This week three Alabama hospitals were forced to turn away “all but the most-critical new patients” after a ransomware attack infected their computers. This news broke shortly after the FBI on Wednesday officially warned U.S. businesses and organizations of the increasing threat posed by ransomware cyberattacks.
The FBI noted that the attacks, in which hackers hijack computer systems or websites and demand cryptocurrency payment to release them, are “becoming more targeted, sophisticated, and costly.”
The Alabama ransomware attack infected computers at DCH Regional Medical Center, Fayette Medical Center, and Northport Medical Center, all of them operated by DCH Health System.
DCH released the statement: “Patients who have non-emergency medical needs are encouraged to seek assistance from other providers while DCH works to restore our systems… At this time, we have no indication that any data has been misused or removed from our system. However, we are committed to completing a full forensic investigation following resolution of this outage.”
The FBI warning followed attacks on more than 20 Texas small towns and other entities, and attacks on multiple school districts in Louisiana that led Gov. John Bel Edwards (D) to declare a statewide emergency, reported The Hill.
The governments of Baltimore and Atlanta have also been hit by ransomware attacks over the past year, with both cities refusing to pay the attackers and instead paying millions to recover from disruptions.
The FBI recommended that any entities falling victim to a ransomware attack should not pay the ransom, citing concerns about “emboldening” the individuals to target other groups with the same virus. “Paying the ransom also does not guarantee that the system will be decrypted.”
It is crucial that businesses and governments refuse to pay ransoms not only to prevent the spread of this practice but also because some ransomware attackers could have links to terrorist groups, said Professor Adam Wandt, an assistant professor of public policy and member of the full-time faculty of the Department of Public Management at John Jay College in New York City.
“These ransoms are possibly funding terrorism activities,” said Wandt, who lectures on cybercrime and has published research on it.
In an opinion-page piece written for The Washington Post in the throes of the Baltimore attack, Tyler Moore, the Tandy associate professor of cybersecurity at the University of Tulsa in Oklahoma, wrote that paying these ransoms “could fund rogue nation-states or terrorist organizations. The source of the Baltimore attack isn’t known yet, but others perpetrators are known — for instance, U.S. intelligence agencies have identified North Korea as the source of some attacks.”
Paying the ransoms is not illegal, though there is some support for making it so.
The FBI said, “Regardless of whether you or your organization have decided to pay the ransom, the FBI urges you to report ransomware incidents to law enforcement. Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks.”
Ransomware has targeted at least 621 entities this year through September, reported CBS News. The targets include hospitals, health care centers, school districts, and cities, as well as businesses.
Some cities are girding themselves for possible cyber attacks.
Earlier this year, Manhattan District Attorney Cyrus Vance and New York City Police Commissioner James O’Neill announced the launch of the New York City Cyber Critical Services and Infrastructure, or CCSI—a formal partnership between those two agencies, the New York City Cyber Command and the Global Cyber Alliance. Vance said in the Wall Street Journal that it would “allow us to build a ring of steel around the city’s critical services and infrastructure. This is comprised of 17 sectors, including emergency services, water systems and nuclear reactors.”
In July of this year authorities from New York conducted a “digital fire drill” to see how critical infrastructure would hold up during a security breach.
Congress has taken steps to address cyber attacks, including the passage by the Senate last week of legislation to strengthen cyberattack assistance for both federal agencies and the private sector.
The FBI statement said “the most important defense for any organization against ransomware is a robust system of backups. Having a recent backup to restore from could prevent a ransomware attack from crippling your organization. The time to invest in backups and other cyber defenses is before an attacker strikes, not afterward when it may be too late.”
Moore wrote in The Washington Post, “The concept of ransomware is not new, going back at least to 2006, yet it did not become pervasive until a reliable and relatively anonymous form of online payment became available to cybercriminals in recent years. It turns out cryptocurrencies, most notably bitcoin, are well-suited to the task.”
“Criminals can unilaterally establish accounts for receiving extortion payments, bypassing the traditional financial system and making it much harder for law enforcement to deter attacks and catch perpetrators,” according to Moore.