The ransomware threat in 2021 and beyond
Historians will have many adjectives to choose from when they decide how to describe 2021, but one thing we know will be a reflection point in many circles is the dramatic rise in ransomware attacks around the world. The term "ransomware" has truly entered itself into the public vernacular. And experts tell us that we can expect the term to remain in our common vocabulary for good. This year alone, high-profile ransomware attacks have crippled institutions in every corner of modern life. Academia, high-profile government agencies, law enforcement, critical infrastructure, major corporations, small businesses, and thousands of private citizens—all have been targeted with ransomware attacks in 2021.
But before we dive into the current cybersecurity environment, let’s pause to define what the term really means and how attacks take place. Generally speaking, a ransomware attack has happened when a malicious actor infiltrates a network, locks sensitive files, databases, hardware, software, or even infrastructure and then demands payment in order to restore normal functionality and accessibility. Some ransomware attacks are accepted to have been committed by state-sponsored cyber warriors. Other times, independent cyber crime collectives are to blame for attacks and seek only financial gain or increased infamy without claiming any geo-political motivation. Ransoms can be demanded in any number of ways but the proliferation and increasing stability of cryptocurrency has made collecting ransoms a much less risky notion for attackers as they most often demand payment in encrypted form.
The official guidance on dealing with a ransomware attack is that the government does not support paying ransoms. After all, as the FBI warns, paying a ransom does not guarantee you or your organization will regain any lost data. With that said, businesses large and small often make the difficult decision to pay their attackers rather than risk halting operations for an unknown period of time. In fact, the insurance company CNA Financial paid a $40 million ransom in March after an attack on its network—an all-time record sum. But not all ransom demands are for such staggering amounts (the average ransom in 2020 was about $200,000), which is why some groups ultimately calculate that the risk of confronting their attackers and potentially losing data for extended periods of time is greater than the pain of capitulating and paying.
Now that we have a better sense of where attacks come from and what kinds of demands can accompany a ransomware attack, let’s take a look at the landscape today as it relates to cybersecurity and ransomware specifically. According to NSA Director, Gen. Paul Nakasone in comments made in early October at a cybersecurity conference, in five years’ time, Americans should expect to be facing ransomware attacks “every single day”. Just this year alone, ransomware attacks have already increased by 300% according to Homeland Security Secretary Alejandro Mayorkas. In a speech he made in May of 2021 he urged every person to, “Inform oneself. Educate oneself and defend oneself.”
The prospect of these rapidly increasing attacks seems a bit gloomy, but there is good reason to feel optimistic. While we certainly should not celebrate the $20 billion projected in worldwide ransoms paid this year, the heightened awareness around the threat has led to significant innovation and meaningful change in global government and among private sector cybersecurity leaders like Leidos. For example, in May, President Biden signed a wide-ranging executive order addressing cybersecurity from a number of different angles, including combating the threat of ransomware attacks. This Executive Order outlines requirements in three stages: 60 days from its signing, 90 days from its signing, and finally, 180 days out from the EO becoming law in May. The final stage requires full compliance with several protective measures that comes due in mid-November of 2021. While some industry observers may cry, “long time coming”, this EO is a clear signal to friend and foe alike that the United States is increasing pressure on cyber criminals.
President Biden hosted a two-day virtual ransomware summit with 30 other nations in early October. While it did not go unnoticed that neither China or Russia were invited to participate, administration officials do report that separate and candid discussions on the topic are ongoing with both of those governments. While it remains to be seen what results or policies will emerge from this summit, it was the largest international gathering on the matter and the first dedicated summit at this level of government on the threat of ransomware around the world.
Encouraging signs from the summit came in the form of a handful quotes made to the international press. Gen. Karel Řehka of the Czech Republic said of the ransomware threat, “It can no longer be regarded as a criminal activity only.” Yigal Unna, Director of the Israeli National Cyber Directorate revealed during the summit that his government was in the midst of a serious ransomware attack on a major hospital in his country. Finally, American deputy national security advisor Anne Neuberger, said, “Ransomware is a really good example of a transnational threat.” When asked by NPR about a recent successful sting operation in Ukraine run by the FBI and other international law enforcement agencies targeting a group of cyber-criminals, Neuberger said, “these are exactly the kind of efforts we have in mind.”
Finally, the private sector has a large and important role to play in protecting sensitive networks from ransomware attacks. On one hand, private companies are asked to be responsible stewards of their own networks and data and take responsibility for their own safety. In fact, in June 2021, the White House issued an open letter to corporate executives and business leaders urging them to take a number of actions right away to protect themselves and their customers. In the letter, Neuberger lists six steps private companies can take today to improve their ability to withstand or recover from attacks, for example:
- Implement the five best practices from the President’s Executive Order
- Backup data, system images, and configurations, regularly test them, and keep backups offline
- Update and patch systems promptly
- Test your incident response plan
- Check security team’s work with 3rd party testing groups
- Segment your networks
While these best practices are certainly applicable to companies like Leidos, we have a slightly different role to play in the fight against cyber crime. As a provider of many critical protective measures in the cyber space, it's our job to help organizations protect their most critical networks, too.
While cybersecurity has been a major pillar of Leidos’ business for many years, we have made some recent investments and strategic decisions that demonstrate our commitment to remaining leaders in a space that requires constant innovation. In summer 2021, we gathered our top cyber talent and created the Cyber Accelerator—an internal think tank that is guided by a mandate to keep our customers ahead of evolving threats and be reliable experts and key figures in the global effort to combat cybersecurity threats like ransomware attacks.
Leidos is also a leader in concepts like Zero Trust that are both theoretical and actionable approaches to protecting critical networks. Zero Trust is a truly tectonic shift in cybersecurity thinking and suggests that the days of focusing on keeping threats outside the perimeter should be left in the past. Instead, the Zero Trust philosophy tells us to consider anyone accessing a network to be a potential threat and puts in place multiple points of verification and validation inside a given environment.
Lastly, Leidos is committed to attracting and retaining the most gifted and diverse cyber talent in the industry. We are proud to have alumni as well as current staff from the top academic institutions in the world as part of our cyber team as well as former members of every branch of the armed services and intelligence community. With our Cyber Edge Academy, we are committed to supporting both skill and career growth and allowing our culture of diversity, inclusion, mission, and innovation to influence everything we do.
To learn more about how Leidos can help prevent and respond to ransomware attacks, visit Leidos.com/cyber.