How Does Ransomware Work?

residents couldn't pay bills online. Just three weeks before Atlanta was hit, the small city of Leeds, Alabama, also experienced an identical cyber attack, and before Leeds, in January, it was the Hancock Regional Hospital in the suburbs of Indianapolis. What these three attacks have in common is that they were all hit by sam SAM ransomware. Each attack demanded around the same amount, about fifty thou dollars in cryptocurrency.

Hank Hawk Regional Hospital and Leads, Alabama paid the ransom, However, the City of Atlanta did not. Instead, it chose to pay millions to get its systems back online. A ransomware is when a cyber criminal accesses a network of computers, encrypts all of the data and extorts the company or

organization to unlock it, essentially holding the network hostage. Before the article of this episode is based on how stuff Works, spoke with John Hulquist, vice president of analysis at Mandian Threat Intelligence at fire Eye, an intelligence led security company.

He explained that these attacks are nothing new. However, in the first half of the number of organizations impacted by ransomware across the globe has more than doubled compared with another report identified more than eight hundred extortion attempts that likely had data stolen, and the targets are now becoming much more high profile. In the US a loan Since April, prominent companies like Colonial Pipeline, JBS Foods, the NBA, and

Cox Media Group have all been hit. Hackers typically access networks through phishing attacks, which are emails sent to employees tricking them into giving up passwords or clicking on malicious links that will download the malware onto the company network. A ransomware also looks for other entries into company networks via passwords that are easily cracked, like one two three q w E, for instance. So why so many and

why now, hulk Quist explains it like this. Originally, ransomware was mostly automated and targeted small systems with vulnerable passwords, open networks, and easy entryways. He calls it spray and prey quote. The ransomware would go out and hit whatever system it could get. The attackers were known to be quite friendly. They would unlock the data, even offered discounts sometimes and then move on with their life. But then

things changed. Hull Quist says criminals started making large directed attacks on bigger companies with more money, and ransom's skyrocketed in Companies paid more than four hundred and six million dollars in cryptocurrency and ransom to attackers. Hulk Was said, these new targets have to pay out because often they are critical infrastructure they have to get back Online. Consumers are actually a factor because they are forcing these companies to make hasty decisions as far as paying. That was

the case in the Colonial Pipeline attack. The hack took down the largest fuel pipeline in the United States on April and prompted mass fuel hoarding across the East Coast. CEO Joseph Blount told The Wall Street Journal that the company paid the ransom four point four million dollars in bitcoin to bring the pipeline back online, but the decryption key that the adversaries provided didn't immediately restore all of

the pipeline systems. The good news for Colonial is that the US Department of Justice announced on June seven that it recovered six three point seven bitcoins valued at about two point three million dollars the Colonial had paid to its hackers. Of course, not paying the ransom can be just as problematic. Hulk Was said, some of these companies don't want to pay, so they forced them to pay

by leaking their data publicly. That's a proposition that a lot of organizations do not want a part of leaked emails and other proprietary information, he says, can be far more damaging to some companies than simply paying up can open them up to legal trouble or end up hurting their brand. Other hackers simply demand payment without even installing ransomware. That's what happened during the attack on the Houston Rockets

in April. No ransomware was installed on the NBA team's network, but the hacking group threatened to publish contracts and nondisclosure agreements that it claims it stole from the team system if they didn't pay up. There are several new initiatives laid out by the Biden administration in response to the Surgeon ransomware attacks. On May twelve, President Biden signed an executive order designed to improve the cyber security in the

federal government networks. Among its executive actions will establish a Cybersecurity Safety Review Board modeled after the National Transportation Safety Board. The panel will likely include public and private experts who will examine cyber instance similar to how the NTSB investigates accidents.

Biden's team also released an open letter on June two, addressed to corporate executives and business leaders, which emphasized that the private sector has a responsibility to protect against cyber threats and that organizations quote must recognize that note company is safe from being targeted by ransomware, regardless of size or location. We urge you to take ransomware crimes seriously

and ensure your corporate cyber defenses match the threat. So what can you do to ensure that your network is safe? In May, the Cybersecurity and Information Security Agency and the FBI released best practices for preventing business disruption from ransomware attacks. In IT, they list six mitigations the companies can do now to reduce the risk of being compromised by ransomware. First, require multi factor authentication for remote access to operational technology

and I T networks. Second, enables strong spam filters to prevent phishing emails, especially emails containing executable files, from reaching end users. A Third, implement a user training program and simulated attacks for spear phishing to discourage users from visiting malicious websites or opening malicious attachments. Fourth, filter network traffic

to prohibit communications with known malicious IP addresses. Prevent users from accessing malicious websites by implementing URL block lists and or allow lists. Fifth, update software including operating systems, applications, and firmware on I T network assets and a timely manner. Consider using a centralized patch management system. And Sixth, limit access to resources over network, especially by restricting remote desktop

protocol and requiring multi factor authentication. Hul Quist says that the entire purpose of the game now is to hit a huge target who's likely to pay and one that has to pay, and taking critical infrastructure offline is not out of the question that he says the US is not prepared for. He said, our sophistication is our Achilles heal in this space. It makes us more vulnerable to incidents.

One of the lessons we should be taking from all of this is we are not prepared for cyber war, but we do know that they've targeted healthcare and other critical capabilities. Everybody is learning from this. Today's episode is based on the article surge in ransomware attacks exposes US cyber vulnerabilities on house to works dot com, written by Sarah Glin. Brain Stuff is production by Heart Radio and partnership with house to works dot Com, and it's produced

by Tyler Klein. For more podcasts my heart Radio, visit the i heart Radio app, Apple Podcasts, or wherever you listen to your favorite shows. H