Ransomware has been the cynosure of the hacking fraternity for quite some time now and it shows no signs of ebbing given the mammoth impact it can make across countries as in the case WannaCry, critical infrastructure notwithstanding. It can make companies and governments come to a grinding halt. Hackers gained a foothold in the computer system of Norsk Hydro, a global aluminium provider, hacking 22,000 computers across 170 sites in 40 countries. Now Baltimore’s govt. faces the same predicament. It seems US city govt. agencies are under seize.
Paying ransom or not is a Catch 22 situation. Ransomware attack is a criminal attack for which law enforcement / investigative agencies don’t seem to have an answer. Norsk Hydro’s response is being described as the ”gold standard’ by law enforcement organisations. It’s been three months and the company is still many months away from full recovery. The cost incurred so far is 45 million pounds. Baltimore leaders are planning to use $10 million in excess revenues to pay for the costs for recovering ransomware attack seven weeks ago. There have been cases of $17/18 million spends, months of efforts and no full recovery.
Many companies and organisations are making the opposite choice now, see what is in store for them while law enforcement and IT security agencies remain bystanders. A town in Florida has paid $500,000 to hackers after a ransomware attack. Officials in Lake City voted to pay hackers in Bitcoin after suffering downed computer systems for two weeks. Very recently, coastal suburb, Riviera Beach, paid $600,000 to hackers in a hack which locked the municipal staff out of important files.
This is a very disturbing trend. There are instances of insurers paying ransom. Govts have been paying of late. The law enforcement agencies have nothing to offer. There is no cooperation, policy or mechanism at the highest levels. What does the hacked to? Struggle for months / years at end and financially bleed with succour in sight, or cough off. A crime with no state response.
THE JUNGLE GROWTH OF RANSOMWARE IS A CHALLENGE TO THE RULE OF LAW.