WGNO

Why have ransomware attacks increased and the FBI’s ‘unprecedented’ step to prevent them

A laptop displays a message after being infected by a ransomware as part of a worldwide cyberattack on June 27, 2017 in Geldrop. - The unprecedented global ransomware cyberattack has hit more than 200,000 victims in more than 150 countries, Europol executive director Rob Wainwright said May 14, 2017. Britain's state-run National Health Service was affected by the attack. (Photo by Rob Engelaar / ANP / AFP) / Netherlands OUT (Photo by ROB ENGELAAR/ANP/AFP via Getty Images)

CHICAGO (NewsNation Now) — On April 13, 2021, the federal government took the unprecedented step of entering hundreds of private computers to remove malicious code placed during the Microsoft Exchange hack.

While the federal government limited its efforts to solely the Exchange vulnerability, some cybersecurity experts believe this is only the beginning of increased federal-private collaboration on cybersecurity.


Georgia Tech School of Cybersecurity and Privacy Chair Richard DeMillo compared cloud-based systems like Exchange and Amazon’s Web Services (AWS) to an essential utility that requires federal involvement.

“Cloud services are starting to look more and more like the old phone companies from that standpoint, that it’s a private service offered partially over public networks. And we’re putting more and more assets into those services.”

Georgia Tech School of Cybersecurity and Privacy Chair Richard DeMillo

The Exchange flaw was first exposed in January, but its roots date back to a “zero day” vulnerability meaning the system has had that built-in flaw since creation.

Between February and April, over 30,000 systems were made vulnerable to attack from a weakness in the Microsoft Exchange software that companies across the globe use for email, calendars and other functions.

The Biden administration issued multiple statements expressing their deep concern over the issue and even created a multiagency task force dedicated to targeting the issue.

“This is a significant vulnerability that could have far-reaching impacts. First and foremost, this is an active threat,” White House press secretary Jen Psaki told reporters during a daily press briefing

Microsoft removed the vulnerability and issued patches, but not every business fixed their internal systems. That’s when the federal government got involved.

The Justice Department received a court order to infiltrate several hundred computers that did not remove the Exchange vulnerability themselves with the patches issued by Microsoft.

“And very cleverly, the FBI went in with Microsoft, and use that own hacking server to disable itself. They were very clear that they didn’t search those machines for any other information, explained New Jersey Institute of Technology Distinguished Professor and Institute for Data Science director David Bader.

“They also were very clear that they only removed this particular hacking tool, even if there are other zero day exploits on those machines that they knew about. They did not touch them.”

New Jersey Institute of Technology Distinguished Professor and Institute for Data Science director David Bader

Bader called it a “unique approach” to diffusing the vulnerability involving private-public partnership and the court system.

“It’s the first time that we’ve seen the FBI take an action, really in the cyberspace, rather than through the judicial space,” stated Bader.

Experts acknowledge the public has a right to be concerned about law enforcement accessing private computers systems, especially with it being new legal territory.

“At some point, someone is going to say, well, so how do we know that you didn’t go beyond the order? How do you know that other information wasn’t compromised? And so to have a public oversight process to do that, I think just makes a lot of sense,” said DeMillo.

That public-private pressure will increase as more companies and critical infrastructure become vulnerable to hacking and ransomware.

“Of course, what’s happened over the last few years, is that this whole industry has built up that makes that a very efficient business and so not only do people build tools to allow you to take over someone’s system, they have marketplaces that sell those tools to third parties.”

GEORGIA TECH SCHOOL OF CYBERSECURITY AND PRIVACY CHAIR RICHARD DEMILLO

The fuel pipeline that supplies 45% of all U.S. fuel is the latest target with operations expected to be impacted for at least a week.

Hospital networks, police departments, security camera companies, water treatment facilities and even entire cities have fallen victim to high-profile ransomware attacks in recent months.

“We rely on computers for everything. When I go to the bank, I want to make sure that my money is there. When I drive my car, I wanted to work without crashing off a bridge. And so these types of hacks that we’re just seeing emerging, are really game changing in terms of how we must respond to them,” said Bader.

Bader said the frequency and scope of the latest ransomware attacks are a sign that companies need to take cybersecurity as seriously as they take other safety requirements for running a business.

“Having a business means being operational. And as more and more businesses get shut down, because their computer systems are under attack, then they naturally will have to upgrade, or they may not be able to function as a business going forward. So, it’s unfortunate, but it’s a cost of doing business in this day.”

NEW JERSEY INSTITUTE OF TECHNOLOGY DISTINGUISHED PROFESSOR AND INSTITUTE FOR DATA SCIENCE DIRECTOR DAVID BADER

He added, “So I think we’re at the point where cybersecurity becomes a first-class citizen, for when we run our businesses and our governments.”

Both experts anticipate seeing the federal government take a more active role in enforcing cybersecurity best practices for private businesses, especially when foreign actors are involved in a hack.

“Beyond a certain scale, you can’t rely on individuals to fight the nation-state attack, for example, you know, if we were to be invaded like England was in World War II with aircraft, citizen volunteers with binoculars only takes you so far,” said DeMillo. “So at some point, you need to you need to have people with guns and bombs that do things and that intrudes into private rights.”

A 2019 estimate found that the overall cost of U.S. ransomware attacks is up to $9 billion a year in terms of recovery and lost productivity, according to cybersecurity firm Emisoft.

DeMillo said there’s a lesson to take away from the Exchange hack and latest rash of ransomware attacks.

“There seems to be a general feeling that you can just give people checklists, and they check off the things to do. And somehow that protects them, which is clearly not the case. The amount of money that’s being spent on the other side, is going up proportionally faster than the amount of money we’re spending on the defensive side,” said DeMillo.

“It’s an arms race that the adversaries are currently winning.”

GEORGIA TECH SCHOOL OF CYBERSECURITY AND PRIVACY CHAIR RICHARD DEMILLO