Why Is Ransomware Now A National Security Risk?

Every year, large economies like the United States are hit by tens of thousands of ransomware attacks that impact business operations, disrupt financial activity, and sometimes even cause critical parts of the infrastructure to go out of service.

Ransomware is a kind of malware that involves the encryption of files in breached networks/computers, making all data and apps inaccessible. The attackers then demand a ransom payment in exchange for a decryptor program. Data restoration takes time, even if backups are available, so the disruption is bound to be lengthy and financially harmful.

The Colonial Pipeline attack in May 2021 is a prominent example of a nationwide disruption, forcing the company to halt all pipeline operations, resulting in 17 states and Washington, D.C., entering a regional emergency status to keep fuel lines open. During the days that followed, airlines in the U.S. had to reschedule flights due to fuel shortages.

Even the threat actors who performed the attack, DarkSide, seemed to regret causing so much disruption. They released a statement explaining that “our goal is to make money and not create problems for society.”
This is just one example of the many that have caused significant outages that had a national-level impact, including hospitals, public services of counties, states, municipalities, legal institutions, energy and utility service providers, and more.

These ransomware attacks didn’t just cause the targeted systems to become unreachable but also constituted data breaches. Ransomware gangs engage in double-extortion tactics that involve the exfiltration of data from breached systems. The hackers then use this data to extort the victims, threatening to leak it publicly. When attacks on critical government agencies happen, the stolen files may contain secrets important to national security.

In summary, ransomware attacks are a national security risk because they can cause large-scale damage to the economy, disrupt services essential for national security and public safety, and steal national secrets.
The 2021 attacks forced the United States to classify ransomware attacks as national security threats, approving the funding of emergency measures to help tackle the problem and mitigate their effects when they happen.

The country also formed a “Ransomware Task Force” that released a report detailing the problem’s complexity and recommended 48 actions for the government to take to address it. Some of these recommendations involve treating ransomware as a national security issue and using the country’s intelligence resources and law enforcement agencies to combat it.

The RTF report also recommended increasing the ability to seize assets, enforcing financial criminal laws, and developing policies to combat organized hacking to combat ransomware attacks effectively. Coordination among local, state, and federal law enforcement agencies is necessary to bring ransomware attackers to justice. The report suggests that arrest and asset seizure threats may deter potential ransomware attackers from targeting national treasures and infrastructure.