U.S. officials announced something that’s never been done before in the fight against ransomware. They traced and recovered some of the ransom, paid in bitcoin, by Colonial Pipeline to the hacking group known as DarkSide. That’s not supposed to happen with cryptocurrencies, at least not very easily.
One person who hopes this means more hackers will be caught is James, who helps run a small company in the Midwest with about 35 employees. He explained “I showed up in the office early last year and basically we couldn’t do anything on our computers.”
It was a ransomware attack. James, who asked not to be identified to protect his company from future attacks, said, “they sent us a cryptic ransom note in broken English, asking us for tens of thousands of dollars in bitcoin.”
Hackers have been holding companies hostage since long before cryptocurrencies were invented. But cryptocurrencies can offer anonymity, or at least a method of payment outside the control law enforcement. It’s allowed digital ransom and extortion to explode in recent years.
“It’s probably in the couple billion dollar a year revenue for the ransomware gangs, and collateral damage is probably 1 to 2 orders of magnitude greater,” said Nick Weaver, a lecturer at University of California, Berkley who focuses on computer security.
How store brands went from shamed to chicAug 17, 2022
Consumer sentiment has an income divideAug 16, 2022
Apartments are going up, but rent isn’t going down yetAug 15, 2022
On the face of it, the fact that the FBI was able to crack into a bitcoin wallet and take back the money from DarkSide would appear to threaten one of the foundations of this criminal industry.
But Mark Rasch isn’t so sure. He’s the chief legal officer of cybersecurity threat intelligence company Unit221B. “Part of the reason they were able to claw back a specific transaction is likely that they were able to work closely with Colonial Pipeline in making the payment in the first place,” Rausch said.
The FBI seized $2.3 million from DarkSide’s virtual currency wallet. It presumably could not get back the many tens of millions the hacking group took from countless other companies, and it will probably take years of effort and regulation before the tide turns in the cat and mouse game between law enforcement and hackers.
There are steps companies can take to better protect themselves against cyber extortion, said Karen Schuler, national leader of tax and advisory firm BDO’s Governance, Risk & Compliance Practice. Schuler suggested these concrete measures:
- Assess, test and update incident response and resiliency policies, procedures and plans
- Increase operational resilience by identifying disruption scenarios and recovery strategies
- Develop security awareness content and provide training to employees, contractors and third parties
- Develop a comprehensive user access management program, with policies and procedures
- Implement network security solutions, including intrusion detection and prevention, to strengthen perimeter security
- Develop proactive vulnerability and patch management programs to address evolving threats and risks
James, by the way, the Midwest manager whose company was hacked, did not end up paying a ransom. He had backups of all his data.