How you could be the ‘weak link’ in a ransomware attack

PHOENIX (3TV/CBS 5) -- The White House is warning of an increased threat of cyberattacks, following a series of high-profile ransomware attacks that targeted the country’s largest meat processor, a critical gas pipeline, an East Coast ferry service and the New York City subway system.

“This is a cyber war. This is a digital war,” said cybersecurity expert Adam Levin. “We’re really now talking about a national security issue.”

According to meat processing company JBS, all of its U.S. plants, including the facility in Tolleson, Arizona, are on track to be back online Thursday, operating at close to capacity. The company also said there’s no evidence that personal information for employees or customers was compromised, in the cyberattack that was discovered on Sunday, but it is not clear if JBS paid any ransom to get back up and running.

Last month, Colonial Pipeline did. The company handed over almost $5 million to the attackers that fueled a fuel shortage up and down the East Coast. They’re not alone. A recent report by the Ransomware Task Force shows an estimated $350 million in ransom was paid out to hackers in 2020. It’s an increase of 311% compared to the previous year, and the average payment was more than $312,000.

“[Hackers] could freeze your access to your systems. They could freeze your data. They could delete your data,” Levin said. “Ransomware has become a multitrillion dollar business and it’s not going to be stopping soon.”

Levin says hackers are always looking for the weakest link as an entrance into an organization, so the fight against ransomware has to start from the ground up with a focus on privacy.

“So many people say, ‘Nobody’s really interested in me. I’m a regular person,’ but you could be somebody that’s working for a company that is working for many companies and so the way into many companies is through a mistake that you may make,” Levin told 3 On Your Side. “It is the littlest thing that we could or could not do that could impact something that could be negative for our company, our country , our community, we don’t know. But what we do know is we’ve got to get better at it and people have to pay more attention. This is something the government has to do, businesses have to do , and consumers have to do because we all have a shared responsibility.”

To protect against ransomware, Levin says it is important to get back to basics. Don’t click links from senders you don’t recognize, use password managers and two factor authentication.

Colonial Pipeline and JBS are recovering relatively quickly compared to many organizations. According to Coveware, the average down time for a business that is targeted by ransomware is 21 days. Another study shows it takes a business 287 days to fully recover from at attack.

In a statement, the FBI said “A cyberattack on one is an attack on us all. We encourage any entity that is the victim of a cyberattack to immediately notify the BFI through one of our 56 field offices.”