HJAR Jul/Aug 2021

Criminal Complaint Center (IC3) from the years 2018-2020. You can see a dramatic increase in reported ransomware victims and the reported loss. Keep in mind, this chart does not include estimates of lost business, time, wages, files, equipment or any third- party remediation services acquired by a victim. In some cases, victims do not report any loss amount to the FBI, thereby creating an artificially low ran- somware loss rate. The above numbers only represent what victims report to the FBI via the IC3 and does not account for victim direct reporting to FBI field offices/agents. Editor What are the main cybercrimes you are seeing right now, and what steps can we do to make sure our businesses, patients’ or personal de- vices are protected from these types of crime and exploitation? Cyber Task Force We are most concerned about threats to our nation’s critical infrastructure, which threaten public health and safety as well as our eco- nomic and national security. The recent state of high profile, broadly impactful cyber intrusions like SolarWinds, Hafnium, Pulse Secure and Colonial Pipeline highlight the invest- ments in time, money and talent that our adversaries are making to harm us Dianne Hartley, Editor Cybercrime seems to have exploded with the COVID-19 pandemic. Why, and do you see an end in sight? Cyber Task Force We’ve observed that cyber criminals have used and continue to use the pandemic for commercial gain, deploying a variety of ransomware and other malware. One trend that jumps out is just how quickly cyber criminals moved to take advantage of COVID-19 and the rapid move of our lives online. While many Americans were focused on protecting our families from the pandemic and help- ing others in need, cyber criminals spot- ted an opportunity: to profit from our dependence on technology to go on an internet crime spree. And, we saw nation-states use their cyber workforce to focus on COVID in a different way: to conduct intrusions into US labs, universities and other research institutions to steal U.S. vaccine research. More recently, some of the major intru- sions we’ve battled over the past six months (SolarWinds, HAFNIUM, Pulse Secure) show that we face increasingly sophisticated cyber operations that suc- ceed by undermining trust in the things we rely on, such as software updates from trusted vendors. Below are ransomware incidents that were reported to our FBI internal — both nation-states and cyber criminals. The number and scale of these major incidents is evolving every day, and it is challenging our collective ability to respond. Just speaking for the FBI’s role, our response to an incident like Solar- Winds is measured in months or years, not weeks, and draws on agents, ana- lysts, computer scientists and others across multiple headquarters divisions, field offices across the country, and our agents and professionals stationed with allies around the world. We’re working with our government, private sector and foreign partners to disrupt our adversaries and impose consequences — pulling information in from intelligence and law enforcement sources, developing the threat knowl- edge we need to disrupt and hit back, and then sharing what we’ve learned with the partners best situated to use it. Since February 2020, criminal and Advanced Persistent Threat (APT) cyber actors have been increasingly target- ing U.S. pharmaceutical, medical and biological research facilities to acquire or manipulate sensitive information to include COVID-19 vaccine and treatment research. Both APT groups and cyber criminals are likely to continue to exploit the COVID-19 pandemic over the com- ing weeks and months. Threats observed include: • Ransomware. • Phishing, using the subject of coronavirus or COVID-19 as a lure. • Malware distribution, using coronavirus- or COVID-19-themed lures. • Registration of new domain names containing wording related to coronavirus or COVID-19. • Attacks against newly, and often rapidly, deployed remote access and teleworking infrastructure. Year Reported Ransomware Victims Reported Loss 2018 1,493 $3,621,857 2019 1,934 $8,957,432 2020 2,474 $29,100,000 I was on an elevator the other day with this millennial wearing a “ WILL HACK FOR BEER ” t-shirt. I wasn’t sure if I should laugh, be impressed or scared to death. The truth is, technology has placed us in a cat and mouse game few understand, and it is costing us mice, U.S. citizens and companies, billions of dollars. We thought it time to talk with the FBI Little Rock Cyber Task Force in an effort to learn more about the game as they hunt the cats. HEALTHCARE JOURNAL OF ARKANSAS I  JUL / AUG 2021 9