The US State Department knows it’s ‘pushing the envelope’ as it offers up to $10 million rewards for crypto-hacking intel, according to new interview

Bitcoin logo is seen displayed on an Android mobile phone
  • State Department officials told CNN an “edgy” program to pull in cyber-crime tips by paying up to $10 million rewards is aimed at reaching a new pool of informants.
  • The agency will allow informants with verifiable information about foreign-backed hacking schemes to be paid in cryptocurrency.
  • Officials have already started receiving tips via its channel on the Dark Web.
  • See more stories on Insider’s business page.

The US State Department says its initiative to pay informants for information about certain hacking schemes with cryptocurrency and to allow communication through a secure portal on the Dark Web is aimed at reaching potential sources on turf that’s familiar to them, according to an interview with agency officials conducted by CNN.

The agency for the first time is allowing informants to elect to receive reward payments using cryptocurrency. The move is in connection with an offer of up to $10 million for information leading to the identification or location of cyberhackers backed by foreign governments who target US infrastructure. Officials told CNN they have started receiving tips through a recently opened channel accessible on the Dark Web using the Tor browser.

“Within our program there’s a tremendous amount of enthusiasm because we’re really pushing the envelope every chance we get to try and reach audiences, sources, people who may have information that helps improve our national security,” an unnamed State Department official told CNN in an interview published Sunday, the first since the announcement. “It’s been edgy for some government agencies, perhaps, but we’re going to keep pushing forward in many different ways.”

CNN said the reward was “quietly” announced in June as part of a raft of other actions the Biden administration was enacting to improve the country’s cybersecurity.

The Biden administration in recent months has accused hackers working for Russia and China of breaching numerous US agencies and departments and the administration has made fighting ransomware a top priority.

The FBI in June seized $2.3 million worth of bitcoin out of a $4.4 million ransom that oil pipeline system operator Colonial Pipeline had paid to DarkSide. The FBI said the group, believed to be based in Russia, was behind a May cyberattack against the privately held company that led to gasoline shortages across the southeastern US.

The officials declined to describe the tips they have received through the Dark Web channel because of the sensitive nature of the information and sources, the report said.

“Something on the Dark Web that allows total anonymity and an initial level of security is probably more appropriate for those folks,” CNN quoted a second unnamed State Department official as saying. “So just finding people where they are and reaching them with the technology on which they are most comfortable, I think, is the name of the game for Rewards for Justice.”

Read the original article on Business Insider

The Republican National Committee said a third-party Microsoft IT contractor was breached in cyber attack last week, but no GOP data stolen

rnc
Signs for the 2020 Republican National Convention outside of the Charlotte Convention Center in Charlotte, North Carolina, on August 22, 2020.

  • Russian hackers breached Synnex, a third-party IT contractor that works with Microsoft accounts, last week.
  • The attack took place around the same time a major ransomware attack was executed by a Russian-linked criminal group.
  • Bloomberg News reported the hackers belonged to a group known as APT 29 or Cozy Bear.
  • See more stories on Insider’s business page.

Russian government hackers breached Synnex, a third-party IT contractor that works with Microsoft last week, around the same time a major ransomware attack was tied to a Russian-linked criminal group.

Bloomberg News reported that hackers breached the Republican National Committee’s computer systems, but an RNC spokesperson denied that allegation to Insider, saying the group’s team worked with Microsoft to immediately confirm that no RNC data was accessed in the Synnex breach.

Two people familiar with the incident told the outlet that the hackers are part of a group known as APT 29 or Cozy Bear, which has been linked to Russia’s foreign intelligence service. The hackers were previously accused of breaching the Democratic National Convention in 2016 and infiltrating nine US government agencies during a supply-chair cyberattack that was disclosed in December, Bloomberg reported.

The breach comes less than a month after President Joe Biden warned Russian President Vladimir Putin about cyberattacks at a June 16 summit.

A representative for the Russian Embassy in Washington, DC, did not immediately respond to Insider’s request for comment.

RNC Chief of Staff Richard Walters confirmed to Insider that no RNC data was accessed in the breach.

“Over the weekend, we were informed that Synnex, a third party provider, had been breached. We immediately blocked all access from Synnex accounts to our cloud environment,” Walters said. “Our team worked with Microsoft to conduct a review of our systems and after a thorough investigation, no RNC data was accessed. We will continue to work with Microsoft, as well as federal law enforcement officials on this matter.”

The IT corporation, Synnex, said it was aware of a “few instances where outside actors have attempted to gain access, through Synnex, to customer applications within the Microsoft cloud environment,” in a press release.

A representative for Synnex did not immediately respond to Insider’s request for comment.

Michael Urban, president of worldwide technology solutions distribution at Synnex told Bloomberg the company was unable to provide specifics while it conducts a full review.

It was unclear if the Synnex breach was in any way tied to the ransomware attacks that took place around the same time, which targeted 200 American businesses using vulnerabilities in Kaseya, a Miami-based IT firm.

Cybersecurity experts have tied the massive attack to Russian-based criminal ransomware-as-a-service organization, REvil, which most recently attacked meat supplier JBS.

Read the original article on Business Insider

Businesses around the world left reeling following a ransomware attack on Florida-based IT firm

hacker person keyboard cyber security
  • A ransomware attack at Florida-based IT firm Kaseya left businesses around the world scrambling.
  • Cybersecurity experts say the Russian-linked REvil ransomware gang appears to be behind the attack.
  • The REvil ransomware gang was blamed by the FBI for paralyzing meat packer JBS last month.
  • See more stories on Insider’s business page.

Businesses around the world rushed Saturday to contain a ransomware attack that has paralyzed their computer networks, a situation complicated in the U.S. by offices lightly staffed at the start of the Fourth of July holiday weekend.

It’s not yet known how many organizations have been hit by demands that they pay a ransom in order to get their systems working again. But some cybersecurity researchers predict the attack targeting customers of software supplier Kaseya could be one of the broadest ransomware attacks on record.

It follows a scourge of headline-grabbing attacks over recent months that have been a source of diplomatic tension between U.S. President Joe Biden and Russian President Vladimir Putin over whether Russia has become a safe haven for cybercriminal gangs.

Biden said Saturday he didn’t yet know for certain who was responsible but suggested that the U.S. would respond if Russia was found to have anything to do with it.

“If it is either with the knowledge of and or a consequence of Russia then I told Putin we will respond,” Biden said. “We’re not certain. The initial thinking was it was not the Russian government.”

Cybersecurity experts say the REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack that targeted the software company Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers.

“The number of victims here is already over a thousand and will likely reach into the tens of thousands,” said cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank. “No other ransomware campaign comes even close in terms of impact.”

The cybersecurity firm ESET says there are victims in least 17 countries, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Kenya and Germany.

In Sweden, most of the grocery chain Coop’s 800 stores were unable to open because their cash registers weren’t working, according to SVT, the country’s public broadcaster. The Swedish State Railways and a major local pharmacy chain were also affected.

Kaseya CEO Fred Voccola said in a statement that the company believes it has identified the source of the vulnerability and will “release that patch as quickly as possible to get our customers back up and running.”

Voccola said fewer than 40 of Kaseya’s customers were known to be affected, but experts said the ransomware could still be affecting hundreds more companies that rely on Kaseya’s clients that provide broader IT services.

John Hammond of the security firm Huntress Labs said he was aware of a number of managed-services providers – companies that host IT infrastructure for multiple customers – being hit by the ransomware, which encrypts networks until the victims pay off attackers.

“It’s reasonable to think this could potentially be impacting thousands of small businesses,” said Hammond, basing his estimate on the service providers reaching out to his company for assistance and comments on Reddit showing how others are responding.

At least some victims appeared to be getting ransoms set at $45,000, considered a small demand but one that could quickly add up when sought from thousands of victims, said Brett Callow, a ransomware expert at the cybersecurity firm Emsisoft.

Callow said it’s not uncommon for sophisticated ransomware gangs to perform an audit after stealing a victim’s financial records to see what they can really pay, but that won’t be possible when there are so many victims to negotiate with.

“They just pitched the demand amount at a level most companies will be willing to pay,” he said.

Voccola said the problem is only affecting its “on-premise” customers, which means organizations running their own data centers. It’s not affecting its cloud-based services running software for customers, though Kaseya also shut down those servers as a precaution, he said.

The company added in a statement Saturday that “customers who experienced ransomware and receive a communication from the attackers should not click on any links — they may be weaponized.”

Gartner analyst Katell Thielemann said it’s clear that Kaseya quickly sprang to action, but it’s less clear whether their affected clients had the same level of preparedness.

“They reacted with an abundance of caution,” she said. “But the reality of this event is it was architected for maximum impact, combining a supply chain attack with a ransomware attack.”

Supply chain attacks are those that typically infiltrate widely used software and spread malware as it updates automatically.

Complicating the response is that it happened at the start of a major holiday weekend in the U.S., when most corporate IT teams aren’t fully staffed.

That could also leave those organizations unable to address other security vulnerabilities, such a dangerous Microsoft bug affecting software for print jobs, said James Shank, of threat intelligence firm Team Cymru.

“Customers of Kaseya are in the worst possible situation,” he said. “They’re racing against time to get the updates out on other critical bugs.”

Shank said “it’s reasonable to think that the timing was planned” by hackers for the holiday.

The U.S. Chamber of Commerce said it was affecting hundreds of businesses and was “another reminder that the U.S. government must take the fight to these foreign cybercriminal syndicates” by investigating, disrupting and prosecuting them.

The federal Cybersecurity and Infrastructure Security Agency said in a statement that it is closely monitoring the situation and working with the FBI to collect more information about its impact.

CISA urged anyone who might be affected to “follow Kaseya’s guidance to shut down VSA servers immediately.” Kaseya runs what’s called a virtual system administrator, or VSA, that’s used to remotely manage and monitor a customer’s network.

The privately held Kaseya is based in Dublin, Ireland, with a U.S. headquarters in Miami.

REvil, the group most experts have tied to the attack, was the same ransomware provider that the FBI linked to an attack on JBS SA, a major global meat processor forced to pay a $11 million ransom, amid the Memorial Day holiday weekend in May.

Active since April 2019, the group provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms.

U.S. officials have said the most potent ransomware gangs are based in Russia and allied states and operate with Kremlin tolerance and sometimes collude with Russian security services.

Alperovitch said he believes the latest attack is financially motivated and not Kremlin-directed.

However, he said it shows that Putin “has not yet moved” on shutting down cybercriminals within Russia after Biden pressed him to do so at their June summit in Switzerland.

Asked about the attack during a trip to Michigan on Saturday, Biden said he had asked the intelligence community for a “deep dive” on what happened. He said he expected to know more by Sunday.

___

AP reporters Frank Bajak in Boston, Eric Tucker in Washington and Josh Boak in Central Lake, Michigan contributed to this report.

Read the original article on Business Insider

REvil ransomware group strikes again with attack on hundreds of companies right before long holiday weekend

Alejandro Mayorkas
Homeland Security secretary Alejandro Mayorkas speaks speaks at a White House press briefing on March 1, 2021.

  • Russian-based REvil launched a ransomware attack on Friday that may have impacted hundreds of companies.
  • The group targeted IT management software provider Kaseya VSA in what’s known as a supply-chain attack.
  • REvil most recently attacked meat supplier JBS and received an $11 million payment from the company.
  • See more stories on Insider’s business page.

Just ahead of the long holiday weekend in the US, Russian-based REvil launched a ransomware attack that could have impacted hundreds of companies.

In what’s being called the “largest and most significant” ransomware attack to date by Emsisoft threat analyst Brett Callow, REvil targeted IT management software provider Kaseya VSA in what’s known as a supply-chain attack.

The attack on Kaseya has appeared to spread to hundreds of its end users, but given the timing of the attack, the full extent of the damage may not be known until next Tuesday as employees return to the office following the long 4th of July weekend.

REvil, which is a Russian-linked criminal ransomware-as-a-service organization, most recently attacked meat supplier JBS, which ultimately paid $11 million to get its processing plants back online.

After learning of the attack on Friday, Kaseya shut down its servers and began warning its customers, according to a company statement.

“While our early indicators suggested that only a very small number of on-premises customers were affected, we took a conservative approach in shutting down the SaaS servers to ensure we protected our more than 36,000 customers to the best of our ability,” the company said, adding that it believes fewer than 40 of its customers were affected.

But many of Kaseya’s customers are service providers that in-turn have hundreds of customers who could have been infected with the ransomware attack.

“This is SolarWinds, but with ransomware. When a single MSP is compromised, it can impact hundreds of end users. And in this case it seems that multiple MSPs have been compromised,” Callow told Wired.

While the US government strongly discourages businesses from paying the ransom demands, many businesses have no choice as the encrypted data is essential to keep operations running. The hackers honor the terms of their ransom, as they want to build credibility that paying the fee will in fact get their data back.

The US Cybersecurity and Infrastructure Security Agency said on Twitter it is “taking action to understand and address the supply-chain ransomware attack” against Kaseya VSA.

Al Saikali, partner at law firm Shook, Hardy & Bacon LLP, told The Wall Street Journal that ransom demands in six Kaseya-related attacks it is consulting on range from $25,000 to $150,000. But for large service providers impacted by the attack, the ransom demands have been as high as $5 million.

Assuming REvil’s ransomware attack has compromised hundreds of companies, now the question is “how many simultaneous negotiations REvil can handle and whether companies that want to pay may face delays,” according to Callow.

Read the original article on Business Insider

A major cruise line says its customers’ private information may have been accessed during a data breach

carnival cruise
Carnival Cruise Line’s Carnival Ecstasy cruise ship in March 2020.

Carnival Corp says its guests’ and employees’ personal data may have been impacted in a data breach first discovered on March 19, a company spokesperson told Insider in an email statement on Friday.

In response to the breach, Carnival “shut down the event,” informed regulators, and called on a cybersecurity company to look into the attack. The investigation later found that information on guests, crew members, and employees with Carnival Corp and several of its brands – Carnival, Holland America, Princess, and “medical operations” – were impacted by the “third party access to limited portions of its information technology systems,” according to the spokesperson.

Personal information like Social Security and passport numbers, addresses, and health data may have been accessed during the breach, the Associated Press reported.

However, “there is evidence indicating a low likelihood of the data being misused,” the spokesperson told Insider. Carnival has since contacted the people who may have been affected by the data breach, and has created a call center to field any questions.

“As part of its ongoing operations, the company is continuing to review security and privacy policies and procedures and has been implementing changes as needed to enhance our information security and privacy program and controls,” the spokesperson said.

Carnival saw two ransomware attacks in August and December of 2020, the company reported in April.

Read the original article on Business Insider

The world’s biggest meat processor has paid an $11 million ransom after a cyberattack

JBS meat plant
A JBS meat packing plant in Colorado.

  • JBS is the world’s largest meat processing company.
  • It said it was hit by a cyberattack on May 31, and that it has now paid $11 million to the hackers.
  • Its CEO said it “was a very difficult decision to make for our company and for me personally.”
  • See more stories on Insider’s business page.

The world’s largest meat processing company said it paid $11 million to hackers after it was the victim of a ransomware attack.

JBS said it was hit by a cyberattack on May 31, and the FBI has accused the REvil hacking group, which is linked to Russia, of being behind it.

The company said on Wednesday that it decided to make the payment “to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated” after talking to external experts.

The attack forced some production to a halt, threatening to shut down up to a fifth of US beef and pork capacity. JBS said that it had no evidence that its data was compromised.

Andre Nogueira, the CEO of JBS USA, said in the Wednesday statement: “This was a very difficult decision to make for our company and for me personally.”

“However, we felt this decision had to be made to prevent any potential risk for our customers.”

Read the original article on Business Insider

US senators urge stricter crypto regulation after a flood of ransomware attacks

IMG_3283
Sen. Mark Warner (D-VA) on January 30, 2020 and Sen. Roy Blunt (R-MO) on February 3, 2020 both in taken in Washington, DC.

Two US senators called for stricter cryptocurrency regulation after a flood of ransomware attacks that plagued the country in the past months.

Democratic Senator Mark Warner of Virginia, chair of the Senate Intelligence Committee, told NBC Meet the Press on Sunday that regulators need to scrutinize the cryptocurrency loopholes that help criminals carry 0ut cyberattacks.

“There was some good things coming out of distributed ledger technology, but we are seeing now some of the dark underbelly,” Warner said. “If a company is paying, if there’s not some transparency of that payment, the bad guys will simply find another way to hide it.”

The senator said while there has been some progress when it comes to bipartisan legislation, the debate about cryptocurrencies and ransomware is “just starting.”

In May, the Colonial Pipeline paid DarkSide Ransomware a $5 million ransom to restore services, Bloomberg reported. The transaction was said to be untraceable.

The following month, JBS, the largest meat supplier in the US, revealed it was hit by a cyberattack that affected some of its systems. Whether there was a payment of ransom or not remains unclear.

Republican Senator Roy Blunt of Missouri, also a member of the Intelligence Committee, said regulators need to demand more transparency when it comes to attacks like these to protect the American financial system.

“Nobody wanted to report that they had been hacked. That was a fight we’ve been having now for almost a decade,” he told NBC Meet the Press. But “the only way you can begin to get on top of this is to know how pervasive the problem is.”

He continued: “We have a lot of cash requirements in our country, but we haven’t figured out in the country or in the world how to trace cryptocurrency.”

“There ought to be more transparency if a company does pay, so we can go after the bad guys,” Warner said. “Right now what’s happening around ransomware, not only are the companies often not reporting that they are attacked, but they’re not reporting the ransomware payments.”

The Biden administration is reportedly looking at how to increase oversight of the cryptocurrency market to protect retail investors, sources told The Washington Post. The administration is also analyzing potential gaps that may be used to finance illicit activities, sources said.

US Treasury secretary Janet Yellen has been critical of cryptocurrencies in the past, calling out their misuse, which she described in February as “a growing problem.”

“I see the promise of these new technologies,” the former Federal Reserve chief said. “But I also see the reality: cryptocurrencies have been used to launder the profits of online drug traffickers; they’ve been a tool to finance terrorism.”

Read the original article on Business Insider

The Biden administration is looking into the role of cryptocurrencies in recent cyberattacks, report says

Fuel holding tanks are seen at Colonial Pipeline's Linden Junction Tank Farm on May 10, 2021 in Woodbridge, New Jersey. Alpharetta, Georgia-based Colonial Pipeline, which has the largest fuel pipeline, was forced to shut down its oil and gas pipeline system on Friday after a ransomware attack that has slowed down the transportation of oil in the eastern U.S. On Sunday, the federal government announced an emergency declaration that extends through June 8th and can be renewed. On Monday, the FBI confirmed that the cyberattack was carried out by DarkSide, a cybercrime gang believed to operate out of Russia.
Alpharetta, Georgia-based Colonial Pipeline was forced to shut down its oil and gas pipeline system last month after a ransomware attack that has slowed down the transportation of oil in the eastern U.S.


The US government is exploring ways to trace cryptocurrency payments made to culprits of ransomware attacks on private businesses and local governments, according to a report from The Wall Street Journal.

Cryptocurrencies like bitcoin have been the favored payment method of hackers that encrypt important files of businesses and hold that data ransom until they are paid. The anonymous nature of bitcoin makes the cryptocurrency ideal payment as hackers work to evade law enforcement.

Recent victims of these attacks include Colonial Pipeline, which paid a $4.4 million ransom payment to regain access to its data, and JBS, the world’s largest meat producer. The hack attacks have put a spotlight on the practice and many consider it a national security risk, as critical infrastructure can be targeted. The Colonial Pipeline attack led to a shortage of fuel in several south eastern states for a couple of days.

In a Wednesday letter to business leaders, Deputy National Security Adviser Anne Neuberger said US officials are working with international partners on developing consistent policies for when to pay ransoms and how to trace them, according to the report.

While the US government strongly discourages businesses from paying the ransom demands, many businesses have no choice as the encrypted data is essential to keep operations running. The hackers honor the terms of their ransom, as they want to build credibility that paying the fee will in fact get their data back.

To get a better handle on who’s making large bitcoin transactions, the Treasury Department has proposed additional rules that would require cryptocurrency transactions above $10,000 to be reported to the IRS, similar to cash transactions over that same threshold.

But ransomware experts are skeptical that bitcoin payment restrictions and tighter regulations will ultimately solve the problem, as the criminals would likely switch to another less-regulated currency that can evade governments, the report said.

Read the original article on Business Insider

More than 1,000 gas stations ran dry, with massive lines, after a cyberattack knocked the crucial fuel pipeline to the East Coast

gas station lines
Big lines at a Costco gas station on May 11, 2021, in Charlotte, North Carolina.

  • Gas stations across the US are running out in the wake of a crippling cyberattack.
  • The Colonial Pipeline that supplies the East Coast has been down since it was hacked last week.
  • Its operators expect to restore service soon. In the meantime, many are panic-buying.
  • See more stories on Insider’s business page.

More than 1,000 gas stations in eastern US states ran out of gasoline after a cyberattack knocked out a crucial US pipeline which supplies much of the region’s gasoline.

Price rises and panic-buying followed the news, which led to widespread shortages as operators struggled to move fuel supplies without the out-of-action Colonial Pipeline.

According to the app GasBuddy, as of late Wednesday the worst-hit states were North Carolina, where 16% of stations were out of gas, Georgia, where 10.4% were empty, and Virginia, where 10.2% had run out.

The figures were an increase on those released only 5 hours previously, with the percentage of gas stations that were empty in North Carolina increasing by 2% in North Carolina and about 1% in Georgia and Virginia respectively.

Citing data from S&P’s Oil Price Information Service, The Associated Press reported that at least 1,000 gas stations had run out of gasoline by Tuesday.

People told CBS News that at some gas stations in South Carolina lines were more than an hour long.

Some motorists recorded long lines snaking out of gas stations.

The crunch in fuel supply was caused by a ransomware attack on Friday that forced the closure of part of the Colonial Pipeline. The 5,500-mile network supplies about 45% of the East Coast’s fuel.

The Biden administration has said the pipeline will be working again in the next few days, and has urged Americans not to stockpile fuel.

“We are asking people not to hoard,” US Energy Secretary Jennifer Granholm told reporters at the White House. “Things will be back to normal soon.”

Colonial in a statement said it hopes to re-open the pipeline by Friday. It has taken a delivery of an extra 2 million barrels in fuel to deploy when the pipeline is opened, reported Reuters.

The shortage has seen prices for unleaded gas rise to an average of $2.99 a gallon, the highest since 2014, The American Automobile Association said.

Read the original article on Business Insider

Ransomware attacks hit ‘under-resourced’ city governments hardest, says cybersecurity expert whose kids’ school was shut down by hackers for 4 days

Colonial Pipeline
Trucks line up at a Colonial Pipeline facility.

  • Friday’s DarkSide attack took down a major oil pipeline that supplies the US East Coast.
  • A cybersecurity expert said such ransomware attacks tend to target municipal governments.
  • The expert’s kids were out of school for four days last year after Baltimore’s school system was hacked.
  • See more stories on Insider’s business page.

The hacking of a major US oil pipeline Friday is the latest in a string of cyberattacks under federal investigation.

The stories read like movie loglines: A reportedly Russia-backed group slowly burrowed its way into US digital infrastructure, gaining access to important government accounts. An unknown cyber-assailant tried to poison a Florida town’s water supply. And now, a group of veteran cybercriminals took down an East Coast oil pipeline and held it ransom.

Ransomware attacks are common and are the cyberattack with the most potential to wreak havoc on everyday life, according to Ben Miller, an executive at the industrial cybersecurity firm Dragos Inc.

Miller had firsthand experience with a ransomeware attack in November, when hackers took over Baltimore’s school system and forced it to shut down for four days.

“My kids didn’t have any snow days this year because they had school from home,” Miller told Insider. “They had ransomware days.”

There are two major types of cyberattacks, according to Miller: attacks like the one on US information technology firm SolarWinds, which US intelligence agencies say Russia was behind, that seek some kind of geopolitical advantage. Then there is smaller-scale ransomware, where – normally private actors that may or may not work with tacit government permission – go after companies and other institutions and then extort them to ease up on the attack.

The DarkSide attack against the Colonial Pipeline was a ransomware attack. The hacking group shut down a major pipeline that runs from Texas to New York, demanding money in order to restore its service in what Miller said was an example of how cyberattacks are increasingly affecting the “real world.”

Some of the most common targets of ransomware are municipal governments that are “under-resourced and under-managed” when it comes to cybersecurity, Miller said. Several other school systems in the US were hit by ransomware attacks in the past year. In April, the Justice Department announced a new task force to address ransomware attacks across the US.

Ransomware gangs also go after hospitals, as in the 2017 Wannacry hack that shut down parts of Britain’s National Health Service.

The hackers typically want to cause as much pain as possible so that they can get paid quickly, Miller said, making critical infrastructure an appealing target.

“When they can have a direct impact on their business – like shutting down a pipeline or impact to some facility – it does ring a chord with the victims and how they respond to that,” Miller said.

Miller said cyberattacks are so commonly directed at US companies because they’re wealthy enough to pay off ransomware attackers. Ransomware hacking groups view themselves as businesses, he said, and target companies and institutions in countries where they’re likely to make money: The United States, Britain, and Germany.

“The industry in the US would be more likely to pay an extortion of a couple of hundred thousand dollars or whatever,” Miller said. “Not to say that they should, or do – but they’re perceived that way, compared to firms in South America or Africa where that would literally, in many cases, put these firms out of business.”

Read the original article on Business Insider