Ransomware just got very real. And it’s likely to get worse
There’s just been another ransomware attack; but this one could have more significant consequences than the so many that have come before.
Late last week Colonial Pipeline, which accounts for 45% of the US East Coast’s fuel, was forced to shut down its operations due to a ransomware attack against its systems.
Even President Biden was briefed on in the incident; it doesn’t get much more high profile than that.
So will such a significant incident lead to changes in how ransomware is tackled?
Possibly; but it’s worth remembering that there have been plenty of damaging and high profile ransomware attacks across both the US, and elsewhere, without police or governments coming up with a way of tackling these gangs.
That’s largely because the ransomware problem is actually a knotty set of interconnected problems, all of which defy easy solutions.
Certainly, many companies need to take cybersecurity more seriously, and vendors need to focus more on selling software that is secure, and not just rushing it out to customers and (maybe) fixing later. But forcing companies to spend money on cybersecurity with no obvious return is hard; obliging software companies to fix every fault before they ship their software would bring the industry to a halt.
Persuading police to take these cases seriously is another problem; few forces have the expertise to tackle this sort of complicated investigations and even if they did tracking down the culprits is hard – and securing a conviction all but impossible. Many of these gangs operate from jurisdictions (such as Russia) which are very unlikely to hand over suspects for trial elsewhere.
And every time a victim reluctantly pays the gangs, they are making the gangs stronger, and able to take on even more ambitious attacks, even against organisations that have invested in security.
But the bigger issue is that, as we connect more and more systems to the internet, the real world becomes more at risk of threats like this, that until now have only ever been a problem for the online world. That may focus the attention of governments and police a little more.
If a ransomware attack means your company loses the sales data held on a few servers, apart from a you and your boss nobody is going to be too upset. But if those servers were running the traffic lights on a busy stretch of road, or running the X-ray machines at the local hospital, then thers is a real world impact.
The growth of interest in smart cities is one example of how this threat could evolve. The idea behind smart cities is that by using data better we can run cities more effectively and efficiently. In practice that means using all manner of sensors and Internet of Things devices to collect information and automate processes.
But unless this is done with security in mind, it means that when the technology goes wrong, we could have big problems. As the UK’s cyber security agency the NCSC points out:
“While smart cities offer significant benefits to citizens, they are also potential targets for cyber attacks due to the critical functions they provide and sensitive data they process, often in large volumes. The compromise of a single system in a smart city could potentially have a negative impact across the network, if badly designed.”
Any sort of security threat in this situation could be a problem; but ransomware seems to be the leading candidate for causing chaos right now.
So will anything really change any time soon? Well, having your activities brought to the attention of the President of the United States is never a good idea, if ransomware gangs have themselves courted publicity for their attacks in the past as a way of putting pressure on their victims. An incident of such high profile might put a bit of momentum behind efforts to tackle the problem.
If more funds are made available to improve the security of creaking but vital infrastructure, that will be a step in the right direction. Making it harder or even banning the payment of ransoms in this context would certainly bring short term pain for victims but may in the longer term be a way of reducing attacks too.
Of all the complicated problems that have allowed ransomware to flourish, it could be the geopolitical angle may be one of the toughest to crack; sanctions and indictments have done little so far to stop the flood of attacks. But if the nations that still allow these gangs to operate could be persuaded that it’s no longer in their interests to let them do so, that could change the situation hugely.
Still, for now it’s hard to see that the threat of ransomware is going to go away any time soon. Even worse; as we put computers in charge of more of the real world around us, the problem is only likely to get worse.
ZDNET’S MONDAY MORNING OPENER
The Monday Morning Opener is our opening salvo for the week in tech. Since we run a global site, this editorial publishes on Monday at 8:00am AEST in Sydney, Australia, which is 6:00pm Eastern Time on Sunday in the US. It is written by a member of ZDNet’s global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and North America.