Ransomware is a profitable enterprise: Who's next? How do we stop this?

Hospitals, health care systems, schools and government have been cyberattack targets

If it seems like complex cyberattacks are happening more often and on a larger scale, that's because they are, according to cybersecurity experts.

Most recently, Brazil-based JBS, the world's largest meat producer, was forced to shutter all of its U.S.-based beef plants as of Tuesday while responding to a cyberattack. In early May, another cyberattack on the Colonial Pipeline caused gas shortages up and down the East Coast before the company paid a $4.4 million ransom.

U.S. hospitals and health care systems, as well as public schools and government systems, were also frequent targets of cyberattacks in 2020 and 2021, highlighting the need for U.S. companies and government institutions to step up their cybersecurity infrastructure. 

BIDEN ADMIN WARNS RUSSIA ‘RESPONSIBLE STATES’ AREN'T REFUGES FOR ‘RANSOMWARE CRIMINALS’ AFTER JBS ATTACK

"Anything that has that supply chain where the threat actors can create more interruption — those become the targets," Mark Ostrowski, head of engineering on the East Coast for cybersecurity firm Check Point Software, told FOX Business. 

When asked for specific industry examples, Ostrowski named the health care industry as the most vulnerable sector. But the tech expert also cited the utility industry, including pipelines and water infrastructure; the insurance industry, and in particular, cyber insurance; and state and local government and education.

He added that even the "election supply chain" is at risk, especially toward the end of an election cycle.

COLONIAL PIPELINE HACKER DARKSIDE REAPED $90M FROM 47 VICTIMS

He added, however, that any company is at risk of becoming the target of a cyberattack if it does not have proper protections in place as ransomware attacks are becoming a popular method for hackers to make money off of cyber-vulnerable companies and institutions.

"Creating an interruption is one thing," Ostrowski said, "but you and I both know the goal of all of these attacks is to gain monetary benefit. If you can get someone to pay the ransom and at the same time, you're creating an interruption…to the general public, that bolsters a response from the organizations to pay."

Hackers are making hundreds of millions of dollars every year from ransomware attacks, he said.

COLONIAL PIPELINE CYBERATTACKER ‘DARKSIDE’: WHAT TO KNOW

Many ransomware attacks begin with "phishing" — a tactic some threat actors use to trick people into giving up personal information or clicking on links infected with malware by posing as real companies or people in malicious emails or text messages. This tactic gives hackers access to a company's or individual's systems, allowing them to threaten companies and receive hefty ransom payments in return for control. 

Sometimes paying a ransom, which does encourage threat actors to continue illegal behavior, is the best option for companies to regain control of their systems when it is causing an interruption that affects the public, Ostrowski said. In the case of the Colonial Pipeline, Ostrowski said it was able to recover quickly from the attack after paying ransom. 

"They want to figure out the quickest pathway to resolution, so at that moment in time … how do you get to restoring your organization as back as soon as possible? Oftentimes, paying the ransom is the quickest way out," he said. 

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Most ransomware threat actors follow through on their promises to restore cyber interruptions after a ransom is paid, because otherwise, companies and organizations would have no incentive to actually follow through on payment demands.

"I know it's kind of counterintuitive because these are ‘bad groups,’ but the idea of giving the encryption keys in an event like this is actually the way it's supposed to be because they know that next time, if it's been publicized that they actually didn't give the keys to do the [recovery] process, they're even less likely to get a payment," he said.

CLICK HERE TO READ MORE ON FOX BUSINESS

The two main steps companies and other organizations can take to prevent ransomware attacks are: invest in education and cybersecurity technology. As part of the latter, companies need to make sure that if companies are not patching technology and keeping systems up to date "that they have enough preventative measures in place to stop these threat actors from actually gaining access to vulnerabilities and then creating exploits, which then gives them access to systems to be able to deploy ransomware," Ostrowski said.

"These are solvable problems that should be prevented with today’s technology," he continued.

The Biden administration last week said in May planned to launch a task force aimed at cracking down on hackers responsible for ransomware attacks after the Colonial attack.