This was published 3 years ago
Pirates of the cyber seas: How ransomware gangs have become security’s biggest threat
Cyber security experts, ex-military officials and some politicians are pushing for ransomware gangs to be treated not as hackers but like “pirates” of the past, in a rethink of how to best counter their growing threat to businesses, industries and society.
The shift recognises the way ransomware gangs are used by authoritarian nations to mount sustained attacks on Western businesses and sectors, a new dimension in the ongoing contest between strongmen and democracies.
Tim Watts, shadow assistant minister for communications and cyber security, calls ransomware gangs “modern-day” pirates. He wants aggressive coordination between international law enforcement, targeted sanctions, even cyber operations aimed to disrupt the gangs, in an effort to close the gaps being exploited by cyber criminals.
“The bulk of the ‘solution’ here is not technological, but instead policy, regulation, law enforcement, diplomacy and then a bit of offensive cyber,” says Watts.
For years, ransomware attacks were treated as a subset of hacking. The liability of such intrusions was considered a cost of doing business – one whose responsibility sat squarely on the business’s shoulders.
But things have changed.
In a decade, ransomware software has grown from a tool by hackers to extort individuals for hundreds of dollars, to an underworld service-for-hire among criminals to shakedown entire industries for hundreds of millions. Cryptocurrency, meanwhile, has proven an ideal means of paying ransom to shadowy gangs across borders.
JBS food processor in Australia and the US was hit by ransomware gang DarkSide in May, leaving about 7000 meat workers out of work until the company could develop a workaround. In the US, a DarkSide ransomware attack halted petrol to the east coast. The Clop ransomware group was reportedly behind the December attack Transport for NSW.
All of the gangs are based in Eastern Europe but the Kremlin won’t extradite or prosecute these gangs as long as they don’t attack Russian interests. The political protection they enjoy allows the growing industry of cyber criminals to operate with impunity, costing businesses as much as $3.4 billion in ransom and downtime in Australia in 2020, cyber security company Emsisoft reports.
Meanwhile, the frequency of attacks has increased during the pandemic with hospitals, most recently finding themselves under attack during COVID-19.
To date, the most common designation for a hacking group is “advanced persistent threat” - a term that denotes a sophisticated team, often linked to a government. The famed Russian hacking group Fancy Bear is also known as APT 28.
Because of the changing nature of ransomware, now even information security researchers are reconsidering how to view the problem. Cisco Talos Intelligence Group has proposed a new classification for the groups, a term that is taken directly from the pirate days: privateer.
“We believe it’s time to recognise that a new category can be defined, one where the ransomware syndicates enjoy some kind of protection from governments, even if not intentionally.”
Pirates with papers
Talos proposes the term “privateers … to describe actors who benefit either from government decisions to turn a blind eye toward their activities or from more material support, but where the government doesn’t necessarily exert direct control over their actions.”
Watts agrees with “privateer” designation.
A privateer, or “a pirate with papers”, in the 18th Century worked similarly. They were “commissioned by governments to carry out quasi-military activities”, according to Britannica, robbing and pillaging all who they crossed – as long as they weren’t from their sponsoring country.
There’s political history too.
In the 1700s the Spanish navy dominated the seas until a poorer and weaker Britain came along and overwhelmed it by giving pirates the protection “to act on its behalf without official sanction”.
“The use of privateers allowed states to project maritime power beyond the capabilities of their regular navies,” Britannica writes.
Today ransomware gangs in Eastern Europe or North Korea extend the power of those countries deep into targeted democracies. With political cover at home, the gangs are free to go after Western business which also serve the political goal of Moscow or Pyongyang, which see themselves at war with democracies and their economic dominance.
As technology advances and the cost to business spirals, the economics of the threat become more favourable to the criminals.
Robert Potter of Canberra-based cyber security company Internet 2.0 says approaching ransomware gangs as privateers “is a good idea especially if it involves intelligence sharing and working directly with law enforcement”.
His company has already been working with law enforcement to break up ransomware gangs through intelligence sharing.
The Australian Federal Police’s Cybercrime Operations is expected to form a ransomware taskforce to co-ordinate efforts against the gangs. The Australian Cyber Security Centre and the Australian Criminal Intelligence Commission will likely have a role in the effort.
Some experts think Western governments should recast their relationships with business in a way that essentially mirrors the wider links between ransomware gangs and their governments.
Retired US Army major general Thomas Ayres wrote last month that “today’s pirates sail the cyber seas” in their search for riches by ransom or theft.
“Recent destructive hacks have proved that federal action alone can’t protect the cyber infrastructure” Ayres wrote.
He calls for the US government to give companies targeted by ransomware immunity to lawsuits for data loss in exchange for helping mount a rapid response.
He wrote last month that “the time has come to ...enlist and arm private corporations to defend their interests” and those of a country.
Such a bold move would essentially convert companies into a fleet to fight off ransomware gangs.
America’s chief cyber agency, the National Security Agency, this week opened a Cyber security Collaboration Centre to develop deeper ties with private sector and learn about active hacking campaigns from US companies that are continuously under attack.
As the politics around ransomware attacks evolve, the innovative use of technology to wreak havoc on Western industries by strongmen nations is poised to accelerate.
US FBI Director Christopher Wray in recent testimony warned “the scale of this is something I don’t think the country has ever seen anything quite like it, and it’s going to get much worse”.
That’s already proving true in Australia.
The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.