Ransomware Hacker Skills Now As Good or Better Than Countries, Expert Says

By

Alex J. Rouhandeh serves as a special correspondent for Newsweek and is currently working toward his Master of Arts within the politics concentration at Columbia University's Graduate School of Journalism where he serves as the school's student representative in the University Senate and the Student Leadership Advisory Council of the Columbia Alumni Association.

Previously, he served as Newsweek's congressional correspondent, reporting from Capitol Hill and the campaign trail. Over his tenure with Newsweek, Alex has covered the speakership of Mike Johnson, the ouster of former Speaker Kevin McCarthy, the midterm elections of 2022, the Russo-Ukrainian War, and other key congressional stories of the Biden presidency.

Alex additionally provides coverage of Newsweek ownership and has produced investigative reporting on legal troubles facing the Olivet Assembly, a religious entity to which Newsweek's two owners formerly held ties.

Prior to covering Congress, Alex reported on matters of U.S. national security, holding press credentials for both the U.S. Capitol and the Department of Defense. Before joining Newsweek, Alex wrote for The American Prospect, Vice News, WDIV-TV NBC Local 4 News in Detroit, and other regional outlets.

His entry into the media industry began at Syracuse University where he majored in magazine journalism and produced award-winning coverage of the U.S.-Mexico border. At Syracuse, Alex also completed majors in policy studies as well as citizenship & civic engagement and was recognized as a Remembrance Scholar, one of the university's highest honors.

Alex was selected by the National Press Foundation to serve as a Paul Miller Washington Reporting fellow in 2024. He holds memberships with the National Press Club in Washington, D.C., the Society of Professional Journalists (SPJ), and the Investigative Reporters & Editors (IRE) organization.

Contact Alex with tips and feedback at a.rouhandeh@newsweek.com, and stay updated on his reporting by following him on social media at @AlexRouhandeh.

Writers Page
Special Correspondent
Trust Project Icon Newsweek Is A Trust Project Member

🎙️ Voice is AI-generated. Inconsistencies may occur.

Following the attack on the Colonial Pipeline last month and the data breach at Solar Winds that started late last year, Cybersecurity is gaining more attention nationally.

Industry leaders met Thursday in a panel hosted by CISO Street, an online community and information resource for cybersecurity professionals, on lessons learned from the recent cybersecurity attacks.

Panelists said these attacks signal a new era in online security, one which requires new legislation and a new level of corporate cooperation for an adequate response.

Cybercriminal Attack: Lessons Learned
"Basically now, the hackers are equal in capabilities, in some cases even better, than what used to be only countries," said Jonathan Yaron, Chief Executive Officer at Accellion, a secure file sharing company. Pictured is... CISO Street

"It's a moment of reckoning for our industry," Vasu Jakkal, Corporate Vice President for Microsoft Security, said. "(Solar Winds) was one of the most complex attacks we've seen, and that continues."

Jonathan Yaron, Chief Executive Officer at Accellion, a secure file sharing company, said hacking organizations have become increasingly motivated to discover weak points in different software programs.

Some of them can offer a talented hacker $5 million for a single data hack. Yaron said the information gained from that hack can generate as much as $400 million in ransom from the institutions that were hacked.

"They are as sophisticated as the most sophisticated developers and people," Yaron said. "Basically now, the hackers are equal in capabilities, in some cases even better, than what used to be only countries."

Jakkal said the cybersecurity industry faces a funding shortage, and cannot keep up with the demand for product. With the onset of the pandemic, many companies were forced to further digitize their structure. This led to an onset of new digital mediums and interfaces.

During this time of change, companies became more vulnerable to attacks. In Europe alone, cyberattacks doubled during the pandemic year. As the hacking business has grown in profitability, cybersecurity has fallen behind.

Entrance of Colonial Pipeline
Tanker trucks are parked near the entrance of Colonial Pipeline Company Wednesday, May 12, 2021, in Charlotte, N.C. The operator of the nation’s largest fuel pipeline has confirmed it paid $4.4 million to a gang... Chris Carlson/AP Photo

Despite its capacity to hire a workforce with the skills to combat hackers, the United States also faces obstacles to addressing these crimes through legal channels. The U.S. is the only highly developed country in the world without a comprehensive data protection law.

Cybersecurity laws differ greatly by business sector, and there exists no law of general application except for restrictions on "unfair" trade practices. When it comes to transparency around data breaches, this lack of legal infrastructure creates issues.

Lisa Sotto, chair of global privacy & cybersecurity practice at the law firm Hunton Andrews Kurth LLP, said companies view breaches as a source of embarrassment, and may stay quiet about the attack. She said a breach of security can carry the implication that a company did not take appropriate measures regarding its security. This can lead to short term dips in stock value and harm reputation.

Sotto stressed that no company or industry is immune to a cyber-attack. She said that regardless of the sophistication of the protection system, any company can become a victim. Reporting a breach allows for quicker action to be taken and helps protect other companies. While stock price may temporarily dip, history shows the dip to be a short-term phenomenon, and any harm to the company image is typically temporary.

She called for industries to cooperate to fight ransomware attacks.

"This is a team sport, and the way you fight asymmetric battles is by coming together as a village, as a team," Jakkal said. "The shaming, and the 'it's so hard for companies to disclose,' I think that's a cultural thing, so we have to change that."

Live, cyber, attack, map, US, military, training
The 175th Cyberspace Operations Group of the Maryland Air National Guard monitors live cyber attacks on the operations floor of the 27th Cyberspace Squadron, known as the Hunter's Den, at Warfield Air National Guard Base,... J.M. Eddins Jr./AIRMAN MAGAZINE/U.S. AIR FORCE

Instead of shaming companies that suffered an attack, Jakkal said they should be celebrated for coming forward. She noted the sophistication of attackers allows any entity to become a target. Responding with speed diminishes the impact of the breach.

Sotto said companies often fear law enforcement looking into their systems, forcing them to share information, and involving the Federal Trade Commission. When it comes to investigating breaches, she said in her experience law enforcement does not tap into systems, and encourages the shielding of customer information.

And while a formal barrier does not exist between law enforcement and regulators, communication between the two generally remains limited.

"We've come a very very long way from the early and mid 2000s when we just didn't really have the governmental infrastructure," Sotto said. "But now, it's really developed, and it seems to me that until very recently we were fighting yesterday's battle. We really need to think about tomorrow's battle and how we can stay one step ahead of bad actors."

Request Reprint & Licensing Submit Correction View Editorial & AI Guidelines

Top stories

About the writer

Alex J. Rouhandeh serves as a special correspondent for Newsweek and is currently working toward his Master of Arts within the politics concentration at Columbia University's Graduate School of Journalism where he serves as the school's student representative in the University Senate and the Student Leadership Advisory Council of the Columbia Alumni Association.

Previously, he served as Newsweek's congressional correspondent, reporting from Capitol Hill and the campaign trail. Over his tenure with Newsweek, Alex has covered the speakership of Mike Johnson, the ouster of former Speaker Kevin McCarthy, the midterm elections of 2022, the Russo-Ukrainian War, and other key congressional stories of the Biden presidency.

Alex additionally provides coverage of Newsweek ownership and has produced investigative reporting on legal troubles facing the Olivet Assembly, a religious entity to which Newsweek's two owners formerly held ties.

Prior to covering Congress, Alex reported on matters of U.S. national security, holding press credentials for both the U.S. Capitol and the Department of Defense. Before joining Newsweek, Alex wrote for The American Prospect, Vice News, WDIV-TV NBC Local 4 News in Detroit, and other regional outlets.

His entry into the media industry began at Syracuse University where he majored in magazine journalism and produced award-winning coverage of the U.S.-Mexico border. At Syracuse, Alex also completed majors in policy studies as well as citizenship & civic engagement and was recognized as a Remembrance Scholar, one of the university's highest honors.

Alex was selected by the National Press Foundation to serve as a Paul Miller Washington Reporting fellow in 2024. He holds memberships with the National Press Club in Washington, D.C., the Society of Professional Journalists (SPJ), and the Investigative Reporters & Editors (IRE) organization.

Contact Alex with tips and feedback at a.rouhandeh@newsweek.com, and stay updated on his reporting by following him on social media at @AlexRouhandeh.

Writers Page

Alex J. Rouhandeh serves as a special correspondent for Newsweek and is currently working toward his Master of Arts within ... Read more