Press "Enter" to skip to content

What happened over the weekend in ransomware?

Monday morning clearly means a Monday cleanup…

The Justice Department has created a task force for centrally tracking and coordinating ransomware and related crimes, including botnets, money laundering, and hosting.  

In case you missed it, Cox Media Group was hit with a ransomware, disrupting live streaming of TV, and UF Health Central Florida was also hit.     

A new ransomware strain, Payload BIN, is being attributed to the Evil Corp gang, rebranding to avoid sanctions placed by the US Treasury.  

Bloomberg News has follow up to Colonial Pipeline’s attack – how did the hackers get in?      A single, compromised account, which was used to access the company’s VPN.      The account was for a “legacy” virtual private network, not routinely used by employees.  It did not use two factor authentication.  

Ransomware could cost $265 billion by 2031, per research from Cybersecurity Ventures.    This is based on 30% growth in incidents year over year, and estimates say this year will cost $20 billion, which is 57 times more than 2015.  

Data from The Thales Group isn’t great – just 55% of those surveyed have implemented multi-factor authentication in any form.    Only 17% said more than 50% of sensitive cloud hosted data is encrypted.   Only 45% have centrally defined cloud policies.

This all after the White House pleaded with businesses to “take ransomware crime seriously.”     The FBI Director has compared these attacks with the 9/11 ones, focusing on the parallels between the two.    This in statements on Friday.  

Why do we care?

I wish the FBI Director’s statements were true, but the lack of the physical imagery of burning buildings means ransomware just is not the same.    The White House may plead to take this seriously, but without a more significant downside, it just won’t happen.

We as technologists have the tools to prevent so much of the issues we are facing.    How many of you rolled your eyes hearing that the way into Colonial Pipeline was an old, unused account with no 2FA?  

So if the solution is known, and there is no surprise to the occurrences, unless something changes, we’ll see more of the same.     I stand by my 2021 prediction – someone’s going to get hit with criminal negligence over security, because most of these ransomware incidents are proving to be very preventable.