In October of last year, Trend Micro researchers predicted that 2016 would witness a spike in cyber extortion – and they were spot on. By all accounts, ransomware is on the rise. This has been particularly evident in health care, where multiple hospitals in the past few months have succumbed to crypto malware. One facility in Hollywood was left with no choice but to pay a $17,000 ransom to get its systems back online.
While ransomware has continued to wreak havoc, a different type of cyber pestilence has also made its presence known. In December 2015, several electrical companies in Ukraine were breached, resulting in power outages that affected hundreds of thousands of homes. The breach was highly orchestrated and likely took months of planning and preparation. To date, it marks the most successful cyber attack on the electric grid.
Both of these cyber threats are bad in their own way, but what happens when you combine the two? You'd think they're like apples and oranges, and while that's mostly true, a recent incident has brought them closer together – too close for comfort, in fact.
The Landing Board of Water & Light incident
Earlier this month, The Landing Board of Water & Light (BWL) in Michigan became the victim of a ransomware attack. Trend Micro noted in a recent blog post that the malware got on the network after an employee opened an email with the cyber threat attached. As a result, the encryption malware began spreading, forcing the BWL to shut down certain systems, including those used for accounting, email and phone communication for customer support.
The good news is that only the corporate network was affected, meaning light and water services were in no way disrupted. However, this does raise a significantly important question: What happens if they had been affected? In theory, the hackers responsible could demand a significant sum of money if the delivery of resources was in some way hampered.
The incident also serves to highlight the convergence of two important cyber security trends, the first being ransomware, and the second being the possibility of another breach of the electric grid. The BWL incident marks the second time in 2016 so far that a utility provider was affected by ransomware. The first incident occurred in January when the Israel Electric Authority was hit with ransomware, according to Computerworld's Darlene Storm. Like the BWL, the government department, which is responsible for ensuring the provision of utilities to residents, had to take some of its systems offline. Initial rumors that the attack had been "severe" were embellished. The grid was not affected.
Ransomware's rampage resumes
The severity of an attack on the electric grid cannot be overstated, mainly because of the possible implications. According to Storm, Lawrence Ponemon of The Ponemon Institute predicted that if cyberattackers managed to cut the power in New York City during a heat wave, thousands of people would die as a direct result.
While extraordinarily difficult to execute, there is no evidence to suggest that this type of attack couldn't happen – or that ransomware couldn't be involved in some way. Ransomware has already crippled schools, hospitals and now utility companies. Furthermore, ransomware, like any cyber threat is not a static thing. It's always changing. Take the recent example of Samsam, a form of crypto malware that's targeting users of unpatched JBoss middleware, which according to The Register's Iain Thomson comprises about 3.2 million servers.
Other nasty strains of crypto malware actually rob you as they extort you. Bitcrypt and CryptXXX both have the ability to siphon bitcoin from its targets, and also steal login credentials and other data. It makes us the miss the old days when ransomware just locked you out of your files and requested bitcoin. Now they just take it from behind your back as they openly extort you – the point being that ransomware isn't just getting more prolific. It's also getting more destructive.
One of the scariest things about ransomware is the fact that it's frequently delivered through one of the most commonly used electronic communication channels: email. From individual users to enterprises and now to critical infrastructure, all it really takes is one malicious message to cripple an entire network. As such, the best way to begin defending against ransomware more effectively is with email protection solutions that can detect threats in messages, sandbox them and prevent them from launching on computers – and it's better to start sooner rather than later.
Ransomware is becoming an increasingly pressing issue across all industries, and it's one that has continually surprised the world. Last year, the idea that criminals would be able to hold hospitals hostage without setting foot inside one or locking anyone in was all but unfathomable. Yet, it's happened multiple times and there's a good chance it will happen again.
Let's hope that the electric grid isn't next in line.