Ransomware Threats Critical Infrastructure Sectors
Ransomware is malware that infects your computer system and encrypts files, making it impossible to access them until you pay the attackers. Cybercriminals then sell access to decrypt the files at illicit marketplaces.
Infected systems can’t function normally, affecting business productivity and customer service. In the healthcare sector, a ransomware attack can stop patient care and threaten lives. In critical infrastructure sectors, such as energy, transportation and manufacturing, the impact can be even more severe. The May 2021 cyber attack against Colonial Pipeline, for example, led to a regional fuel shortage and highlighted how ransomware can halt vital services by disrupting operational technology systems.
Today’s ransomware often spreads through phishing emails, acting as Trojan horse malware that infects your computer with malicious attachments. Once it’s installed, it searches for files to encrypt and displays a message demanding payment to restore your data. Some variants use double extortion to increase the threat, publishing a list of organisations that have refused to pay.
The growth of ransomware is driven by a low barrier to entry and high profits for criminals. Unlike many other attacks, which require complex and time-consuming steps, ransomware simplifies the attacker value chain: find a vulnerability, create malware capable of exploiting that vulnerability, gain access to the victim’s systems by ‘weaponising’ that malware, conduct reconnaissance until valuable data is recognised, exfiltrate those data without being blocked, market the data at illicit marketplaces and exchange it for money.
The most popular variants are CryptoLocker, WannaCry and GandCrab. Attackers target affluent regions and countries, such as the United States, to maximise the amount of money they can steal from each victim. The rise in attacks against critical infrastructure sectors is a reminder that businesses must take a proactive approach to defence. This includes advocating stronger industry standards, supporting robust cybersecurity tools and encouraging cross-sector collaboration to prepare for and respond to attacks.