Treasury Chief Yellen Calls Ransomware ‘Direct Threat’ to Economy

The volume of suspected ransomware payments is likely to double this year, posing a “direct threat” to the U.S. economy, says U.S. Treasury Secretary Janet L. Yellen.

Yellen’s comments appeared in a  recent Treasury Department report,  which linked nearly $600 million in transactions  to ransomware payments in “Suspicious Activity Reports” financial services firms have filed to the U.S. government in the first six months of 2021.

“Ransomware and cyber-attacks are victimizing businesses large and small across America and are a direct threat to our economy,” the report said.

However, until there is a more broad-based coordinated response and a greater sense of urgency from federal leadership and corporations concerning the ongoing threat of ransomware attacks, paying the ransom may be the only reasonable option, says Robert Anderson Jr., a former FBI official tasked with combating cybercrime, in an op-ed for The Hill.

Anderson points out that victims typically can’t get help from the government in a ransomware attack because the government lacks the manpower and the resources to deal with the growing number of attacks.

The lack of federal and state law enforcement workforce makes managing ransomware attacks, which must be dealt with immediately, extremely difficult, even as cyber attackers are stepping up crimes against the more vulnerable small- and medium-sized businesses that lack adequate defenses, wrote Andersom

The rising concerns over cyberthreats to business come as a lawsuit alleges that ransomware was responsible for a death in an American hospital.

In May 2021, hackers used a ransomware attack to extort a multi-million dollar ransom that disrupted the Colonial Pipeline and caused gasoline shortages in America.

“Other recent attacks have targeted various sectors, including manufacturing, legal, insurance, health care, energy, education, and the food supply chain in the United States and across the globe,” the Treasury report said.

The cybercriminals launching ransomware are believed to mostly originate in Russia and former countries of the Soviet Union, with groups also operating in North Korea and Iran. The hacker group’s names are appropriately sinister: DarkSide, REvil, BlackMatter and Evil Corp.

Analysts say that the Russian groups operate not at the behest of the Russian government but as ancillary wings.

“Like almost any major industry in Russia, [cybercriminals] work kind of with the tacit consent and sometimes the explicit consent of the security services,” said Michael van Landingham, a former CIA analyst who runs the consultancy Active Measures LLC.

On September 1, the FBI released a warning that ransomware attacks were targeting the U.S. food and agriculture sectors, wreaking financial havoc and impacting the nation’s food supply chain.

And, sure enough, in late September, New Cooperative Inc., an agricultural cooperative owned by Iowa corn and soy farmers, was hit by the BlackMatter ransomware group. The attackers asked the co-op to pay $5,9 million for the decryption key and not to release the stolen data.

“The farming cooperative is seen stating the attack could significantly impact the public supply of grain, pork, and chicken if it cannot bring its systems back online,” reported artstechnical.com.

President Joe Biden declared cybersecurity a global crisis last week, holding a ransomware summit with 30 allied and friendly nations.

The president was “touting sanctions against an allegedly ransomware-linked cryptocurrency exchange, launching a crypto crime-fighting team in the Justice Department, pushing businesses to share cyberattack information, and calling for the rebuilding of government and private-sector online security,” reported Barrons.

And the attacks keep rolling along.

On Monday, one of the largest TV station operators in the U.S. said a ransomware attack disrupted some of its networks, according to CNN.

Sinclair Broadcast Group Inc. was linked to Evil Corp., according to two people familiar with the attack. Sinclair owns, operates or provides services to 185 television stations in 86 markets.

“Sinclair appears to have been hit by Macaw ransomware, a relatively new strain first reported in early October,” said Allan Liska, a senior threat analyst at the cybersecurity firm Recorded Future Inc., told Bloomberg. “There have not been any other Macaw victims publicly reported.”

One of the most upsetting developments in the cybercrime trend is the filing of a lawsuit in September charging that a baby’s life was lost because a hospital was grappling with ransomware.

An Alabama baby was born with severe brain injury and eventually died due to botched care because her hospital was struggling with a ransomware attack, a lawsuit alleges.

The lawsuit alleges that the hospital, Springhill Medical Center, didn’t tell the mother that hospital computers were down because of a cyberattack, and subsequently gave her severely diminished care when she arrived to deliver her daughter.

Around 850 health care networks and hospitals in the U.S. have been affected by ransomware so far this year alone, Allan Liska, a ransomware analyst at the cybersecurity company Recorded Future, told NBC.

Some cybercriminal groups avoid hospitals for humanitarian reasons. However, there are certain ones that make hospitals their special targets.

Nearly half of all U.S. hospitals have disconnected their networks in the past six months due to escalating ransomware attacks, according to a new study from Philips and CyberMDX.

Ransomware attacks on hospitals during the height of the coronavirus pandemic last year were launched by “FIN12,” a group of suspected Russian-speaking criminals, cybersecurity company Mandiant recently told the Washinton Times.

Kimberly Goody, Mandiant director of financial crime analysis, told reporters that FIN12 hits hospitals and moves faster than many other ransomware gangs that hold computer systems hostage.

The cybercriminal group Ryuk is also believed to specialize in attacks on U.S. hospitals.

Additional reading: Newest Targets of Cyberattacks: Hospitals, The Crime Report, Aug 18, 2021

After REvil, Who are the Next Cybercriminals? The Crime Report, July 29, 2021 

Nancy Bilyeau is deputy editor of The Crime Report.