Share via Email

For the past five years, cyber attacks have impacted government agencies and businesses worldwide.  Intrusions into computer systems are designed to either elicit information either as an act of espionage or to acquire intellectual property or are intended to paralyze operations against payment of ransom.  State-sponsored cyber attacks are conducted on an ongoing basis with the U.S. experiencing intrusion into the computer systems of numerous federal agencies.  Hacking of banks and financial institutions in addition to the databases of private companies has yielded personal information used for fraud.

The most recent iteration of cybercrime involves encryption of data with demands for ransom to release a digital key to unlock files.  The side bar indicates the extent of malicious ransom attacks over the past two years.  It is obvious that many companies pay ransom without publicity, and it is difficult to access the magnitude of the problem.  It is estimated that R-Evil a Russian-affiliated criminal gang has gained more than $100 million in ransom from impacted companies.
 

In May, Colonial Pipeline was affected by a group self-named the DarkSide resulting in payment of a multimillion dollar ransom following a shutdown of refinery operations on the eastern seaboard.  The most recent serious attack occurred on Sunday, May 30th involving JBS USA affecting their operations in Australia, the U.S. and Canada.  JBS and their chicken counterpart Pilgrim’s Pride Corp. processes 200,000 cattle, 500,000 hogs and 45 million chickens each week and is one of the world's major protein suppliers.  According to information released, the company ceased operation in many facilities over two days until computer function was restored.  JBS cooperated with relevant government agencies and with the assistance of IT specialists apparently responded t0 the attack. The company maintained that backup systems allowed recovery without paying ransom and that data relating to suppliers, employees and customers was not compromised. In the event cooperation between JBS and government cyberagencies allowed the FBI to access the electronic wallet of the perpetrators and claw back 69 Bitcoin representing the ransom paid.

Those responsible for ransomware attacks appear to be of Russian origin either operating in the Russian Federation or in a nation previously part of the Soviet Union.  The possible involvement of state agencies in Russia in "commercial hacking" and manipulation of social media is currently not public knowledge but is possibly under scrutiny by government counter-cyber agencies.

It is difficult to accept that Russian cyber criminals could function without the awareness or even tacit acceptance of state agencies.  Accordingly, the Administration in concert with EU governments should apply appropriate pressure to convince the Government of Russia to stop harboring or tolerating cyber criminals. This subject will be raised in mid-June at a meeting between Presidents Biden and Putin.

Known Companies and Agencies Impacted by Ransomware

• Norsk Hydro, Norway.
• Reckitt-Benckiser, U.K.
• Merck Inc., U.S.
• Molson Coors, U.S.
• Siegfried Drugs, Switzerland.
• Brenntag Chemicals, Switzerland.
• Symrise Flavors, Switzerland
• Colonial Pipeline Co., U.S.
• JBS USA, U.S.
• Martha's Vineyard Ferry Service, U.S.
• FedEx, U.S.
• Hospital systems in the U.K., Ireland, and U.S.
• Various government agencies  and municipalities in the U.S. Ukraine and U.K.

Appropriate responses to ransomware attacks include strengthening protection and incorporating redundancy and backup in systems.  The question of banning payoffs that only embolden criminals has been considered.  Since organizations such as DarkSide and R-Evil are now targeting supply chains, hospitals and multinational companies, it is frequently more expedient to pay a ransom then suffer the disruptions as evidenced by the Colonial Pipeline event.  Central to the entire "business" of ransom attacks is payment in the form of cryptocurrency.  Governments must develop programs to limit the use of non-traditional payments to deprive cyber criminals of the means to generate income from their activities.

Cybercrime has extended from hacking companies for personal information and intellectual property to disruption of supply chains on a multinational level.  Whether the phase shift is or is not sanctioned by the government of the Russian Federation has yet to be determined. It is self- evident that appropriate pressure should be brought to bear on the Government of Russia to eliminate this scourge. Failure to do so should result in extreme sanctions and counter-cyber measures raising the spectre of an electronic cold war or worse.