How Much Ransomware and Cyber Attacks Cost Businesses – NBC New York

Cybercriminals disrupted the U.S. economy on an unprecedented scale this year, shutting down the U.S.’s largest fuel pipeline, temporarily halting meat processing plants that provide about a fifth of the country’s supply, and going after hospitals, clinics and universities.

The pipeline operator, Colonial Pipeline Co. based in Georgia, confirmed in May that it had paid hackers who broke into its computers systems $4.4 million in the ransomware attack. That kind of rich payoff has been driving the stream of assaults that is bedeviling companies and governments around the world.  

“Nowadays organizations when they get hit with ransomware they’re just straight up calling their insurance company which negotiates on their behalf, makes a payment, gets a decryption tool and they get these companies back on their feet,” said Vikram Thakur, the technical director of the Symantec division of the security company, Broadcom. 

That is not how insurance is supposed to work, he and others say. Insurance should compensate the victims, not reward attackers, and by paying, the companies are ensuring more attacks.

With the problem worsening, Congress and the White House are trying to combat the problem. In August, a bipartisan group of Congressional lawmakers announced legislation to help better track and analyze cyber crime. The Treasury Department under the Biden administration warned ransomware victims that paying hackers could violate U.S. sanctions and urged them to first notify the government, NBC News reported.

On Sept. 21, the Treasury Department announced that for the first time it had gone after a virtual currency exchange that it said was laundering cyber ransoms.  It prohibited Americans from doing business with the cryptocurrency broker SUEX and said that more than 40% of SUEX known transaction history had been with “illicit actors.”

Some attacks are repelled. The Port of Houston announced in September that it had defended itself against an attempted attack in August and said “no operational data or systems were impacted.” 

Among the successful ones, some are more dire than others. The one on Colonial Pipeline might have raised gasoline…