What is Cybersecurity?
Cybersecurity is the protection of cyber systems, which are systems in which a mechanism is controlled or monitored by computer-based algorithms, against cyber threats: threats that exploit cyberspaces. Malicious software called ransomware is a type of cyber threat that cybersecurity is especially concerned with. It has the ability to block access to computer systems and data until the victim is willing to pay ransom to the attacker (Refsdal, 2015). The first known ransom attack took place in 1989, where information was mailed out about AIDS to more than 10,000 people around the world, each containing software that ultimately locked the computer files of those that opened it. To regain access to these files, people were instructed to mail a check to Panama. Since this first incident, ransomware attacks have become more and more frequent and have become harder and harder to track.
Below is a timeline of the largest cyberattacks directed at companies over the past decade.
Source: Business Insider
On May 7, 2019 hackers targeted the city of Baltimore in a cyber attack. City workers’ computer screens locked and a message stating “We won’t talk more all we know is MONEY! Hurry up!” was displayed on their screens. The hackers were demanding $100,000 in Bitcoin, which city officials refused to pay. The problem for Baltimore was within the security of their government software. Employees deal with networks that are often out of date thus making it easier for hackers to destruct systems with malware. The specific malware involved in this particular attack is known as RobinHood, which is not always, but typically carried out by Russian or Eastern European Hackers. As with most cyber attacks, hackers find vulnerabilities in systems, which was the case for Baltimore. The image below is the statement released by Baltimore to warn its citizens of the cyber attack.
Avi Rubin, a Johns Hopkins computer science professor and cybersecurity expert describes Baltimore’s situation: ”Imagine if somebody would sneak into a government building at night, load up a bunch of boxes with all the paperwork for all the pending permits and all the pending house closings and all the pending business that the city was conducting, put it all in a truck and drive away — and demand some money in order to bring that truck back… That’s a lot easier to do in cyberspace without getting caught, and that’s what’s happened here.”
Hospitals have typically been favorite targets for hackers, however most have added new hardware to protect their systems from being affected in such attacks. Baltimore, however, did not invest in such cybersecurity as they had never previously been hit with a cyber attack, and therefore didn’t see the importance in doing so. Due to this, Baltimore’s hospitals too, were involved in this cyber attack that shut down all of its government systems.
With the development of technology, hospitals have become accustomed to relying on electronic medical records to securely store their patient’s medical information. Although this has provided physicians with a much faster way of collecting information, it has its issues. Such information is susceptible to being stolen or held ransom by hackers who are able to gain access to medical network systems. Not only could this involve the disclosure of confidential medical records, but it could also mean threatening the lives of patients. A hacker wishing to injure patients directly could potentially hack into a hospital network responsible for controlling an active medical device which directly administers medical treatment to a patient (Ayala 2016). Health care facilities are becoming more and more susceptible to cyberattacks and while health care cybersecurity looks at protecting patient information, it has now become a problem of extortion. Hackers are using ransomware to target hospitals by requiring a profit before returning access to their systems (Redhead 2017).
With the rise of cyberattacks, it is important for potential targets to prepare for such situations. In terms of paying the ransom, it seems that finding alternate ways of regaining access to stolen information is favorable, as the more willing victims are seen in paying such large amounts of money , the more likely attackers will continue to take part in such malicious acts. Hackers could potentially use such money to then pay for more sophisticated attacks, thus making it more and more difficult to prevent cyber attacks and ultimately detecting them. Employees of larger corporations, and especially those working for places that are particularly susceptible targets of hackers, should be informed of what to be on the lookout for. For instance, hackers usually start their attack through something as simple as a link sent by email, so informing staff members may be the simple answer to avoiding such situations (Ayala 2016). Although this may prove to be helpful, terminating cyber attacks completely is not something that the world is going to see any time soon, as hackers always have ways of outsmarting cybersecurity systems, despite the work to prevent them.
Ayala, Luis. Cybersecurity for Hospitals and Healthcare Facilities: a Guide to Detection and Prevention. Apress, 2016.
Chokshi, Niraj. “Hackers Are Holding Baltimore Hostage: How They Struck and What’s Next.” The New York Times, The New York Times, 22 May 2019, www.nytimes.com/2019/05/22/us/baltimore-ransomware.html.
Holmes, Aaron. “Hackers Have Become so Sophisticated That Nearly 4 Billion Records Have Been Stolen from People in the Last Decade Alone. Here Are the 10 Biggest Data Breaches of the 2010s.” Business Insider, Business Insider, 13 Nov. 2019, www.businessinsider.com/biggest-hacks-2010s-facebook-equifax-adobe-marriott-2019-10#10-target-was-subject-to-a-data-breach-in-2013-that-exposed-40-million-credit-and-debit-card-accounts-1.
Kim, Allen. “In the Last 10 Months, 140 Local Governments, Police Stations and Hospitals Have Been Held Hostage by Ransomware Attacks.” CNN, Cable News Network, 8 Oct. 2019, www.cnn.com/2019/10/08/business/ransomware-attacks-trnd/index.html.
Markoff, John. “Rogue Program Failed Its Own Test.” The New York Times, The New York Times, 20 Dec. 1989, www.nytimes.com/1989/12/20/business/rogue-program-failed-its-own-test.html.
Mazzei, Patricia. “Hit by Ransomware Attack, Florida City Agrees to Pay Hackers $600,000.” The New York Times, The New York Times, 19 June 2019, www.nytimes.com/2019/06/19/us/florida-riviera-beach-hacking-ransom.html.
Perlroth, Nicole, and Scott Shane. “In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc.” The New York Times, The New York Times, 25 May 2019, www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html.
Redhead, Stephen C. Ransomware Attacks Renew Focus on HIPAA Security Standards. 2017.
Refsdal, Atle. Cybersecurity. Springer, Cham, 2015.
Ropek, Lucas. “Georgia Public Safety Agency Hit with Ransomware Attack.” Government Technology State & Local Articles – E.Republic, 29 July 2019, www.govtech.com/security/Georgia-Public-Safety-Agency-Hit-with-Ransomware-Attack.html.
Sullivan, Emily. “Ransomware Cyberattacks Knock Baltimore’s City Services Offline.” NPR, NPR, 21 May 2019, www.npr.org/2019/05/21/725118702/ransomware-cyberattacks-on-baltimore-put-city-services-offline.