Over the past month cities in Florida and Texas have reported cyber attacks against their computer file systems. These attacks, that encrypt data and demand ransom to regain access to the information, have grown in frequency and audacity. The attackers demand ransom payments that are made through crypto currencies and are thus difficult to track. There are some estimates that claim $18 billion in annual revenue from this criminal activity.
The US Conference of Mayors, which represents cities with populations of 30,000 or more, noted that since 2013 more than 170 municipalities have been targeted including Baltimore, Atlanta, and Newark New Jersey. This does not include the Texas and Florida towns targeted in the August attacks. In their 2019 annual meeting they passed a resolution opposing payment to ransomware attack perpetrators
In 2016 Europol’s European CyberCrime Center began an initiative to provide a coordinated response to these attacks. Partnering with major computer security companies Kaspersky and Mcafee, they serve as a clearinghouse for information on attacks aiding local police agencies and creating a library of tools to recover data without paying ransom. This effort led to the “No More Ransom!” Project.
In the United States, two Federal agencies are tasked with dealing with crimes in the computer sphere; the Computational Intelligence and Signal Analysis (CISA) branch of the Department of Homeland Security which deals with national security threats and the Federal Bureau of Investigation (FBI) that investigates and counters criminal activity. State governments are also on the front lines of these attacks as the resource that county and municipal governments and agencies turn to first when disaster strikes.
Ransomware attacks usually begin with clever bits of social engineering. An unsuspecting user clicks on a link or opens an attachment in an otherwise innocent looking email. This will start a process that installs malicious software on the user’s computer that will attempt to spread itself to computers and file systems on the same network. There has always been blackmail. What makes the ransomware blackmail more insidious is that the attacker can hide behind the anonymity of crypto-currencies to make the transaction from around the corner or around the world.
Victims of ransomware attacks have three choices 1) pay the ransom which may or may not get your data back (blackmailers have been known to ask for more if they believe you will pay) 2) If you are lucky enough to have backups restore them 3) rebuild from scratch.
The fragmented nature of the Federal response to this sometimes criminal sometimes state sponsored activity have led to ambiguous strategies to combat these threats. The threat has existed in the world of personal computing since at least 2013 but the FBI’s response and guidelines are more in the nature of how you can prevent an attack rather than what to do when an attack occurs. Their recommendation has been “don’t pay”. Companies, governments and others have had to turn to private companies such as CloudStrike, Symantec, Mcafee, and others to help remediate or rebuild.
In Trump’s “America First” international cooperation is discouraged. It is clear that these kinds of attacks have a global reach. Joining the “No More Ransom!” Project is a positive step that the United States could take to end the scourge. Going it alone is an expensive and unproductive strategy to meet the challenge.
- The official No More Ransom! website has descriptions of the project, tools to use if you are hacked and ways to get involved.
- US Conference of Mayors resolution to oppose ransom payments.
- FBI recommendations for victim of cyber attacks.
- Computing Technology Industry Association CompTIA is an industry trade association that is a clearinghouse for IT education, IT certification, IT advocacy and IT philanthropy.
- The Electronic Freedom Foundation (EFF) is the leading nonprofit organization defending civil liberties in the digital world
Photo by Nahel Abdul Hadi