. government attack response strategy
- Reduce ransomware perpetrator safe havens
2. Disrupt the ransomware business model to decrease criminal profits.
- Disrupt the ransom payment methods
- Target ransomware infrastructure
- Disrupt ransomware developers, affiliates and other variants
3. Help organizations prepare for an attack.
- Support organizations working on ransomware mitigation, response and recovery processes and procedures
- Increase knowledge of the ransomware process among organizational leaders
- Update existing and introduce new cybersecurity regulations that address ransomware
- Financially incentivize ransomware mitigation
4. Respond to attacks more effectively.
- Increase support for ransomware victims
- Increase ransomware quantity and quality of information concerning ransomware attacks
- Require organization to consider alternatives to paying ransoms
CMMC is Needed
The bottom line is all of this will take time. The DoD is 18 months into their cybersecurity and critical infrastructure protection initiative, CMMC. They estimate beginning assessments in the Fall of 2021. In the meantime, attacks will keep happening, ransoms will keep getting paid, and the individuals or organizations carrying out the attacks will keep getting richer without suffering any real consequences for their actions. It is just part of the cyber world we live in today…at least for the moment.