Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


// // //
10:00 AM
Bill Harrod
Bill Harrod
Connect Directly
E-Mail vvv

Are Ransomware Attacks the New Pandemic?

Ransomware has been a problem for decades, so why is government just now beginning to address it?

Ransomware attacks are the new pandemic, threatening the US economy, commerce, and the flow of goods to market. First, there was the Colonial Pipeline shutdown, then JBS USA. However, those were not even close to being the first; ransomware attacks have been around for decades.

Related Content:

Ransomware Is Not the Problem

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: 11 Cybersecurity Vendors to Watch in 2021

Some of the earliest attacks were in healthcare facilities, in part due to their reliance on hard-to-update IT infrastructure and vulnerable operating systems as well as the critical and even life-threatening impact of a network outage in a hospital. Over the years, ransomware attacks have shown up in TV episodes and received broad coverage in the media.

If this is the case, why is the federal government only now weighing in on addressing these attacks? Three factors come to mind:

  • The impact on the US economy and literal flow of goods (gas and meat are just the latest) at this critical juncture, just as the US economy is recovering from the COVID-19 pandemic
  • The weaponization of ransomware attacks and the involvement of foreign governments in the disruption of the economy and the escalation of attacks
  • A general erosion of confidence in the cybersecurity of IT infrastructure, on which so much of daily life now depends

The SolarWinds attack — while not a ransomware attack — demonstrated the fragility of our IT infrastructure and the interdependencies of our networks. Additionally, if you recall the ice storm that disrupted the electric grid and water supplies in Texas and Mississippi early this year, we clearly see the impact of outages to our critical infrastructure. Couple these observations with the recognition that adversarial nation-state governments are now harnessing software supply chain and ransomware attacks to methodically undermine confidence in and actual operations of the US economy, power, water, and financial systems.

When ransomware attacks were thought to be crimes of opportunity and cryptocurrencies were both the "getaway car" and the financial instrument of the benefit, common best practices were considered adequate defenses. Those best practices included addressing vulnerabilities, automating patching — especially of critical servers and applications, leveraging multifactor authentication and eliminating passwords, employing anti-phishing and anti-ransomware solutions on mobile devices and user endpoints, and implementing a zero-trust architecture framework.

The same best practices are useful in mitigating the more sophisticated ransomware attack landscape that we now find ourselves facing. However, the combination of the software supply chain attack vector and the ransomware attack vector complicate how we combat these attacks. The nation-state nexus changes the motivation from monetary reward to intelligence gathering and operational disruption. The typical ransomware attack is based on a near-term time horizon and ability to cash in on the attack, yet intelligence gathering and maximizing the disruptive potential (and, in parallel, camouflaging its presence) may be components of a nation-state attack.

At the federal level, we need to address the pervasive fear when cyberattacks are reported. This is not to discount the actual impact and disruption caused by the SolarWinds attack or the loss of millions of identities in the Office of Management and Budget data breach several years ago — but we need to balance the reports of data loss with clear descriptions of how the attacks were perpetrated, how they were discovered, and what is being done to remediate and prevent future events.

Recall the fear-induced stockpiling of toilet paper, meat, and gasoline where there was little if any actual shortage; disruptions were caused by the fear of the shortage rather than any actual shortage. This tendency carries over to insecurities in financial systems — potentially one of the underlying factors in the early successes of cryptocurrency — and in the supply distribution networks for everything from personal protective equipment to water and electricity. The federal government needs to assure its citizens that physical, technical, and supply distribution-channel infrastructures are all protected, resilient, and have well-constructed contingencies.

Yes, ransomware attacks have the potential to be the new pandemic — but they don't have to be. We can be more resilient and better prepared with adequate preparation and leadership.

Bill Harrod is the Federal CTO at Ivanti. He is an accomplished information security executive and cybersecurity professional with experience managing cybersecurity risk and designing and delivering security solutions to federal agencies and Fortune 500 companies. He is an ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file