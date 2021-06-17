Ransomware has made headlines in recent weeks after criminal hacking networks, temporarily linked to Russia, launched attacks on America’s main meat-packing plant JBS and the country’s largest fuel pipeline.

Joe Biden and his administration scramble to deal with the growing threat, press Vladimir Putin at a much-anticipated meeting on Wednesday to take action against rising ransomware attacks. Biden said he gave Putin a list of 16 areas mainly in critical infrastructure – which are prohibited for cyber attacks.

Ransomware has long been a cybersecurity threat to businesses and infrastructure, but experts say the problem has exploded in recent years. The last year has been particularly egregious, with ransomware victims in the United States paying nearly $ 350 million, according to the global security group Institute for Security and Technology, a 311% increase from 2019.

FBI Director Christopher Wray highlighted the startling figure during a congressional hearing. Ransomware alone, the total volume of amounts paid in ransomware has tripled in the past year, Wray said. We believe the cyber threat is growing almost exponentially.

Experts attribute the increase to a number of factors, but say one of the most critical has been the shift to remote working during the pandemic.

When you work from home, you are no longer behind castle walls, said John Hammond, cybersecurity researcher at security firm Huntress. You work with your own devices, away from the security perimeter of corporate networks.

Criminals have found an increasingly lucrative route in ransomware attacks, in which a hacker breaks into a corporate or government network and seizes data or systems, demanding payment for them. return. Employees on computers outside of office network security face more risk. Corporate networks typically only allow trusted devices to connect, reducing the risk of intrusion from outside actors or malware. They also often have stronger protections than the average consumer wifi network.

The transition to working from home has contributed significantly to the increase in successful ransomware attacks, said Israel Barak, chief information officer at security firm Cybereason. There are many more doors open to accessing networks now that employees are working remotely.

One of the largest ransomware hacks in recent months, on the Colonial pipeline, which shut down systems supplying 45% of the eastern United States’ fuel, has now been blamed on a network breach virtual private, commonly used by remote employees to connect to a corporate system.

VPNs are the safest way for employees to connect to a corporate network from their home, but they can pose their own risk if they are obsolete or do not use multi-factor authentication.

A spokesperson for Colonial Pipeline said the compromised VPN was an older model and not the VPN that employees were actively using to access the Colonial network remotely.

But experts say any time employees work offsite using their own networks, risks are involved. There was one number documented attacks on companies carried out via VPN access since the start of the pandemic, including on Japanese game developer Capcom and a European industrial company.

Stephanie Hinds, Acting U.S. Attorney for the Northern District of California, speaks about the Colonial Pipeline ransomware attack at a press conference. Photograph: Jonathan Ernst / UPI / REX / Shutterstock

In June 2020, the Ministry of Justice identified a Russian ransomware group which deliberately targeted people who worked from home during the pandemic to access corporate and government networks.

Business and government offices have a number of measures in place to keep bad actors out, said Joseph Carson, chief security scientist at the cloud security company. Thycotic. This includes secure internet routers with unique passwords, firewalls that monitor incoming traffic and keep threats out, and corporate devices with additional security in place.

Most of these protections are pretty much useless when devices have been moved to the public internet, he said.

While not a ransomware attack, the July 2020 Twitter hack was more directly attributed telecommuting. Hackers called several Twitter workers pretending to be IT employees and offered to help connect through the company’s virtual private network used by employees working from home. The 17-year-old hacker behind this heist raised $ 117,000 in bitcoin of the attack.

Security breaches in general have also increased over the past year. The vast majority of IT teams 82% have experienced an increase in cyber attacks in 2020, according to a survey from the security company Sophos.

Attacks are increasing not only because of working remotely, but as criminals organize themselves and ransomware attacks become easier to execute, said Rahul Telang, professor of information systems at Carnegie Mellon. The rise of cryptocurrency, easier to send online and less traceable than traditional money orders, has facilitated the trend.

Bitcoin has made it much easier for these people to mine money, he said. The combination of information security worsens dramatically with the rise of cryptocurrency.

Meanwhile, the House Homeland Security Committee recently brought forward several bills aimed at improving cybersecurity in the wake of the Colonial pipeline hack.

The Biden administration is also working to improve cybersecurity responses. He published a letter to business executives and business leaders on what the private sector needs to do to protect against ransomware threats, including practices such as multi-factor authentication, encryption, and skilled security teams. Companies were also urged to back up data and test systems on a regular basis.

The threats are serious and they are increasing, said Anne Neuberger, cybersecurity adviser to the National Security Council, in the letter. We urge you to take these essential steps to protect your organizations and the American public.