CEO and founder of Illusive Networks, a leader in active cyber defense.
This past September, the world was shocked to read a lawsuit claiming that a baby in Alabama had died at the hands of ransomware. On July 16, Springhill Medical Center was in the midst of an attack that compromised a nurse’s ability to see that an umbilical cord was wrapped around the neck of a baby she was about to deliver. Once born, the baby was diagnosed with severe brain damage and ended up dying nine months later.
Deadly Consequences Of Sitting Still
It’s clear this news is beyond devastating. No parent should have to lose a child under any circumstance. What I’m wondering is, why are people so surprised that a cyberattack caused loss of life?
One report revealed that 560 healthcare organizations were hit by ransomware attacks in 2020, costing over $20 billion in downtime. This figure is double the amount of 2019…and we don’t even have the final numbers for 2021 yet.
The toll these attacks take on hospital operations is enormous, but it pales in comparison to the devastating impact on affected patients and their families. More than anything, this incident should be a massive, blaring wake-up call that cyber weapons are real and the consequences of failing to take action against ransomware operators (specifically those targeting the healthcare sector) are deadly.
I fear that we’ll see more fatal tragedies as a result of cyberattacks. However, as stated by the very nurse who delivered the baby who died at just nine months old, these deaths are preventable.
Government Bullseyes And Misses
The Biden administration has taken several shots at hindering cybercriminals’ ability to successfully carry out attacks, specifically on critical infrastructure, over the past year. The government was able to recover millions of dollars in ransomware payments and put members of popular gangs like REvil behind bars.
All of these efforts signify a long-overdue focus on fortifying the nation’s cybersecurity…but that’s all it is — a start.
The issue is, the largest cybercriminal gangs are more or less bulletproof. Losing a few members because they were put behind bars isn’t going to stop them from doing what they do best. Shutting groups down doesn’t exist. Take DarkSide as an example: The group attacked Colonial Pipeline, then “shut down” and came back as BlackMatter. Yes, BlackMatter also recently claimed it was ceasing operations due to pressure from law enforcement — but don’t worry, they’re just taking a break from tour to make their next album. They’ll be back, and there will be loosely affiliated networks of solo operators who pick and choose whom they work with through a robust cybercrime underground, just like rotating new drummers through a band.
Biting the Bullet…And Spitting It Back At The Bad Guys
So if law enforcement’s efforts to keep these adversaries at bay don’t work, what’s left to do? It’s important to recognize that while the government and law enforcement’s efforts are not the antidote for stopping all cybercrime, they are productive. BlackMatter (as far as we know) is not operating right now, and that’s because of the outstanding work law enforcement has done with tracking criminals down and making them face consequences.
With that being said, the first step is for the government and law enforcement to continue doing what they’re doing now: make it hard for these groups to keep their heads above water. Force them to go away, even if that means they’ll come back eventually. Steal money back whenever possible. Hack back and get inside their networks. Applying pressure doesn’t heal their wounds — it makes them worse.
Next, shift the focus to educating the public. Knowledge is power, and it’s the greatest weapon we have against those who think they can steal, ransom and even kill. Even the world’s largest businesses can’t be expected to figure out how to build top-notch security infrastructures on their own.
It’s time for the government to stop repeating the same old cyber hygiene and “don’t pay the ransom” messages and actually show businesses how to stay one step ahead of attackers. Emphasize the importance of taking a proactive (not reactive) approach to fighting off attackers and tell them how to do it. Explain the tools they can use to deceive hackers, anticipate their next moves and adapt their security to the evolving threat landscape.
A huge part of this step is getting Big Tech involved. Utilize relationships with major household names like Apple, Microsoft, Amazon, Facebook and others to help spread the word about how companies (even ones that don’t use their products) can stay safe. If major technology influencers, the government and law enforcement join together to educate the public on proactive cybersecurity, we could see a monumental shift in company preparedness to fight off threats.
The government needs to treat ransomware operators who are targeting critical infrastructure and the healthcare sector as terrorists and allocate any and all resources to forming a knowledgable, strong army against attackers looking to cause us harm.