Ransomware Comes To the Heartland

Imagine the following scenario circa 1962.  From an aircraft carrier in international waters in the Gulf Coast near Houston, the USSR flies a team of helicopters that land in a parking lot outside a urology clinic in Baytown, Texas, on the Gulf Coast.  Soldiers with AK-47s surround the clinic and hold everyone in it hostage until all the files inside are loaded onto a helicopter.  Then the leader of the team informs the head of the clinic that they're holding the files for $5000 ransom.

Sounds pretty ridiculous, doesn't it?  For one thing, a Soviet aircraft carrier wouldn't have been allowed to get into the Gulf of Mexico during the Cold War.  And even if it had, U. S. Air Force planes would have shot down anything flying toward the Texas coastline.  And to mount an invasion force of that magnitude only to hold some clinic's files hostage would be like killing a flea with a nuclear weapon. 

But fast-forward to 2017, and the moral equivalent of that crazy scenario not only could happen—it did happen.  First, some background.

From 2007 to 2015, my father-in-law lived with us until he passed away, and one of the medical services he needed was provided by a coalition of formerly independent urologists called Urology Austin.  It is a medium-size group of about 20 physicians and associated service people, but is strictly a local concern, not affiliated with a national chain.  As I learned when I opened an envelope from them last week, on Jan. 22 of this year, the organization was the victim of a ransomware attack.

Ransomware secretly infects a victim's computer system by various means.  When it's triggered by the attacker, it encrypts the victim's data and demands payment for un-encrypting it.  We are as reliant on computer systems now as we are on electric light and communications systems, and in many cases, saying good-by to one's data is effectively saying good-by to one's business.  So unless victims have a robust and constantly updated physical backup system, they usually have no choice but to pay the ransom, which can be in the five- to six-figure range.  And even then, according to one report by Forbes, fewer than half of the victims actually get all of their data back.  Add to all this hassle the fact that in the case of medical records, a lot of confidential patient information has been compromised, and you have a small businesman's nightmare. 

The Forbes article says that in 2016 the number of ransomware attacks exploded, going from 3.8 million in 2015 to 638 million in 2016.  It's not clear whether that number counts only attempts, or successful attacks in which money was paid, but in either case, ransomware is posing a significant hazard not only to large corporations, but to small- and medium-size firms that can't afford huge staffs of IT people constantly on the alert for the latest type of ransomware attack.  Which is one reason the attackers go for them, of course. 

Historically, a dicey part of any ransom or shakedown crime in which the attacker wishes to remain anonymous is the payoff mechanism.  But cybercriminals have the convenience of bitcoin to thank for making that part easier too.  Bitcoin is a "blockchain" system that apparently furnishes virtually untraceable means of transferring large amounts of money.  While there are legitimate reasons for such a system, bitcoin seems to be implicated in a wider and wider range of dubious and illegal transactions, ranging from drug deals to ransom payoffs.

The radically international nature of the Internet is showing signs of making the historical idea of the sovereignty of a nation-state within its borders ineffectual, if not obsolete.  Back when the only means of communication were tangible objects such as letters, keeping a nation's borders secure meant that anyone wishing to steal or pillage inside that nation first had to invade the country, with all the paraphernalia of war that invasion involves.  Invasion was a big deal, and so not that many countries tried to invade other countries, and when they did, they had to pay the price of casualties and deaths.

But now, something close to the same effect of theft and pillage accompanying an invasion can be visited on a humble little urology clinic minding its own business in Central Texas, from an unknown invader who is probably halfway around the world.  As war has shown through history, human institutions always lag behind technological developments—sometimes catching up pretty fast, but sometimes falling behind for years or even decades. 

In a time when government is seen to be the problem as least as much as it is seen to be a solution, I hesitate to call on governments to attempt anything more than what they're doing already.  But just as the entire power of the military would have been called on to defend our shores against the imaginary USSR invasion of 1962 whose target was Baytown, because one urology clinic can't be expected to protect itself against a foreign power, it seems to me that when threats from outside the country start to cause significant losses to private interests that can't defend themselves adequately, it is one traditional role of government to intervene in order to protect those who can't protect themselves.

I leave the form this governmental protection would take up to those who know better about how to organize such things efficiently.  In general, the U. S. military seems to have preserved its integrity with regard to getting specific jobs done, better than most other parts of the federal government.  But there is a strong and well-justified tradition of limiting military action inside the borders of the United States—the danger being that if this limit wasn't in place, we would be in danger of becoming a police state.  Nevertheless, as the nature of foreign invasions changes, traditions may have to change too. 

I hope Urology Austin recovered from its ransomware attack without too much loss of cash, data, or goodwill.  But I also hope that those who are in a position to do something about it will start to reorganize our military efforts to acknowledge the fact that attacks from foreign powers no longer come only in the form of soldiers, ships, planes, and missiles, but also as weaponized bits.

Sources:  Besides the letters mailed to our address from Urology Austin, I referred to the Wikipedia article on ransomware and the article "2016 Saw An Insane Rise In The Number Of Ransomware Attacks" that appeared on the Forbes website on Feb. 7, 2017 at https://www.forbes.com/sites/leemathews/2017/02/07/2016-saw-an-insane-rise-in-the-number-of-ransomware-attacks/#5f4256c558dc.