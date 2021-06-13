Ransomware attacks: How should the U.S. respond?

Patricia Mah
·Editor
·5 min read

“The 360” shows you diverse perspectives on the day’s top stories and debates.

What’s happening

Ransomware attacks are increasingly targeting companies’ computer systems, demanding money in exchange for returning access and data.

Last month, hackers breached Colonial Pipeline — which supplies 100 million gallons of fuel daily along a 5,500-mile pipeline — and gained access to its business networks. In response, Colonial shut down pipeline operations, which led to nearly a week of widespread fuel shortages along the East Coast.

The CEO of Colonial Pipeline testified before a Senate committee last week, explaining his decision to pay a multimillion-dollar ransom to regain access: “I made the decision to pay,” Joseph Blount told members of the Senate Homeland Security Committee. “I put the interests of our country first.” The Department of Justice ultimately recovered $2.3 million of the $4.4 million cryptocurrency ransom that Colonial paid to the group DarkSide.

Other companies hit with attacks include meat supplier JBS, insurance company CNA Financial, McDonald's, hospitals and transportation providers. The Teamsters were targeted in 2019 but reportedly refused to pay a seven-figure ransom.

Why there’s debate

The United States suffered 65,000 ransomware attacks last year, according to one cybersecurity firm, and hacks like these are now considered a risk to national security. Attacks on businesses and government networks have led to concerns about the safety of U.S. infrastructure, utilities, food supplies, medical care and personal and financial information.

The FBI’s guidance is that victims shouldn’t negotiate with or pay their cyberattackers. Supporters of this stance say ransom payments encourage criminal behavior by creating a business model for it. Some argue there even should be an official ban on paying off the attackers.

However, critics say a ban could also discourage reporting of ransomware if some companies still pay. They argue that if crucial infrastructure or medical systems are breached, those institutions cannot simply stop operations. Smaller companies, local governments and schools can be particularly vulnerable without the clout or financial resources of larger firms.

Some also point to cryptocurrency as a big reason attacks have proliferated. Anonymous digital payments mean hacking can be easier and more profitable than before, they argue.

What’s next

The attacks on Colonial Pipeline and JBS have been linked to Russian-based groups. President Biden is scheduled to meet with Russian President Vladimir Putin in Geneva on June 16, and the topic of ransomware attacks is expected to be discussed.

The proliferation of these crimes has given rise to an industry to help businesses respond to online threats, while insurance carriers are rethinking whether to offer cybercrime policies. In the meantime, cybercriminals are evolving their tactics and targets.

Perspectives

Cyberattacks need to be treated as a national security issue

“Russia and China can be counted on to assess how our relatively weak cybersecurity posture can be exploited, either directly or through cooperative criminal proxies, to inflict very real and very dangerous damage to existential services such as power, finances and transportation. We are at a pivot point. Cybersecurity is becoming a greater national security imperative.” — Kevin R. Brock, The Hill

Payments for ransomware should be illegal that will deter attacks

“If it were illegal to pay any ransomware demands, insurance companies and victims of these hacks would stop doing it. If no one paid to satisfy the hackers’ demands, eventually the ransomware would stop, at least in the U.S.”

— Richard A. Clarke and Robert K. Knake, New York Daily News

Banning ransomware payments will make things worse

“In the world we do live in, banning payments would almost certainly result in a pretty horrific game of ‘chicken,’ whereby criminals would shift all their focus towards organizations which are least likely to be able to deal with downtime — for example hospitals, water-treatment plants, energy providers and schools.” — Rapid7 community and public affairs vice president Jen Ellis to BBC

There’s no guarantee that paying hackers will let firms get all their data back

“There are plenty of reasons why security experts say you shouldn’t pay the ransom to get them back. A particularly compelling one that high-profile victims have learned lately: Decryption can be so painfully slow that it doesn’t offer a practical path to recovery.” — Lee Mathews, Forbes

U.S. government needs to create an organization to address cybersecurity

“We need an approach within the government — specifically, one organization, headed by the new national cyber director, with three separate units: one focused on strengthening public-private partnerships, one focused on offensive and defensive operations, and one focused on intelligence-collection, analysis and sharing.” — Sean Joyce, Washington Post

Public-private partnerships are needed to deal with cyber threats

“Private sector entities will benefit from early warning and intelligence from government partners to see threats over the horizon, which will allow them to shore up defenses in advance of an attack. In turn, the U.S. and allied governments can benefit from increased transparency from the private sector when attacks materialize.” — Christopher Roberti, CNBC

Cryptocurrency is fueling rise of these attacks and should be banned

“There is a simpler and more effective way to stop the ransomware pandemic: Ban cryptocurrency. Ransomware can’t succeed without cryptocurrency. The pseudonymity that crypto provides has made it the exclusive method of payment for hackers. It makes their job relatively safe and easy.” — Lee Reiners, Wall Street Journal

We need a ‘whole society’ approach

“We need a national response strategy that facilitates signal sharing, reduces likelihood of payment, and clarifies reporting channels and support options for affected entities. The strategy would build resilience by supporting organizations of all sizes in preparing for ransomware attacks, promote good digital security, and provide incentives for minimum cybersecurity for critical infrastructure.” — Camille Stewart, CNN

Regulation is needed to protect critical infrastructure

“America’s critical infrastructure cybersecurity must be regulated by trained and knowledgeable cybersecurity experts in the same way that environmental concerns are regulated by the EPA’s trained and knowledgeable environmental scientists or pharmaceutical safety is regulated by the Food and Drug Administration’s trained and knowledgeable health professionals.” — Anthony J. Hendricks and Jordan E.M. Sessler, Dallas Morning News

Cybercriminals are evolving their types of attacks

“What this means for the average person is that you should start preparing for occasional disruptions in your daily life, from supplies at the grocery store to energy, water, banking services, and any connected device you rely on.” — Jason Glassberg, co-founder of cybersecurity firm Casaba Security, for Yahoo Finance

Is there a topic you’d like to see covered in “The 360”? Send your suggestions to the360@yahoonews.com.

Read more “360s”

Photo illustration: Yahoo News; photos: Getty Images

Recommended Stories

  • A family held a funeral for a stranger while their grandfather was still alive in hospital, report says

    Grigory Vasilyev, who suffered a stroke, was believed to be dead after a nurse reportedly swapped his bed with that of another patient, at a hospital near Moscow.

  • Biden, G-7 leaders to focus on China in second day of summit

    Senior administration officials said that Biden hoped to provide a "positive alternative vision for the world" to contrast with China's growing influence.

  • 3 Things New Investors Should Do in a Bear Market

    Bear markets are tough on all investors, but they can be especially nerve-wracking for new investors who are still learning the ropes. If you're new to investing and aren't sure how to handle a market crash, try some of these tips. In fact, trying to sell your investments off quickly before you lose more money or buying more feverishly to try to make up for your losses could just create more problems for you.

  • Senate Infrastructure Deal Faces Questions From Biden, Lawmakers

    The White House said Thursday evening that it had been briefed on the infrastructure agreement emerging from a bipartisan group of 10 senators but had questions about the details of the deal, leaving it unclear whether President Joe Biden will support it. It’s also not clear whether the “compromise framework” tentatively agreed to by five Republicans and five Democrats can garner enough support among other lawmakers to ensure its passage. “The president appreciates the senators’ work to advance

  • EMA official says AstraZeneca shots have good risk-benefit profile for over 60s

    The head of the EU drug regulator's COVID-19 task force said on Sunday that AstraZeneca's coronavirus vaccine had a favourable risk-benefit profile for all age groups and particularly for those aged over 60. Italian newspaper La Stampa earlier quoted European Medicines Agency (EMA) task force chief Marco Cavaleri as saying countries should avoid giving the vaccine to people aged over 60 in addition to younger age groups, amid fears over fears over very rare blood clotting and as alternative vaccines become available.

  • Trump-Era DOJ Sought Data on White House Counsel, Times Reports

    (Bloomberg) -- The Justice Department subpoenaed data from Apple Inc. of Donald McGahn, who was then serving as White House counsel, and his wife in early 2018, the New York Times reported. The report was the latest instance of alleged actions by the Justice Department during the Trump administration to secretly obtain information. Records of at least two House Democrats and members of the news media were also sought as part of investigations into leaks, according to recent reports. Spokespeople

  • Letters to the Editor: Busting myths about California's new math curriculum proposal

    The president of the State Board of Education says the new proposed math curriculum would serve as a guide, not as a set of mandates.

  • From ‘Starfield’ to ‘Halo Infinite’: Everything Announced at the Xbox & Bethesda Games Showcase at E3

    Xbox’s highly anticipated E3 showcase, the first since Microsoft’s $7.5 billion acquisition of Bethesda, took place on Sunday, showering fans with a torrent of gaming announcements. Specifically, the showcase shared details on 30 titles, 27 of which will be available on Xbox Game Pass. From the announcement of new Bethesda franchise “Starfield” to more details […]

  • War reduced parts of Gaza to rubble. It's his job to take it away

    Mahmoud Abu Jubbah and his family have the grim task of clearing the aftermath of war, removing what's left of homes, offices and personal belongings.

  • AG Garland says the Justice Department will double staff to fight voter suppression

    Attorney General Merrick Garland said Friday that the Justice Department will dramatically increase its focus on preventing voter suppression by doubling the number of lawyers in the civil rights division, in response to a rash of laws that have made it harder to vote in many states.

  • New details emerge on origins of COVID-19

    Dr. Ashish Jha and ABC News contributor Tom Bossert break down the latest reporting on how COVID-19 began and the state of the pandemic today.

  • Dad dies after jumping in NC lake to give son, friend his life jacket, officials say

    The boys “appeared to be struggling” after jumping from a float.

  • Christian terrorist who mowed down Muslim family ‘was laughing’ as he got out of blood covered truck

    killer is said to have told taxi driver to film his arrest

  • Tourist visiting Florida charged with hate crime for attacking Asian family

    Man told Asian family to “go back to where they came from” while vacationing in Florida among rise in hate crime towards AAPI communities

  • EU and UK's 'sausage war' sizzles at G7 as Macron and Johnson spar

    CARBIS BAY, England (Reuters) -Growing tensions between Britain and the European Union threatened to overshadow the Group of Seven summit's conclusion on Sunday, with London accusing France of "offensive" remarks that Northern Ireland was not part of the United Kingdom. Ever since the United Kingdom voted to leave the European Union in 2016, the two sides have been trying to work out how to deal with post-Brexit trade and the British province, which has a land border with EU member Ireland. Ultimately, the talks keep coming back to the delicate patchwork of history, nationalism, religion and geography that intertwine in Northern Ireland, but the latest spat over the Brexit divorce deal is centred on sausages.

  • Merrick Garland vows to challenge GOP threats to voting rights

    With Biden administration under pressure to combat voter suppression, attorney general condemns baseless voter fraud narrative and ‘abnormal’ audits that undermine voters

  • Biden stresses at G7 that economic recovery can’t happen until Covid pandemic ends

    Biden pushes ‘climate-friendly’ global recovery, while warning more action need on Covid-19

  • UK-EU Brexit spat over N Ireland clouds G7 leaders summit

    Turbulence from the divorce between the U.K. and the European Union provided an unwanted distraction at the Group of Seven summit taking place in southwest England, with British Prime Minister Boris Johnson saying Saturday that post-Brexit agreements will fail if the EU continues to take a “theologically draconian” approach to the rules. Afterwards, the prime minister claimed the EU was not taking a “sensible or pragmatic” approach to post-Brexit arrangements, and he threatened to use an emergency clause to suspend agreed upon rules if the bloc did not compromise. Britain and the EU are locked in an escalating diplomatic feud over Northern Ireland, the only part of the U.K. that borders the 27-nation bloc.

  • Gas explosion in central China kills at least 12

    At least 12 people were killed and 39 seriously injured Sunday after a gas line explosion tore through a residential neighborhood in central China. Responders to the early morning blast in the city of Shiyan in Hubei province sent more than 150 people to the hospital, according to officials quoted by state media. Stall keepers and customers buying breakfast and fresh vegetables at a food market were the majority of victims when the explosion hit shortly after 6 a.m., according to the reports.

  • Israeli police say woman with knife shot dead in West Bank

    Israeli police said a Palestinian woman carrying a knife ran toward an Israeli military checkpoint on Saturday and was shot dead by a private security guard. The shooting took place at the Qalandiya checkpoint near Jerusalem, one of the largest in the occupied West Bank. Police said the woman, identified as a 28-year-old resident of a West Bank refugee camp, had ignored calls by the guard to stop.