Ransomware Comes To the Heartland


Imagine the following scenario circa 1962.  From an aircraft carrier in
international waters in the Gulf Coast near Houston, the USSR flies a team of
helicopters that land in a parking lot outside a urology clinic in Baytown,
Texas, on the Gulf Coast.  Soldiers
with AK-47s surround the clinic and hold everyone in it hostage until all the
files inside are loaded onto a helicopter.  Then the leader of the team informs the head of the clinic
that they’re holding the files for $5000 ransom.

Sounds pretty ridiculous, doesn’t it?  For one thing, a Soviet aircraft
carrier wouldn’t have been allowed to get into the Gulf of Mexico during the
Cold War.  And even if it had, U.
S. Air Force planes would have shot down anything flying toward the Texas
coastline.  And to mount an
invasion force of that magnitude only to hold some clinic’s files hostage would
be like killing a flea with a nuclear weapon. 

But fast-forward to 2017, and the moral equivalent of
that crazy scenario not only could happen—it did happen.  First, some background.

From 2007 to 2015, my father-in-law lived with us
until he passed away, and one of the medical services he needed was provided by
a coalition of formerly independent urologists called Urology Austin.  It is a medium-size group of about 20
physicians and associated service people, but is strictly a local concern, not
affiliated with a national chain. 
As I learned when I opened an envelope from them last week, on Jan. 22
of this year, the organization was the victim of a ransomware attack.

Ransomware secretly infects a victim’s computer
system by various means.  When it’s
triggered by the attacker, it encrypts the victim’s data and demands payment
for un-encrypting it.  We are as
reliant on computer systems now as we are on electric light and communications
systems, and in many cases, saying good-by to one’s data is effectively saying
good-by to one’s business.  So
unless victims have a robust and constantly updated physical backup system,
they usually have no choice but to pay the ransom, which can be in the five- to
six-figure range.  And even then,
according to one report by Forbes, fewer than half of the victims actually get
all of their data back.  Add to all
this hassle the fact that in the case of medical records, a lot of confidential
patient information has been compromised, and you have a small businesman’s
nightmare. 

The Forbes article says
that in 2016 the number of ransomware attacks exploded, going from 3.8 million
in 2015 to 638 million in 2016. 
It’s not clear whether that number counts only attempts, or successful
attacks in which money was paid, but in either case, ransomware is posing a
significant hazard not only to large corporations, but to small- and
medium-size firms that can’t afford huge staffs of IT people constantly on the
alert for the latest type of ransomware attack.  Which is one reason the attackers go for them, of
course. 

Historically, a dicey part
of any ransom or shakedown crime in which the attacker wishes to remain
anonymous is the payoff mechanism. 
But cybercriminals have the convenience of bitcoin to thank for making
that part easier too.  Bitcoin is a
“blockchain” system that apparently furnishes virtually untraceable
means of transferring large amounts of money.  While there are legitimate reasons for such a system,
bitcoin seems to be implicated in a wider and wider range of dubious and
illegal transactions, ranging from drug deals to ransom payoffs.

The radically
international nature of the Internet is showing signs of making the historical
idea of the sovereignty of a nation-state within its borders ineffectual, if
not obsolete.  Back when the only
means of communication were tangible objects such as letters, keeping a
nation’s borders secure meant that anyone wishing to steal or pillage inside
that nation first had to invade the country, with all the paraphernalia of war
that invasion involves.  Invasion
was a big deal, and so not that many countries tried to invade other countries,
and when they did, they had to pay the price of casualties and deaths.

But now, something close
to the same effect of theft and pillage accompanying an invasion can be visited
on a humble little urology clinic minding its own business in Central Texas,
from an unknown invader who is probably halfway around the world.  As war has shown through history, human
institutions always lag behind technological developments—sometimes catching up
pretty fast, but sometimes falling behind for years or even decades. 

In a time when government
is seen to be the problem as least as much as it is seen to be a solution, I
hesitate to call on governments to attempt anything more than what they’re
doing already.  But just as the
entire power of the military would have been called on to defend our shores
against the imaginary USSR invasion of 1962 whose target was Baytown, because
one urology clinic can’t be expected to protect itself against a foreign power,
it seems to me that when threats from outside the country start to cause
significant losses to private interests that can’t defend themselves
adequately, it is one traditional role of government to intervene in order to
protect those who can’t protect themselves.

I leave the form this
governmental protection would take up to those who know better about how to
organize such things efficiently. 
In general, the U. S. military seems to have preserved its integrity
with regard to getting specific jobs done, better than most other parts of the
federal government.  But there is a
strong and well-justified tradition of limiting military action inside the
borders of the United States—the danger being that if this limit wasn’t in
place, we would be in danger of becoming a police state.  Nevertheless, as the nature of foreign
invasions changes, traditions may have to change too. 

I hope Urology Austin
recovered from its ransomware attack without too much loss of cash, data, or
goodwill.  But I also hope that
those who are in a position to do something about it will start to reorganize
our military efforts to acknowledge the fact that attacks from foreign powers no
longer come only in the form of soldiers, ships, planes, and missiles, but also
as weaponized bits.



Source link