Ransomware attacks are on the rise and remain an assiduous cyber threat globally. These malicious strikes are sweeping the U.S. affecting telecommunications, government, healthcare, entertainment, technology sectors and more.
This type of malware encrypts data and demands money with the threat to disrupt business. Often, the motive for threat actors is financial gain. In other cases, the goal is to thwart operations or cause reputational harm. In any case, it’s problematic.
In July 2024 alone, numerous ransomware incidents and data breaches were widely reported across the United States. Ransomware attacks reportedly shut down L.A. County courts, created ongoing tech problems for the City of Columbus, Ohio, and caused closures of the Jefferson County Clerk's Office in Kentucky.
The North Carolina State Bureau of Investigation disclosed it's investigation of a malicious intrusion that occurred in May 2024 on a vendor-managed system.
Pentagon IT provider Leidos Holdings, one of the largest service providers to the U.S. government, divulged the leak of stolen documents by a hacker. The data was taken in a previously disclosed breach of its third-party vendor, Diligent Corp, whose customers reportedly include the Department of Defense, the Department of Homeland Security and NASA.
According to reports, a hacker infiltrated Michigan Medicine and compromised the patient data of 56,000 people including their names, addresses, birth dates, diagnostics, treatment information, and health insurance details.
AT&T recently confirmed a data breach resulting in user information purportedly being leaked online and Live Nation notified users that a cyber intrusion compromised credit card information and private data of approximately 100 million customers.
Also impacted was Basset Furniture which filed an 8-K with the SEC disclosing that a cyberattack disrupted operations at its manufacturing facilities.
Why are ransomware attacks and data breaches becoming more commonplace? Ransomware-as-a-Service (RaaS) may be part of the answer.
In recent years, an illegal business model called Ransomware-as-a-Service emerged on the cyber landscape. RaaS involves cybercriminals developing malicious software, selling it via the dark web, allowing less sophisticated threat actors, or "affiliates," to launch ransomware attacks independently.
Before the rise of the RaaS business model, attempting a ransomware attack required expertise in writing code. Ransomware-as-a-Service alleviates this requirement, arming criminals without coding knowledge with tools to execute sophisticated attacks.
RaaS provides bad actors with expert-level decryption and encryption software, simplifies the deployment of ransomware campaigns, and even provides 24/7 software support.
The business of RaaS can be highly organized depending on the criminal group, and may include vetting "affiliates" via interviews, conducting background checks, and reviewing digital footprints prior to providing access to ransomware kits.
Ransomware attacks can be highly lucrative for fraudsters, yielding payments of hundreds of thousands of dollars. A report by Statista revealed that the average ransom payment rose from approximately $328,000 in quarter one of 2023 to over $740,000 in quarter two of 2023.
Ransomware is a federal offense and prosecuted under the Computer Fraud and Abuse Act. However, ransomware is not solely a U.S. problem and, because the internet is borderless, attacks may be launched from international territory. Combatting ransomware executed transnationally involves collaboration by international law enforcement.
In May 2024, the FBI announced Operation Endgame, a coordinated worldwide law enforcement dismantling of criminal infrastructure responsible for malware and cybercrime.
The multinational cyber operation coordinated by the U.S. reportedly included law enforcement from Denmark, France, Germany, the Netherlands, and the United Kingdom, with assistance from Europol and Eurojust. Ukraine, Portugal, Romania, Lithuania, Bulgaria, and Switzerland provided supporting police actions that disrupted more than 100 servers, defeating “multiple malware variants” and aiding in accessing decryption keys for victims.
On July 18, 2024, court documents show two foreign nationals pleaded guilty to participating in the LockBit ransomware group and to deploying LockBit attacks against victims in the U.S. and abroad. The guilty pleas come in the wake of the LockBit ransomware takedown in February by the U.K. National Crime Agency's Cyber Division in conjunction with the Department of Justice, FBI and international law enforcement partners.
In the U.K., police cooperated with the U.S. and international agencies to arrest a 17-year-old connected to the September 2023 MGM ransomware attack. The British teen is believed to have worked with a large-scale hacking group on the cyberattack causing MGM Resorts International's computer system to be down for 10 days.
Despite law enforcement’s efforts, increased access to Ransomware-as-a-Service coupled with the promise of hefty financial gain from ransom payments could certainly factor into the sharp increase in the ransomware attacks and data breaches we’ve witnessed.
As long as criminal minds exploit technology, use Ransomware-as-a-Service, and organizations pay ransom in cyberattacks, we will see this type of attack repeated.
While there will always be those who hack and breach for reasons other than money, we can decrease the financial incentive for those seeking monetary gain, in one aspect, by not paying the ransom.
V. Venesulia Carr is a former United States Marine, CEO of Vicar Group, LLC and host of "Down to Business with V.," a television show focused on cyberawareness and cybersafety. She is a speaker, consultant and news commentator providing insight on technology, cybersecurity, fraud mitigation, national security and military affairs. Read more of her reports — Here.