Competing banks are cooperating more than ever before to beat cybercriminals.
As the number and sophistication of cyberattacks jumps, financial firms are sharing more threat intelligence with each other, according to the Financial Services Information Sharing and Analysis Center, a nonprofit group that facilitates the exchange of cybersecurity intelligence.
This collaboration has thwarted a number of attacks in the past year, bank executives say.
In September 2020, Santiago, Chile-based Banco Falabella became concerned it would soon come under attack by hackers.
Distributed denial of service attacks, which flood servers with traffic to shut down websites and applications, were rippling across the financial sector as part of a long-running extortion campaign. Meanwhile, certain criminal gangs were besieging Latin American companies in particular with ransomware attacks.
As ransomware attacks continue to wreak havoc on police departments, school districts and city and county governments, some state legislators say they’ve had enough.
At least three states—New York, North Carolina and Pennsylvania—are considering legislation that would ban state and local government agencies from paying ransom if they’re attacked by cybercriminals. A similar bill in Texas died in committee earlier this year.
Prohibiting ransom payments would help deter attacks because cybercriminals would know they couldn’t get paid and would have no financial incentive, the legislators say.
“If criminals know that Pennsylvania will not pay ransom, we are going to make ourselves a less likely target for these types of attacks,” said Republican state Sen. Kristin Phillips-Hill, who is sponsoring a no-ransom bill. “Our citizens’ personal information is on the line. We have to do everything we can to protect them.”
The Justice Department said on Monday that it had seized much of the ransom that a major U.S. pipeline operator had paid last month to a Russian hacking collective, turning the tables on the hackers by reaching into a digital wallet to snatch back millions of dollars in cryptocurrency.
Federal investigators tracked the ransom as it moved through a maze of at least 23 different electronic accounts belonging to DarkSide, the hacking group, before landing in one that a federal judge allowed them to break into, according to law enforcement officials and court documents.
The Justice Department said it seized 63.7 Bitcoins, valued at about $2.3 million. (The value of a Bitcoin has dropped over the past month.)
If you want to get Americans’ attention, hit their ability to drive. Panic buying and gas lines were quickly seen in the Southeast. Midweek, 71 percent of the gas stations in car-burdened Charlotte, North Carolina, were dry.
Ransomware takes control of a company’s or organization’s software or data until the owners make a payment. Even paying a ransom doesn’t guarantee the owners will get control again.
Initial reports said Colonial refused to pay ransom. But Colonial handed over nearly $5 million to the hackers. Bloomberg reports that the payment was in difficult-to-trace cryptocurrency. In exchange, Colonial received a decrypting tool to help restore its disabled network.
DarkSide, believed to be based in Eastern Europe, released a statement saying, “We are apolitical, we do not participate in geopolitics … Our goal is to make money, and not creating problems for society.”
But no one is safe from cybercrime, whether the attacker is a shadowy group or tied to a nation-state, whether they want money or data or to paralyze infrastructure. Whether the victim is an individual who opened an email containing malware or a leading technology company.
Colonial has acknowledged that its computer networks were hit by a ransomware attack — in essence, an attack in which a hacker or criminal group breaks in and encrypts the contents of a victim’s computers until a ransom is paid. And while the company has declined to say whether it has offered a ransom, the attack is focusing new attention on a potentially radical proposal to stem the growing threat posed by ransomware: making it illegal for targets to pay their attackers.
Callow says a ban is just part of the answer, and in its report, the ransomware task force said governments would need to ease the transition before moving to a world where ransom payments are prohibited. Changes would need to be phased in, it said, and allow time for governments to set up protection and support programs for victims. A bipartisan bill introduced last year in the Senate, for example, called for study into the creation of a federal fund to help support the recovery and response to significant cyber-incidents.
The clock may already be ticking — at least for some. In what is likely a first, the global insurance company Axa announced last week that it would stop offering policies in France that reimburse customers for extortion payments made to cybercriminals.
A ransomware gang that hacked the District of Columbia’s Metropolitan Police Department (MPD) in April posted personnel records on Tuesday that revealed highly sensitive details for almost two dozen officers, including the results of psychological assessments and polygraph tests; driver’s license images; fingerprints; social security numbers; dates of birth; and residential, financial, and marriage histories.
The operators demanded $4 million in exchange for a promise not to publish any more information and provide a decryption key that would restore the data.
“You are a state institution, treat your data with respect and think about their price,” the operators said, according to the transcript. “They cost even more than 4,000,000, do you understand that?”
“Our final proposal is to offer to pay $100,000 to prevent the release of the stolen data,” the MPD negotiator eventually replied. “If this offer is not acceptable, then it seems our conversation is complete. I think we understand the consequences of not reaching an agreement. We are OK with that outcome.”