News

Explained: What is a ransomware attack?

Explained: What is a ransomware attack?
Share this article

A ransomware attack on the HSE has brought attention to the growing area of cybercrime.

What is ransomware?

Ransom software works by encrypting victims' data; typically hackers will offer the victim a key in return for cryptocurrency payments that can run into the hundreds of thousands or even millions of euros. If the victim resists, hackers are increasingly threatening to leak confidential data in a bid to pile on the pressure.

How widespread is it?

Advertisement

Ransomware gangs collected almost €300 million last year, up threefold from 2019, according to members of a public-private group called the Ransomware Task Force. While the magnitude of the DarkSide breach is significant, other kinds of attacks have arguably been more destructive.

In 2017 the so-called WannaCry cyberattack crippled hospitals, banks and other companies across the globe. The US government said the attack cost billions and blamed North Korea. NotPetya malware, which struck Ukraine the same year but also did damage worldwide, similarly racked up billions in costs.

At the UK National Cyber Security Centre annual conference on Wednesday, British Foreign Secretary Dominic Raab also pointed the finger at Russia, where many gangs are based.

Russia "can't just wave their hands and say nothing to do with them", he said. "Even if it is not directly linked to the state they have a responsibility to prosecute those gangs and individuals."

What is being done to stop it?

Advertisement

Governments and international bodies are working to tackle the issues. Central bank regulators and financial crime investigators worldwide are also debating if and how cryptocurrencies, which are used to pay the ransoms, should be regulated.

What was the last major attack?

In the last week a crippling cyberattack that shut the largest fuel pipeline network in the United States. Colonial Pipeline paid nearly $5 million to Eastern European hackers Bloomberg News reported, citing two people familiar with the transaction.

The company paid the ransom in untraceable cryptocurrency within hours after the attack, according to the report. Colonial Pipeline declined to comment.

Whether targets of such attacks should pay to regain control of their systems is a matter of fierce debate. Critics contend that paying ransom encourages attacks.

The hackers provided Colonial Pipeline with a decrypting tool to restore its disabled computer network after they received the payment, but the company used its own backups to help restore the system since the tool was slow, Bloomberg News reported.

After a six-day outage, the top US fuel pipeline, which carries 100 million gallons per day of gasoline, diesel and jet fuel, moved some of the first millions of gallons of motor fuels on Thursday.

The shutdown caused gasoline shortages and emergency declarations from Virginia to Florida, led two refineries to curb production and had airlines reshuffling some refueling operations.

The FBI earlier this week accused a shadowy criminal gang called DarkSide for the ransomware attack. The group has not directly taken credit, but on Wednesday it claimed to have breached systems at three other companies.

 In October 2020 Eastern European criminals targeted dozens of US hospitals with ransomware, including in Oregon, California and New York. The FBI and Homeland Security officials subsequently led a conference for hospital administrators and cybersecurity experts.

What can be done to stop ransomware?

Criminals using ransomware to extort money don't always use the most sophisticated methods. Biden administration official Anne Neuberger said, for example, that the DarkSide ransomware was a "known variant" and said some breaches can be thwarted by making sure computer networks have installed up-to-date patches. - Reuters

Share this article
Advertisement