The problem with ransomeware, says the administrator of XSS, a popular Russian-language online forum focused on cybercrime, is that it has given holding things for ransom a bad name.
“Ransom” the administrator wrote, “has become associated with a whole series of unpleasant things — geopolitics, blackmail, government cyberattacks. This word,” the administrator says, “has become dangerous and toxic.” Clearly the administrator is holding onto a childhood attachment to the myth of Robin Hood the nice demander of ransoms.
But it’s not the word “ransom” that’s becomes “dangerous and toxic.” It the reality of ransomware… slipping a digital spanner into the works of the systems that operate everything from an NBA basketball team in Houston to hospitals in California, Vermont and Ireland and — perhaps most famously — pipelines and police departments, and then demanding money to make things work again.
We’re not just talking about millions of dollars here, but huge human impacts. The ransomware attacks in Ireland and Vermont paralyzed health services in the midst of the pandemic. Had Colonial Pipeline not paid its ransom (estimated at $5 million), government estimates are, within three to five days the shutdown could have paralyzed much of the American economy. No fuel on the East Coast would have stopped transportation, which would in turn have stopped manufacturing, which is dependent on trains, planes and trucks to distribute its products.
“The good news,” said the ransom demand sent to the Irish National Health Service, “is that we’re businessmen. We just want money.” For the ransomers, the bad news was that the Irish government stiffed them, said they’d rather pay more money to build a new digital network than reward criminals.
Hard times for the hackers who call themselves Wizard Spider, and for the hackers called DarkSide, who got their money from Colonial Pipeline and then disbanded, “under pressure,” they said from the U.S. government.
What, exactly, that means is perfectly unclear; as is what happened to DarkSide’s ill-gotten gains. Cyber sleuths say $5.6 million disappeared from DarkSide’s Bitcoin wallet, but can’t say where it went or who took it.
What is widely said of both Wizard Spider and DarkSide and Babuk — which hacked the Washington D.C. Metropolitan Police Department — is that these cybercriminal gangs reside in, and may receive government protection from, Russia.
Since the start of 2021, as White House leadership has transitioned from Donald Trump to Joe Biden, 26 government agencies have been hit by ransomware attacks. And, in 16 of them the extortionists haven’t just held data hostage, but they’ve leak it online when victims refused to pay. Ask the D.C. Metro cops about what that’s meant. And ask Joe Biden if he takes this Russia-based cyber-offensive personally.
Nicole Perlroth is an award-winning cybersecurity journalist for The New York Times, where her work has been optioned for both film and television. Her new book is This Is How They Tell Me the World Ends: The Cyberweapons Arms Race. She is a regular lecturer at the Stanford Graduate School of Business and a graduate of Princeton University and Stanford University. She lives with her family in the Bay Area, but increasingly prefers life off the grid in their cabin in the woods.