Think you know Ransomware!
Today, with the stroke of a pen, our laws would catch up with our future. We would help to create an open rocket place where competition and innovation can move as quickly as light. Internet window availability and connectivity can be anywhere.
Most enterprise network before the advent of connectivity used the internet. They were networks in a box. Inside your network, you trust everything. Outside it, you can convert it. Security was not contemplated in the underlying connectivity at all.
The internet itself, robust as it was designed to be is actually a fragile system. On Aug. 17, 1976, The Department of Justice website was the first website to be hacked and the website was immediately taken offline. The hacking was obviously going to accelerate. Two weeks later, the Central Intelligence Agency(CIA) website was hacked.
Back in the day, you had to be a sophisticated cyber attacker but it isn’t the case any longer. We can easily go on YouTube and watch a video on tools cyber attackers use.
Why build Aircraft carriers and physical system when a group of highly skilled cyber attackers can gain access to the “OFF” switch.
Hacking is hard but Ransomware is easy because people are bad at keeping their online access secure. Ransomware is a new type of war.
How do you Track Ransomware Actors?
Sometimes, the only way to find ransom ware attackers is to follow the money. Most of the Ransomware actors try to move the money across the block chain. Then you can see who they do business with, who calls them (vice versa), who transfers money to them and likewise. You literally have to follow the money.
Ransomware is an attack against your rationality and emotions. It embarrasses you and makes you look dumb. It is a new type of warfare. If you look at the targets, they are mainly citizens, finance, culture and a nations way of life. There is a problem in the US because they believe they are to win the war of the 20th Century. Unfortunately, the Russians have figured it out.
Evolution of Ransomware
The evolution of cybercrime began in 1995. The Central Banking Community of the world and major financial system of the world moved to electronic finance. There was no longer delay in payment. This was when money became digital. This was compounded by a functional reality that a lot of computer scientist that used to be employed by the Soviet Block was unemployed as a result of the Soviet Union Collapse. They harnessed their own skill set to bypass the encryption and solution provide by the banks to begin the largest theft in history of the world “CYBER CRIME”.
Ransomware is a little different. What is valuable in today’s economy is data. From our transactions and personal records, it provides an opportunity for illicit actors to lock most of the things up, hold valuable information and extort it for payment.
All cybercrime at its core is all about unauthorised access. But in terms of using the access to prevent the organisation from been able to function and to hold as hostage. This has been a recent phenomenon.
The ransom request is literally a price offer. It makes you feel defenceless and from a rational perspective, you have to make it. In Ransomware, they want to look bigger and more established. It’s really hard to fight back when there is a group of people.
Why do they go after you?
When you appear to be a highly well regarded trusted organisation, that causes an attraction. You would receive a message on your computer, everything is been encrypted and there is a little word “YOU HAVE BEEN HACKED BY XYZ”. You are been told what it would cost to get your data back and explain the services you would be providing. You are been informed to direct all your questions to them.
You are also been targeted when they notice you have a new customer that is a government agency (State, Local or Federal). They would target you because you have a partnership with a big agency. As an individual, it’s about who you know. You are your data. They take your digital information and are able to do it for a lot of money. With the advent of cryptocurrency, it offers unique opportunities to the cyber actors to transfer value within themselves and across border with speed which was not previously possible.
How do they Operate?
Traditionally, there are 3 people involved by trying to code the entire Ransomware to prepare the entire backend infrastructure(Setting up servers, configuring things, exploiting victims and general attack). They feel like a Boss in running a business just like any other legal business but they are cyber thief’s. Ransomware is a complex operation in which one person cannot operate alone.
Illustration of how Ransomware works:
As a novice bad guy and I don’t want to build a whole Ransomware infrastructure on my own, I choose one of the Ransomware groups on the dark web to sign up as a service. I make a deposit, my executable task is explained which would be successful. They are in charge of the negotiation, accept the Bitcoin and I am given my own percentage. My only focus is on finding victims and encrypting as many as possible. It’s a crime as a service.
People involved in Ransomware Attack
Ransomware Developer: A Ransomware developer is a person or group of persons that creates the virus/tools which when it reaches your computer, it encrypt every file.
The Negotiator: The negotiator fondly called the “victim”. He handles the negotiation.
Initial Access Broker: The Broker grants the access to the organisation and in turn sells the data to the Ransomware attackers.
Money Launderer: This individual does the exchanges for you to help you get the money to legitimately spend it.
Affiliates: These individuals are involved in carrying out the attack with spamming, phishing and exploitation.
The war between great nations has changed because of technology and cyber technology. There is a close connection. Nations at war take advantage of using cyber criminals as proxies as a useful tool. They lean heavily on the cybercrime cartels that exist within the sovereign boundaries. They use them as national assets as long they abide by these 3 rules:
You do not attack anything on the sovereign territory that is protecting you.
When you have information that can be useful to the intelligence service, you share it.
When called upon to be a patriotic, you are challenged specifically to attack specific targets.
These rules make major cybercrime cartels many of which are behind the Ransomware attacks against the US citizens and government on a daily basis. That is how they attain untouchable status.
At crossroads, do we say it is a crime or there is an abroad national security at stake?. There’s a Ransomware attack every 11 seconds. The immediate cost of the Ransomware is estimated at $20 billion over 2021.
The point is to shift the balance of power. To change the economics of power that it becomes more attractive to a cyber-attacker to use their skills for good than bad.
When we make a cost of what it is cyber attackers are trying to do so great that they realise they have a better time getting a job as a developer for a legitimate company rather than been a cyber-attacker.
With civil war, revolution and society’s going through the same loophole of corruption, they would try to use cybercrime as a competitive advantage in life and there are only two types of people in cybercrime; those who are paranoid and those who are dead.
As long as we have systems that can run code, we would have bad people attacking and exploiting those systems and they would come up with more creative and inventive way of succeeding in their job.