In January 2021, JBS, the world's largest meat-processing company, revealed that it paid a ransom of $11 million in Bitcoin to cyber attackers.
Similarly, in May of the same year, Colonial Pipeline, the largest refined-products pipeline in the U.S., experienced a severe cyber attack, leading to the company shutting down operations and freezing its IT systems. To restore operations, Colonial Pipeline paid a ransom of $4.4 million in Bitcoin.
What linked both incidents was the use of ransomware. Ransomware is a type of malware designed to deny users access to their data, with attackers demanding a ransom in exchange for restoring access.
Despite reports of a decrease in ransomware attacks in 2022, a Statista survey showed that 71% of companies worldwide were affected by ransomware that year, with the average ransom payment reaching $925,162. Now, in 2023, there is a resurgence of ransomware attacks, as reported by security company Black Kite.
The negotiation tactics for ransom payments are seldom reported in the news due to law enforcement agencies like the FBI and Cybersecurity and Infrastructure Security Agency strongly advising against paying ransoms. However, many organizations still choose to pay the ransom as they consider it the quickest way to recover their systems.
The process of ransom payments involves the attackers dictating the communication and payment channels, often utilizing cryptocurrencies like Bitcoin for their anonymity and speed.
Ransomware attackers typically exploit the sensitive data they have encrypted to put pressure on affected organizations during negotiations. Negotiators might assume different personas, even pretending to be empathetic and building a rapport with attackers to secure the best deal possible.
The recovery of ransom payments can be challenging, but it is not impossible. In some cases, law enforcement agencies have successfully followed the money trail in cryptocurrency wallets to recover part of the ransom. However, tracing illicit ransom payments remains costly and time-intensive.
While paying a ransom might lead to data recovery, it does not guarantee full restoration, and organizations often remain vulnerable to subsequent attacks from the same threat actors.
Banning ransom payments entirely might not solve the problem, as some situations may warrant paying the ransom, such as critical infrastructures being affected.
The battle against ransomware requires cooperation between the private sector and government agencies. The government's involvement is crucial in intelligence gathering and threat mitigation, as cyber attackers constantly evolve their tactics.
Regulatory compliance also plays a significant role in cybersecurity at the national level, setting the tone for security measures in the private sector.
The U.S. government's National Cyber Strategy aims to hold private companies responsible for cybersecurity, emphasizing their role in cybersecurity efforts and engaging the private sector in disruption activities through scalable mechanisms.
It remains to be seen how these strategies will unfold, but tapping into offensive cyber talent could potentially enhance America's defensive and offensive cyber capabilities significantly.