Experts delve into recent ransomware attacks

By Janette Neuwahl Tannen

Experts delve into recent ransomware attacks

By Janette Neuwahl Tannen
University of Miami cybersecurity and supply chain faculty members explain why cybercriminals are finding infrastructure a lucrative target.

Oil pipelines. Transit systems that operate subways in New York City and ferry boats in Massachusetts. Meat processing plants that feed the nation, as well as hospitals, school districts, and local governments.

All of these systems are vital sources of products and services that Americans rely on daily. And while technology is making them more efficient, it also makes them more vulnerable to elusive cybercriminals who use ransomware—malicious software that shuts down a computer system until the operator pays hackers a ransom. Last week, after a recent cyberattack on an oil pipeline shot gas prices up and a meat processing company halted operations for a day from another hack, the White House warned American companies to protect themselves because there are likely more to come.

According to the Verizon Data Breach Investigations Report, which surveys cybersecurity attacks in 88 countries, most of these attacks in 2020 were financially motivated, and 10 percent of them involved ransomware, more than doubling the frequency from the previous year.

Two University of Miami expertsone in cybersecurity and another in supply chain management—describe how the barrage of ransomware attacks is affecting businesses and what, if anything, can be done to thwart them.

Lokesh Ramamoorthi
Ramamoorthi

Lokesh Ramamoorthi is a lecturer in the College of Engineering’s Department of Electrical and Computer Engineering who teaches classes on cybersecurity at the University. He is also a former member of the University’s information security team.

Alex Niemeyer is an associate professor of professional practice in management at the Miami Herbert Business School who specializes in supply chain operations.

Why are these ransomware attacks on the rise?

Ramamoorthi: Today practically every organization uses digital tools for essential services like payroll, scheduling, infrastructure, and supply chain and therefore is dependent on these digital systems. Unfortunately, cybercriminals know how to exploit the weaknesses in these systems.

It is also simpler today to carry out a cyberattack. In the past, a person who wanted to do this needed to know how to write computer code to hack into an organization, but today people can buy “ransomware as a service” (a blueprint for ransomware that hackers can simply customize) from the internet, which is another reason for the rampant increase in ransomware attacks. The growth of cryptocurrency has also fueled the increase. Cryptocurrencies are virtually untraceable, so ransomware demands are always met with cryptocurrency, and with the growth of these markets, it is getting harder to track down the culprits of these cyberattacks.

Alex Niemeyer
Niemeyer

Niemeyer: Today, you cannot run your business anymore if its systems are shut down, so in the last three to four years we have seen a massive spike in systems being shut down by ransomware attacks. Businesses need to pay close attention to this potential moving forward.

Why does it seem that there are more cyberattacks in recent months?

Ramamoorthi: Ransomware attacks have been an issue for quite a few years. However, only a few private organizations want to talk about how they have been breached. A lot of private companies want to preserve their reputation, so they do not report it. Therefore, cybercriminals keep attacking again and again. With many employees working remotely due to the pandemic, sensitive data is exposed beyond an organization’s secure network. This is also a very attractive and easy target for cybercriminals.

How are the Colonial Pipeline and the JBS Foods cyberattacks similar?

Ramamoorthi: They were both done using ransomware, and both cybercriminals were targeting the supply chain infrastructure. While the underlying technology that these criminals needed to know in order to attack the infrastructure could be different, these attacks are both categorized under ransomware because the companies’ access to their own systems was interrupted by hackers until a ransom is paid. This puts their supply chain systems in jeopardy, which affects their global supply chain system. Whether it is a pipeline for gas or a supply chain for meat, everything relies on a seamless supply chain, and hackers know well that by targeting such systems, it’s easy to get their ransom demands paid. 

What can public and private entities do to better protect themselves from ransomware attacks?

Ramamoorthi: Companies need to implement cyber hygiene practices and use multiple layers of security to prevent these attacks. If the attacks happen, they need a business continuity plan so the cyberattack does not affect their day-to-day business operations. All businesses today should do a ransomware drill, just like we do fire drills. It is expensive, but we are in the age of ransomware, so businesses need to have more resilient disaster recovery practices.

Niemeyer: All the systems today are so interconnected that if your business has a ransomware attack, often you are shut down because there are no computers you can trust. Some ways that businesses can protect themselves are by training employees about how to avoid phishing attacks (opening an email and clicking on links that give hackers access to your computer) and using multi-factor authentication to log in to computers, but the key vector is often an employee with privileges to the servers who clicks on a phishing link. Every employee is vulnerable, so lots of money should be spent on employee education.

Do most companies pay the ransom for these attacks, like the Colonial Pipeline company did?

Ramamoorthi: It depends on what type of information is affected and how sensitive the information is. Ninety-nine percent of the time, the recommendation from experts is not to pay, but if something that’s very essential is crippled—like gas, which is a lifeline for America—companies may need to pay.

Why should companies not pay the ransom?

Ramamoorthi: If they pay the ransom fee, it is not a deterrent to continue these attacks because they are profiting from it, and it is also not a guarantee these criminals won’t do it again. Recent incidents show the hackers post sensitive data on the internet in public websites even after the ransom is paid by the victim of the ransomware attack.

How do you think these cyberattacks will affect consumers? Will prices go up?

Niemeyer: Cybersecurity is an essential part of the cost of doing business today, so these costs are already embedded in a company’s overhead. I don’t think prices will go up because of it. Overall, while heavily talked about in the news, it’s still a relatively minor cost to businesses. Obviously, that could change.

Learn more about keeping your personal information safe here.