The ongoing ransomware threat continued to capture headlines in 2021, with sophisticated attacks shutting down key sectors of the U.S. economy. A stepped-up federal response, drawing upon public and private sector resources, has been rolled out by the Biden Administration.
What happens in a ransomware attack?
In a successful ransomware attack, criminals (typically referred to by privacy professionals as “threat actors”) begin their attack by quietly finding a virtual open door into a victim’s computer network, such as a vulnerability in the victim’s remote connection tools. Once inside, the threat actors move about the victim’s network undetected, learning as much as they can about the network’s configurations and, in many cases, where “monetizable” or other valuable or irreplaceable information is stored. After surreptitiously extending their reach to as much of the victim’s network as possible, the threat actors often steal a copy of data identified as valuable, just before deploying malware that causes all files within its reach to be rendered unreadable (i.e., to be “encrypted”). The threat actors typically drop a virtual ransom note on affected devices, declaring to the victim that it has been attacked and instructing the victim to contact the threat actor and make payment if it (1) ever wants to see its data again, (2) ever wants to re-start or unencrypt frozen data or systems, and/or (3) does not want its sensitive data published on the Dark Web. Although scenarios and outcomes can vary widely, the threat actor is typically motivated by financial gain and has done enough reconnaissance of the victim to understand the types of disruptions and economic loss that can be imposed or threatened to secure such gain.
How was 2021 different?
Ransomware reached the front pages in 2021 and stayed there through two major attacks that caused harm far beyond the targeted company. The oil and gas sector led the way in May 2021 when threat actors shut down operations at Colonial Pipeline – one of the…