Just 10 years ago, ransomware was the domain of mostly small-fry hackers encrypting files to squeeze a few hundred dollars out of random individuals. Today it’s an urgent issue of national security.
As President Biden said in late July: If the U.S. ends up in “a real shooting war” with “a major power,” a “cyber breach of great consequence” will be to blame.
Cybercriminals have been escalating their attacks for years — locking up the computer systems of police stations, city governments and hospitals. But the ransomware attack in May on the operator of the largest petroleum pipeline in the U.S. — which disrupted gasoline supplies in much of the country — is one of many cyberassaults that are tiptoeing closer to an act of war.
DarkSide, the hackers-for-hire believed to be based in Russia, dropped out of sight after the company Colonial Pipeline paid $4.4 million in bitcoin. But cybercrime groups frequently reorganize and rebrand. Haron and BlackMatter are among the new names that have emerged this summer. The FBI recently announced it was tracking more than 100 active ransomware groups.
To rein in ransomware attacks, the U.S. needs to upend the risk-reward ratio for hackers — and for the countries that harbor or support them. Such a national deterrence strategy would make networks harder to breach, hit back harder against hackers and claw back gains from those who succeed.
Many corporations and other private-sector organizations haven’t sufficiently hardened their own defenses, despite repeated warnings. In part, this is because they’ve paid too little a price for their negligence. In 2013, Target suffered what was then the largest-ever data breach, which compromised the financial data of 40 million customers. In 2017, the sensitive financial records of more than 140 million people were exposed in the data breach of Equifax, a credit-monitoring company.
Neither company — nor many others like them — were punished by their shareholders or their customers over the long term.