According to former senior NSA official Glenn Gerstell: “There clearly is a dividing line between cyber hacks for intelligence gathering purposes, and these ransomware attacks that are designed principally for financial benefit.”
On one side of that line is the SolarWinds attack uncovered last December. The U.S. government says this was primarily an intelligence gathering operation carried out by Russia’s foreign intelligence service, the SVR, which was quietly stealing U.S. government secrets for months.
On the other side is ransomware, which is surging. Russian criminal gangs are blamed for both the Colonial Pipeline attack that hit gasoline supplies on the East Coast of the U.S. in May and an even more recent hack that briefly shut down the world’s largest meat supplier, JBS.
Supply chain attacks amount to a loss of state secrets.
The attack on SolarWinds is what’s known as a supply chain attack. That means the attack affects not only the company in question, but also the customers of that company, all the way down the entire chain. In the case of SolarWinds, this included US. agencies. Parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration and the Treasury, were all attacked as a result. So too were private companies, like Microsoft, Cisco, Intel and Deloitte, and other organizations like the California Department of State Hospitals, and Kent State University.
If you’re operating a business of any size that’s hoping to land a government contract, what you do and what steps you take to follow proper compliance procedure affects everyone down the line. That’s what makes cybersecurity frameworks like CMMC so incredibly important.
Ransomware attacks amount to a loss of state industry.
Ransomware is one of the most prolific forms of cyber-attack. It typically involves hackers gaining access to a computer network and either encrypting files or locking users out of their systems until a ransom is paid. In recent years, the use of ransomware for extortion has become a national security issue of serious concern. Just days after the attack on Colonial Pipeline, yet another group of cyber-criminals infected the Irish national health system with ransomware.
It’s important to note that paying a ransom does not guarantee a company will regain access to their systems or prevent a leak. In fact, paying off ransomware has proven to embolden criminals and encourages them to resume attacking the same victims again and again. By paying the ransom, you’re showing criminals that what they’re doing is profitable and leaving yourself — and others — open to future attacks.
These dual threats require different responses, but both have one essential requirement in common: vigilance. It’s hard to remain vigilant while simultaneously focusing on running your enterprise. And that’s exactly where V2 Systems comes in. Let us help you. Reach out today.
Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!