SAN DIEGO — Ransomware continues to hit companies large and small. Systems at Scripps Health remain unusable after a ransomware attack last week. On Saturday, the Colonia Pipeline company, which runs a fuel pipeline along the East Coast, said hackers also targeted their infrastructure.
These types of attacks are hardly unique and cyber experts have seen an increase during the pandemic as workers connect remotely.
“Our industrial networks are way more connected than they ever have been before. We haven't historically invested in them as much. Once we do that, we will see a lot of that risk reduced,” said Rob Lee, a former intelligence officer with the National Security Agency who now runs cybersecurity firm Dragos.
Ransomware typically starts with an email that convinces a user to download a file, provide sensitive login information or otherwise grant access to a corporate computer.
Cyber security experts urge users to remain vigilant about suspicious emails and to use caution before downloading files, clicking on links or inserting external drives. Hackers may impersonate company officials as a way to gain the confidence of the reader.
Once inside, the hackers take hold of the system and spread through the network.
"The cybercriminal works laterally through the computer networks to then find the target machines or machines and then encrypt the data and send them the ransom note,” explained Scott Schober, CEO of cybersecurity firm Berkeley Varitronics Systems.
Hackers often demand money, usually in the form of untraceable digital currency, in exchange for ending their grip on the network. Internet security company Sonicwall estimated ransomware cases increased 40% in 2020 and the average payout has increased from a few thousand dollars in 2018 to more than $230,000. Although law enforcement has traditionally discouraged paying the ransom.
“The FBI is very specific about don't pay any ransom because you may never get back what you're paying for anyway,” said Jeff Harp, a retired special agent-in-charge with the FBI San Francisco office.
Cyber experts believe one reason for the increase in ransomware may be the pandemic. Companies were forced to quickly find ways for employees to work remotely, which may have led to more vulnerabilities. In some cases, the ransomware originated with third-party vendors who may have their own security policies.
“The payload then moves across the organization quickly, locking up computers as it goes. Within a matter of hours, the entire IT infrastructure is down,” said Caleb Barlow, CEO of CynergisTek, a healthcare cybersecurity firm. “Their thesis is if they cause a lot of harm, they are more likely to get paid.”
Even if companies manage to wrestle back their network, there are often lasting effects.
Businesses must upgrade their security and determine what data may have been compromised. In some cases, hackers are holding consumer data for ransom, which could be copied and used separately for identity theft.
“It's death by a thousand cuts,” said Armen Najarian with RSA Security. “That's the concern that yet another important bit of information is now out there among the organized fraud communities.
Watch: Scripps Health hack forcing appointments to be canceled and more