Cybersecurity
Now playing
04:43
Cybersecurity CEO: 'More targeted ransomware attacks' by Russia coming
This photo taken on August 4, 2020 shows Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, using his computer at their office in Dongguan, China's southern Guangdong province. - From a small, dingy office tucked away in an industrial city in southern China, one of China's last "volunteer hacker" groups maintains a final outpost in its patriotic hacking war. (Photo by NICOLAS ASFOURI / AFP) / TO GO WITH China-hacking-security,FOCUS by Laurie Chen / The erroneous mention[s] appearing in the metadata of this photo by NICOLAS ASFOURI has been modified in AFP systems in the following, we removed the HOLD HOLD HOLD in the main caption.   Please immediately remove the erroneous mention[s] from all your online services and delete it (them) from your servers. If you have been authorized by AFP to distribute it (them) to third parties, please ensure that the same actions are carried out by them. Failure to promptly comply with these instructions will entail liability on your part for any continued or post notification usage. Therefore we thank you very much for all your attention and prompt action. We are sorry for the inconvenience this notification may cause and remain at your disposal for any further information you may require. (Photo by NICOLAS ASFOURI/AFP via Getty Images)
Now playing
02:18
How your device could be at risk of 'one of the most serious' cyber security threats
The new Microsoft Surface Pro 3 tablet with detachable keyboard and pen for writing on the screen after it was unveiled May 19, 2014 in New York. Microsoft unveiled the Surface Pro 3 tablet at an event in New York on Tuesday, as it attempts to fuel interest in its struggling tablet line amid increasing competition. The Intel Core-powered tablet measures 0.36 inches thick, boasts a 12-inch screen and weighs just under 2 pounds.
Now playing
03:23
Microsoft's VP of Security: The future is passwordless
Now playing
03:29
Microsoft's VP of Security: The future is paswordless
SocialProof Security CEO Rachel Tobac uses social engineering to hack CNN tech reporter Donie O'Sullivan's accounts.
Now playing
04:04
Here's everything you need to know about ransomware
A person uses Windows software
Now playing
00:53
Microsoft urges Windows users to install update
Staff enter the headquarters of information technology firm Kaseya in Miami, Florida, U.S., in an undated still image from video. Kaseya/Handout via REUTERS NO RESALES. NO ARCHIVES. THIS IMAGE HAS BEEN SUPPLIED BY A THIRD PARTY.
Now playing
01:41
Kaseya: The massive ransomware attack compromised up to 1,500 businesses
Now playing
06:43
FireEye CEO: Digital currency enables cybercrime
screengrab Elliptic
Now playing
03:18
See how cybersecurity experts trace ransom payments
This photo taken on August 4, 2020 shows Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, using his computer at their office in Dongguan, China's southern Guangdong province. - From a small, dingy office tucked away in an industrial city in southern China, the Red Hacker Alliance -- one of China's most well-known patriotic "hacktivist" groups -- maintain battle in the country's nationalistic online war. (Photo by NICOLAS ASFOURI / AFP)
Now playing
02:42
White House urges companies to take cyberattack threat more seriously
Fuel tanks are seen at Colonial Pipeline Baltimore Delivery in Baltimore, Maryland on May 10, 2021.
Now playing
01:47
Cybersecurity expert: Defense isn't perfect in this game
Now playing
02:47
IBM CEO: Cybersecurity needs to be a collective effort led by government
Now playing
05:14
A hacker stole $1 million from him by tricking his cell phone provider
SocialProof Security CEO Rachel Tobac uses social engineering to hack CNN tech reporter Donie O'Sullivan's accounts.
Now playing
04:35
Watch how a social engineering hack works
BERLIN, GERMANY - JUNE 22: In this photo Illustration hands typing on a computer keyboard on June 22, 2016 in Berlin, Germany. (Photo Illustration by Thomas Trutschel/Photothek via Getty Images)
Now playing
01:43
I report on technology. And I got hacked.

Editor’s Note: Mike Chapple is teaching professor of information technology at the University of Notre Dame’s Mendoza College of Business. The opinions expressed in this commentary are his own.

Over the past several weeks, ransomware attacks shut down a critical gas pipeline serving the Eastern United States, disrupted meat plants in Australia and North America, exposed sensitive police files in Washington, DC, and delayed ferry service to Cape Cod. Other recent attacks have disrupted hospital systems and crippled Ireland’s national health service in the midst of the Covid-19 pandemic. These critical infrastructure disruptions bring into clear focus that ransomware poses a significant risk to national security, and it’s time to begin treating it as we would any other serious threat.

Ransomware builds upon the computer viruses and worms of years’ past and adds a terrifying twist. Once ransomware infects a system, it encrypts all of the data on that system, rendering it inaccessible to legitimate users. The ransomware author then demands the payment of a ransom in exchange for providing the decryption key required to restore access. Recently, ransomware authors have gone even further and made extortionary threats to disclose sensitive information unless the ransom is paid.

The recent flurry of successful ransomware attacks highlights how our national security is at stake. This series of uncoordinated attacks affected our energy infrastructure and transportation services. A group of attackers intending to inflict havoc could quietly infect a series of critical systems and then simultaneously cripple many elements of our infrastructure.

Now, we must focus our national attention on addressing this risk with a comprehensive, interdisciplinary approach. Unfortunately, as with most claimed panaceas, there is no simple solution to the scourge of ransomware, but there are some good places to start.

Below are some do’s and don’ts for the government and companies to keep in mind:

Rely on national intelligence

At the end of April, just days before the Colonial Pipeline attack made headlines around the world, a more-than 60-member Ransomware Task Force (RTF) released an 81-page report, “Combatting Ransomware.” Acknowledging the complexity of the problem, this group of cybersecurity experts recommended 48 specific actions that government and industry leaders may take to push back against the increasing number of ransomware infections.

Some of the task force recommendations rely on the government to play an important role. If we consider ransomware a national security priority, it only makes sense that we would bring the resources of the nation’s intelligence community and law enforcement agencies to bear on the problem. The United States possesses the world’s most sophisticated intelligence collection and analysis capabilities. Surely, those capabilities could be used to identify and pursue the perpetrators of ransomware attacks.

We saw the beginnings of this coordinated approach earlier this week when the Justice Department announced that it seized $2.3 million in bitcoin paid to the Colonial Pipeline attackers. This was a remarkable feat of intelligence and law enforcement, as tracking Bitcoin transactions isn’t easy. It’s exactly the type of activity that will deter and disrupt future attacks.

Similarly, the government can disrupt the business model for ransomware. Ransomware attacks continue to happen because they are profitable. Disrupting those profits would deter attackers from investing time and resources in these attacks. The RTF report includes a dozen recommendations for doing so, including enforcing existing financial crime laws, enhancing seizure capabilities and applying statutes designed to combat organized crime.

Disrupt the business model

The coordinated seizure of funds from the Colonial Pipeline attack is a good example of this strategy, but more is needed. Federal, state and local law enforcement officials must share information and work together with their international colleagues to bring these attackers to justice. Attackers must begin to live in the constant fear that their funds will be seized and they will be arrested.

Develop a national ransomware incident response

Companies that fall victim to these attacks need to know what to do when an attack occurs and where they may turn for expert advice. Large businesses often have dedicated cybersecurity teams and the resources to bring in expert consultants, but smaller businesses, non-profits and government agencies often lack access to those resources. Creating a national center of excellence in ransomware response would help organizations of all sizes gain access to expert guidance when they face a ransomware crisis.

Businesses must bolster their cybersecurity

Ransomware isn’t a problem that the government alone can solve. Organizations around the world must also bolster their cybersecurity defenses to reduce the risk of falling victim to these attacks. This definitely requires strong technical measures, including the use of security technologies and data backups.

But this isn’t just a technical problem. Ransomware often enters an organization after a single employee makes a single mistake. Effectively fighting ransomware requires strong education and awareness efforts that help everyone in an organization understand the risk and their role in protecting critical systems.

Don’t ban ransom payments

Banning ransom payments might seem appealing because it would hit attackers in the pocketbook. Prohibit American businesses from making ransom payments, the theory goes, and ransomware authors will lose the incentive to wage attacks. The fundamental problem with this policy is that it would further victimize the victims of a crime. This is the reason that we don’t outlaw the payment of ransom to kidnappers and it’s also the reason that we shouldn’t outlaw ransomware payments.

Are we really willing to tell a hospital that suffered a ransomware attack that it is not allowed to pay the ransom that would restore access to critical medical devices or patient files? Waiting for companies to rebuild their technology infrastructure because they aren’t allowed to pay ransom could cause prolonged disruptions to gas pipelines, mass transit, the food supply and other essential industries. Small businesses suffering ransomware attacks will simply go out of business because they can’t get back up and running again. When you consider the negative side effects of banning ransom payments, the solution no longer seems so simple.

Ransomware authors demand payment in Bitcoin and other cryptocurrencies because the nature of those currencies allows anonymous transactions. Some experts argue that banning cryptocurrency entirely would shut down the ransomware markets, but banning cryptocurrency entirely isn’t the answer either. While there are very strong arguments that most cryptocurrency transactions are either speculative investments or criminal activity, it’s a major stretch to jump from there to the assertion that cryptocurrency should be completely illegal. It would be almost impossible to stop cryptocurrency transactions if we tried. The United States lacks the jurisdiction to create or enforce an international ban, and the decentralized nature of cryptocurrency systems makes it difficult to imagine how such a ban would even function.

Don’t ban cryptocurrency

Ransomware is a complex problem that poses a significant threat to our national security, but we’ve tackled complex problems in the past. The country that put astronauts on the moon and stemmed the coronavirus pandemic is certainly capable of successfully fighting the battle against ransomware.