Innovation Monitor: How we can work to solve ransomware
Welcome to this week’s Innovation Monitor.
From the Equifax data breach in 2017, Colonial Pipeline attack earlier this year, to the 2008 cyber espionage attack on the Pentagon, cybersecurity has become a core function for businesses, governments, and institutions. The sector is vast, and spans the realm of hacks targeting individuals for the hundreds of dollars to sophisticated attacks on critical national infrastructure. Here’s a quick podcast from Axios on how “ransomware became an industry.”
This week we’ll discuss categories of cybersecurity and ransomware attacks, how they work, who the players are, and some evolving cross-sector solutions. Software has eaten the world, and so much of our lives and infrastructure exist digitally, networked, on a server. Digital security is equally as important and inextricably linked to our physical wellbeing.
Thank you for reading, and as always, if you were forwarded this email, you can easily sign up here!
Erica Matsumoto Extortion-as-a-service Two recent swift attacks — against American fuel distribution network Colonial Pipeline Co. and JBS, the world’s largest meat supplier — might make you feel as if we’re in the midst of a sudden ransomware crisis. In truth, these attacks are nothing new. Targets have included multiple American cities, the US military, even hospitals.
Ransomware is not just crippling infrastructure and big businesses. It is big business in itself. According to Elliptic, the DarkSide ransomware gang (responsible the Colonial Pipeline shutdown) has extorted $90M in Bitcoin revenue in half a year.
DarkSide is a ransomeware-as-a-service — they have a “Why choose us” section, and, quizzically, a code of ethics. Lawfare notes that the number of similar groups is so large that “one needs a scorecard to keep track of them all.” Commodification of cyber crime There are two general types of ransomware, according to Vectra AI CTO Oliver Tavakoli: commodity and human-operated.
The modern iteration of commodity ransomware has a wide attack vector, generally going for volume instead of a specific big business. Hackers craft an automated campaign that encrypts network drives then spreads to neighboring machines via a worm. The hope is that some of these encrypted files will contain vital data, for which hackers demand a modest sum. (See WannaCry.)
Human-operated ransomware is the forte of groups like DarkSide — more sophisticated, more targeted, larger ransoms. These takes weeks to pull off, and the groups executing these attacks might have PR strategies, “customer success” teams, a brand image, and even a franchise model:
“The franchiser supplies tools, playbooks and other attack infrastructure, while franchisees use these services to carry out the attacks, forwarding a percentage of the paid ransom back to the franchiser.”
For an excellent overview of the evolution of ransomware, check out this New Yorker piece. Anti-extortion-as-a-service Protection against ransomware attacks is big business too. The market for endpoint protection software has reached over $9B, double since 2016. According to Oliver Spence, co-founder at North Star Cybersecurity, “solving ransomware is magnitudes harder than solving spam, and that isn’t solved yet.”
Security expert Kevin Beaumont went as far as to call it an existential crisis for the security industry, despite the preventative measures being developed. Is it really that bad? Here’s Beaumont’s sobering example:
“Ransomware group Conti… encrypted systems across HSE — Ireland’s national healthcare system. [Army officers were deployed] restore the system using a decryption key, reportedly provided for free by the Conti gang…. The fact that a nation has their army helping restore Windows 7 PCs for emergency services for weeks should be a wake up call.”
Beaumont calls this type of attack the new normal. The most prolific group performing these crippling attacks is Ryuk, which, according to WSJ, collected at least $100M in ransoms last year and hit 235 general hospitals and inpatient psychiatric facilities. Crypto enabled cyber crimes These groups are able to carry out their operations at such a large scale and without little retaliation thanks to the relative anonymity of cryptocurrencies.
According to Nicholas Weaver, a member of the research group that “showed Pfizer how to eliminate the Viagra spam problem,” “cryptocurrencies are the only [payment] tool left for ransomware purveyors. So, if governments take meaningful action against Bitcoin and other cryptocurrencies, they should be able to disrupt this new ransomware plague and then eradicate it.”
What are governments, researchers, companies, and consumers doing to fight back? Cross sector, global coordination The Biden administration recently signed an executive order to strengthen US cybersecurity defenses. But deterring and punishing ransomware hackers has proven extremely difficult — mainly because they enjoy a legal safe harbor in countries like Russia.
According to MIT Tech Review, “what must happen to change this is a global partnership between countries and companies to take ransomware head on. The free market has repeatedly failed to solve some of the world’s biggest cybersecurity problems. This may be because the ransomware crisis is a problem at a scale that no private sector can solve alone.”
Security researchers recently developed tech that takes 115 milliseconds to detect a ransomware threat and shut it down. And this, month Axios covered AI-based methods for defending against attacks. They mentioned a CSET report that notes that “[ML] can help defenders more accurately detect and triage potential attacks,” but that in many cases, “these technologies are elaborations on long-standing methods — not fundamentally new approaches — that bring new attack surfaces of their own.”
Governments have tried to pressure Russia to hold its (likely government-sponsored) hackers accountable. G7 leaders this month asked Russia to “take action against those conducting cyber attacks and using ransomware from within its borders.”
Earlier this month, we learned that the FBI recovered roughly $2.3M of the ransom paid to the Colonial Pipeline hackers. According to WSJ, “law-enforcement officials in recent years have established a track record of tracing cryptocurrency and at times seizing it.” For example, the Justice Department claims to have seized roughly $1B in crypto associated with Silk Road.
The exact methods? Unknown. Apparently, the FBI obtained the private key for the ransom’s final bitcoin address and seized the funds. According to Elvis Chan of the FBI’s SF cyber branch: “You can’t hide behind cryptocurrency. Overseas is not an issue for this technique.” This Week in Business History
June 21, 2004: SpaceShipOne was the first spacecraft developed in the private sector to exit the atmosphere.
As private space travel is in the headlines, with Jeff Bezos and Richard Branson looking to fly to space, 17 years ago this week SpaceShipOne became the first private spaceflight. The project was funded by the Microsoft co-founder Paul Allen and flew just beyond the atmosphere before gliding back to Earth. Nearly two decades later, we’re now much closer to the dream of private individuals being able to travel into space.