Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


// // //
10:00 AM
Bill Harrod
Bill Harrod
Connect Directly
E-Mail vvv

Are Ransomware Attacks the New Pandemic?

Ransomware has been a problem for decades, so why is government just now beginning to address it?

Ransomware attacks are the new pandemic, threatening the US economy, commerce, and the flow of goods to market. First, there was the Colonial Pipeline shutdown, then JBS USA. However, those were not even close to being the first; ransomware attacks have been around for decades.

Related Content:

Ransomware Is Not the Problem

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: 11 Cybersecurity Vendors to Watch in 2021

Some of the earliest attacks were in healthcare facilities, in part due to their reliance on hard-to-update IT infrastructure and vulnerable operating systems as well as the critical and even life-threatening impact of a network outage in a hospital. Over the years, ransomware attacks have shown up in TV episodes and received broad coverage in the media.

If this is the case, why is the federal government only now weighing in on addressing these attacks? Three factors come to mind:

  • The impact on the US economy and literal flow of goods (gas and meat are just the latest) at this critical juncture, just as the US economy is recovering from the COVID-19 pandemic
  • The weaponization of ransomware attacks and the involvement of foreign governments in the disruption of the economy and the escalation of attacks
  • A general erosion of confidence in the cybersecurity of IT infrastructure, on which so much of daily life now depends

The SolarWinds attack — while not a ransomware attack — demonstrated the fragility of our IT infrastructure and the interdependencies of our networks. Additionally, if you recall the ice storm that disrupted the electric grid and water supplies in Texas and Mississippi early this year, we clearly see the impact of outages to our critical infrastructure. Couple these observations with the recognition that adversarial nation-state governments are now harnessing software supply chain and ransomware attacks to methodically undermine confidence in and actual operations of the US economy, power, water, and financial systems.

When ransomware attacks were thought to be crimes of opportunity and cryptocurrencies were both the "getaway car" and the financial instrument of the benefit, common best practices were considered adequate defenses. Those best practices included addressing vulnerabilities, automating patching — especially of critical servers and applications, leveraging multifactor authentication and eliminating passwords, employing anti-phishing and anti-ransomware solutions on mobile devices and user endpoints, and implementing a zero-trust architecture framework.

The same best practices are useful in mitigating the more sophisticated ransomware attack landscape that we now find ourselves facing. However, the combination of the software supply chain attack vector and the ransomware attack vector complicate how we combat these attacks. The nation-state nexus changes the motivation from monetary reward to intelligence gathering and operational disruption. The typical ransomware attack is based on a near-term time horizon and ability to cash in on the attack, yet intelligence gathering and maximizing the disruptive potential (and, in parallel, camouflaging its presence) may be components of a nation-state attack.

At the federal level, we need to address the pervasive fear when cyberattacks are reported. This is not to discount the actual impact and disruption caused by the SolarWinds attack or the loss of millions of identities in the Office of Management and Budget data breach several years ago — but we need to balance the reports of data loss with clear descriptions of how the attacks were perpetrated, how they were discovered, and what is being done to remediate and prevent future events.

Recall the fear-induced stockpiling of toilet paper, meat, and gasoline where there was little if any actual shortage; disruptions were caused by the fear of the shortage rather than any actual shortage. This tendency carries over to insecurities in financial systems — potentially one of the underlying factors in the early successes of cryptocurrency — and in the supply distribution networks for everything from personal protective equipment to water and electricity. The federal government needs to assure its citizens that physical, technical, and supply distribution-channel infrastructures are all protected, resilient, and have well-constructed contingencies.

Yes, ransomware attacks have the potential to be the new pandemic — but they don't have to be. We can be more resilient and better prepared with adequate preparation and leadership.

Bill Harrod is the Federal CTO at Ivanti. He is an accomplished information security executive and cybersecurity professional with experience managing cybersecurity risk and designing and delivering security solutions to federal agencies and Fortune 500 companies. He is an ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-11-30
Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
PUBLISHED: 2022-11-30
Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)
PUBLISHED: 2022-11-30
Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
PUBLISHED: 2022-11-30
Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High)
PUBLISHED: 2022-11-30
Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)