Ransomware Alert
If you are reading this, you probably know the story of Colonial Pipeline from the news headlines and the gas lines. At Electronic Office, we are intensely focused on the challenges of ransomware because, here is the bad news, our clients are not too small to “fly beneath the radar” of the next generation of bad people who are looking to make a criminal buck from ransomware. Our gas stations are open again because Colonial Pipeline paid $5 million to the criminals that held them hostage. That’s good news for getting gas but bad news for our clients. The FBI has this to say:
“The FBI does not encourage paying a ransom to criminal actors. Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illegal activities. Paying the ransom also does not guarantee that a victim’s files will be recovered.”
EO agrees with the FBI in theory, but in practice, this is easier said than done. Most companies that are victims of ransomware attacks pay painfully large ransoms to regain control over their data and software tools. The vast majority of these situations are never made public. In many cases the company that paid the ransom does not report a data “breach” because they can at least pretend that the attacker only blocked access to their data but did not extract and retain a copy of the data. This is a technicality with serious implications but, when your business is paralyzed and collapsing all around you, sorting out the nuance is unimportant.
Darkside is the ransomware hacker company that was behind the Colonial Pipeline attack and, even as we write this urgent memo, they are publishing information that proves that their software tools have been used to attack 3 more major companies in the past few days.
Darkside is a horrific criminal enterprise but we called them a “company” for a reason. Darkside is a well-organized and disciplined business. You might be surprised to learn that Darkside does not hack into companies directly. Darkside is in the business of licensing its ransomware tools and techniques to 3rd parties who want to use their tools to make money via ransoms. Darkside has a sophisticated profit-sharing agreement with its 3rd party licensees.
Some entity that we know nothing about and cannot pin down licensed Darkside’s tools and then used them to attack Colonial Pipeline. You have heard of SaaS (Software as a Service), well Darkside is in the business of RaaS (ransomware as a service.)
Yikes. As with virtually all legitimate technologies that EO has implemented for its clients over the years, software developed for giant corporations becomes easier and more efficient until it reaches the point where anyone can use it. Today an owner of a restaurant has access to marketing, financial management and data analytics tools that were only available to the Fortune 500 a decade ago. Unfortunately, EO sees no reason why computer hackers sitting in a basement somewhere will not gain access to ransomware tools in the near future. There will be much smaller versions of Darkside and they will be licensing their tools to one-man 3rd parties. With a profit-sharing model, the criminal does not even need to have cash upfront to license this stuff.
These people are evil but they are smart. They know that they can extract a $5 million dollar payment from a giant like Colonial Pipeline and they realize that a local healthcare provider, municipality, charter school or manufacturer might only be able to pay $200,000. That perspective has protected our clients so far. It won’t stay that way. The tools for implementing a ransomware attack are getting into the hands of small-time criminals with a base level of computer skills and they are more than happy with ransom payments that will be painful but doable for clients like ours.
When your company gets attacked, the most likely breach of your security that allowed them to get in will have been an innocent human error by one of your own employees. The nickname for these techniques is called Phishing or Spear-Phishing. These simple sounding nicknames belie the underlying sophistication that makes these techniques effective.
![](https://www.economist.com/graphic-detail/2017/05/15/ransomware-attacks-were-on-the-rise-even-before-the-latest-episode" target="_blank" class="link-block-2 w-inline-block"><img src="https://assets.website-files.com/5638f89c0550acd03d7492e8/60e75654e7e29c1e8c90654c_Chart.jpg)
It is awkward for those of us at Electronic Office to take this problem and treat it as a revenue generating opportunity. Even so, it is what it is. Electronic Office has been reviewing and applying products that can help our clients to dramatically reduce their chances of being a victim of a ransomware attack and we know how to help you. We very much appreciate the feeling that this kind of crisis “will never happen to me” but we owe it to you to warn you that this mindset is obsolete. We owe you the very best insights, ideas and products for your protection when you are ready to accept that the bad guys are forcing our hand. We can’t keep our head down any longer.
To the best of our knowledge, this battle against the bad guys must be fought BEFORE the attack begins. Once Colonial Pipeline was under attack, not even the powerful resources of the huge oil industry and the US Government could find a way to beat the criminal behind the attack. The ransom got paid after all other options were exhausted.
Don’t feel helpless. The attackers don’t have a personal vendetta or focus on your company. They cast a very wide net and the companies that have done the least to protect themselves become the victims. If your company is doing all that it can to frustrate attackers, they are more than happy to focus on other companies that are not as big of a challenge as yours is. There is no guarantee of safety, but if your company offers the path of most resistance for these criminals, they are much more likely to attack somebody else.
Remember, John Dillinger never robbed a bank because he did not like the bank president. Dillinger robbed the bank that was most vulnerable because it was not invested in a high enough level of security protection to concern Dillinger. The ones that invested in a high level of security against bank robbers were of no interest to Dillinger because there was always another bank down the road where management was more nonchalant about security.
As of today, zero percent of EO clients have been victims of ransomware. We are way too humble to believe that we can maintain that perfect performance record forever. We know how talented the criminals are. The culture here at Electronic Office is well known to you – we take these challenges personally. Your trust in us is our greatest asset and our greatest sense of responsibility.
We are not going to deny that this situation leads to new products and services that generate revenue for EO, but if you know us at all, you understand that pro-actively protecting our clients is in our DNA, revenue growth is the outcome, not the driver.
Please give us the chance to dive deep with you regarding ransomware. We are all very busy but let’s not look back in dismay wishing we had done more after your computer screen is just a big ugly message from a criminal who has paralyzed your company.
Thank you,
The Electronic Office Executive Team
