Growing ransomware attacks
WHILE one part of the world remains immersed in territorial warfare — Russian tanks versus Ukrainian missiles — another attacker, which is not so much in the news, has been gaining strength over the years. As businesses increasingly operate digitally, computer hackers now wield weapons that have the potential to shut down billion-dollar enterprises, eradicating revenue and collecting the data of millions of unsuspecting people who have few means of protecting themselves.
The past couple of weeks have seen some major ransomware attacks, in which the hackers threaten to take down digital systems or misuse data unless they are paid huge sums of money. A few days ago, various news sources reported that a new ransomware group called ransomed.vc had allegedly hacked Sony.
The hackers announced they had successfully breached Sony’s systems, and that because Sony had not agreed to pay them, they were putting up its data for sale. While Sony itself did not confirm the news, the malware group says it has accessed around 6,000 of Sony’s files. It must be noted that corporations often keep information about ransomware attacks away from the public because they do not want to eviscerate consumer confidence in the security of their data.
A ransomware attack also targeted the hotel and casino chain MGM Resorts this month, when hackers proceeded to lock down MGM’s systems. This means that everyone from guests checking in digitally to those using compromised ATM kiosks found MGM’s services severely disrupted. Wifi networks and entertainment systems were also brought down.
The MGM attack followed the targeting of the chain’s rival Vegas super player Caesars’ casinos, where digital systems were also hacked. Just as in MGM’s case, operations at the casino were halted, causing millions of dollars in losses. Once again, the data of Caesars’ clients, who were using credit card and bank accounts, was stolen.
With hackers able to access the digital records of even big companies, it has become difficult to ensure the safety of personal data.
The availability of all this data in an era when so many people have electronic bank accounts and their money is basically numbers on a screen is a huge problem.
While at this time only these mastermind hackers can attack the systems of enormous companies, the data they sell can enable lesser actors to hack individual accounts and hold those who own them hostage to ransom. If such individuals do not pay, they are not able to regain access to these accounts. Lesser actors use the same means to gain access to social media accounts of celebrities and other influencers. Once again, if these individuals do not pay, they lose access to their followers, and thus to income streams they may be getting from their social media accounts.
All of this underscores the fact that, in the world of the future, it is data that is going to be the most valuable asset. Pakistani consumers who are benefiting from online retail and are entering their data into the systems of companies they do not know well are taking a big risk.
Small and unknown companies do not invest much in the security of their systems, making them vulnerable to being breached by ransomware and hackers. Even downloading unknown applications and games is risky because they can contain spyware that similarly provides all the data on your phone to hackers.
However, as the alleged Sony hack, and those so many others before it, proves, even the most well-known companies are at risk from bad actors. Unfortunately, many of these companies themselves may not think so.
An organisation called SpyCloud recently released a report that indicated how security industry leaders are assessing the risk posed by ransomware. Ironically, despite most American, British and Canadian organisations admitting to the need for better protection against the risk, 79 per cent also felt very confident about their ability to withstand a ransomware attack. The confidence seems bizarre given that most of these organisations reported having suffered some version of a cyberattack.
In Western countries, this disparity in risk assessment and actual action is becoming the subject of lawsuits. In the aftermath of the attacks on the resorts and casinos, the consumers affected by the data breach at Caesars and MGM are pursuing representative lawsuits against the companies for improperly protecting their data and losing it to hackers.
A representative, or class action, lawsuit combines all the lawsuits of individuals who have been affected into one case, which often results in one large sum paid out by the defendants.
In addition to lawsuits, it is likely that new consumer protection laws will also be used to protect clients.
The ease and convenience of online shopping means that Pakistani vendors can increasingly make their goods available to overseas consumers who wish to buy them.
Digital platforms now provide a huge opportunity for online retailers, particularly those that focus on fashion, jewellery, handicrafts, sports equipment, and even spices. However, this requires that retailers successfully reassure overseas consumers that their credit card data is secure and not available to hackers.
If this hurdle can be overcome, Pakistan’s online economy can flourish domestically as well as internationally. The huge diaspora communities of overseas Pakistanis present readymade markets that can help retailers ride through the current economic crisis.
How Sony recuperates after this massive malware attack remains to be seen. Either there will be some secret arrangement and the ransomed.vc hackers will surrender the systems for money, or Sony’s own engineers and security specialists will be able to recover the compromised systems. Whatever it may be, this particular arena of security and warfare is likely to be one that endures for generations.
No matter who you are or where you may be, pay attention and be careful next time information of CNIC numbers, bank accounts, credit card numbers, etc, is entered or ATMs are accessed. Not everything that seems safe is secure against hackers.
The writer is an attorney teaching constitutional law and political philosophy.
Published in Dawn, September 27th, 2023