To quote the Fiddler on the Roof: “That I can tell you in one word.”
Ransomware is an ever-growing global threat where the attackers hide behind computer screens. It’s a growing concern for governments, industries, and individual private citizens because it can cause serious disruptions in everything from the food supply to healthcare. Short-term inconveniences like a cream cheese shortage and waiting in long lines for gas are just the beginning. It can be downright dangerous when people aren’t able to heat their homes or when healthcare quality is compromised. Here’s a fact it’s time to face: Ransomware is nothing short of a national security threat.
And as long as it’s profitable to the tune of billions of dollars, it’s not going anywhere.
How Did We Get Here?
According to New York Times reporting, the Facebook model of “move fast and break things” is catching up with companies that built systems quickly to beat competitors to the market. It’s no wonder that cutting corners has landed us in worse shape in the long run. Businesses are facing painful consequences like enormous ransom fees, loss of business operations, compromised data and damaged reputations.
We are facing a very rude awakening, but this is by no means a new problem. Attackers have been honing their skills and wreaking havoc quietly for years. If you’re old enough to have had one of the first email accounts back in the days of dial-up, you may remember getting an email asking for a few hundred dollars in exchange for unlocking your device. It’s now grown into an issue that costs billions of dollars and includes national security risks. What’s new about it is that people are feeling the effects personally.
Who is Behind The Attacks?
According to published sources, over half of the attacks have one thing in common: They originate in Russia. These attackers write code specifically designed to bypass Russian businesses and Putin will not prosecute cybercriminals or extradite them upon U.S. request. Experts believe that Russian attackers operate under two unspoken rules:
- Don’t attack Russian businesses.
- Be ready to do favors for the Russian government upon request.
What if Companies Don’t Pay?
In 2019, cybercriminals demanded $75,000 after an attack on the city of Baltimore. Baltimore decided not to pay it and ended up paying $18 million to rebuild the systems instead. The theory is that if all companies refuse to pay, hackers lose their leverage and incentive.
The bigger the impact, the more leverage the attackers have. When you see hospitals turning away ambulances at the door, it becomes really hard to ignore or take the time to rebuild systems altogether. It’s legal to pay the attackers off and many companies find it much more cost-effective to do so.
Hackers, then, are rewarded for their efforts and the cycle continues. The result? Companies spend millions in ransom to get their compromised systems running again. Individuals have their personal information compromised regularly and governments are grappling with an issue they’re now ranking as dangerous to national security as terrorism.
Okay, Well What Can we do About it?
On an individual level, it really is as unglamorous as brushing up on cyber hygiene. The Daily podcast cites the saying that, “security is only as good as your weakest link” and it usually ends up that the weakest links are employees and individuals. The Colonial Pipeline attack was traced back to a single employee with a compromised inactive account.
Josh Hornung at Hornung Technology Services, which specializes in IT Support and Cyber Security services said, “A good unique password for each site is step one. Enabling two-factor or multi-factor authentication everywhere you can is step two. Too many people use the same password across many accounts, which is how a lot of this stuff happens nowadays.”
Even the professionals aren’t immune. Hornung knew of an IT professional at a different company who got hacked. He said the attackers “stole a spreadsheet where he kept all of his clients’ logins and security info.” From there, they “started logging into his clients and infecting them with ransomware.”
On a company level, you can either build your systems correctly on the front end and save yourself a world of hurt, or you can fix the problem retroactively and pay dearly for it. And no matter what: the right time to start fixing what’s broken is right now. To quote Hornung, “It’s wild out there!”
How Does PayReel Keep Clients Safe?
With the mountains of personally identifiable information we handle each day, security is hugely important to us. We train our employees regularly on cybersecurity and we pay people to try to infiltrate our systems just to find vulnerabilities. At this point, such penetration tests might be a good idea for most companies—even those that only handle smaller-scale data.
That might not seem very glamorous, but in this case, boring is exactly what you want. If your systems are secure, hackers may be inclined to move along to the low-hanging fruit and leave you alone. Either that or you can become fluent in Russian and start operating all of your business in Russian. нет? Okay, well then get on it.
Note: We relied heavily on The Daily’s podcast episode “Who is Hacking the U.S. Economy?” for this post.