‘This is a war, this is a war’: Experts want to defeat the ransom attackers

Cybersecurity experts like to joke that hackers who have turned ransom attacks into a multi-billion dollar industry are often more professional than their biggest victims.

Ransom attacks – when cyber-attackers lock their target computer systems or data until a ransom is paid – return to the spotlight this week after an attack on the largest petroleum pipeline in the United States. Toshiba is a European business And the Irish Health Service

While governments have promised to tackle the problem, experts say criminal gangs have become more enterprising and are holding their upper hand. For businesses, they said, more suffering would come.

Myrna Soto, Chief Strategy and Trust Officer at ForcePoint, said: “This is probably the biggest push for protection because companies have to decide how much they want to play in this cat and mouse game.” “Honestly, it’s a war, a war.”

According to, last year, the number of ransom attacks increased by more than 60 percent to 305 million Data from Sonicwall, Hackers took advantage of the change to work from home and as a result the vulnerabilities were exposed. More than a quarter of victims pay to unlock their systems, according to Crowdrike’s cybersecurity researchers.

The market was dominated by about two dozen gangs and business was booming. They have achieved at least মুক্তি 18 billion in ransom In 2020, according to cybersecurity group MCSoft, the average payment is about $ 150,000. Once indiscriminate in their attacks, many now spend on “big game hunting” to achieve the biggest goal of demanding huge sums of money.

Criminals of low-tech conscience have also joined in after the rise of ransomware-a-service or rass, where groups rent out viruses on the dark web for “approved” shots and take some of their earnings.

“There are very few barriers to entry right now,” said Rick Holland, chief information security officer at Cybersecurity Group Digital Shadow.

Colonial Pipeline Hack, a Russian-based gang called DarkSite, Has run such an approved programAccording to the cyber security group Fire, this means that another group may have taken part in the colonial attack.

Joshua Motta, co-founder and chief executive of the Cyber ​​Insurance Group Coalition, said: “Now a division of labor and criminals is cooperating internationally.”

Private and public sector bar charts only ** Estimates showing world class ransomware costs (6m)

Follow the meaning

Cyber ​​experts and governments continue to debate the most effective way to defeat cyber cartels. One of the saddest questions is whether governments should be prohibited from paying full ransom to victims.

“This is something the government should take seriously,” said Brett Collo, an analyst at MCSoft. “Make the ransom attack unprofitable and the attacks will stop.”

Opponents, however, warn that the temporary cost of preventing hackers due to the low cost and low risk of carrying out these attacks will have an effect, and could push these groups to more vulnerable targets such as hospitals.

The FBI advised against paying the ransom, but in the case of the colony, the White House acknowledged that the agencies were in a difficult position.

Last month, a public-private task force of major technology groups, including Microsoft and Amazon, with U.S. officials proposed making it mandatory for companies to review alternatives before Payment of ransom, And then report to the government agency if a ransom is paid.

Many victims are reluctant to disclose whether they have been attacked or paid for fear of reputational damage or legal and regulatory retaliation. But Jane Ellis, vice president of community and public relations for the cyber group Rapid Community and a board member, said: “It can be done in person, there are ways to do it so you ignore it. Reporting it, however, gives us greater power to investigate payments [and] Track them. “

This has been linked to other demands made by the Task Force and others: greater government oversight of cryptocurrency exchanges, which they believe must be “the same as a perpetual financial service” to “know your customer” and comply with money-laundering laws.

How investigators will find clues

Meanwhile, the U.S. government has stepped up its efforts to search and prosecute ransom thugs on its own, with the Justice Department launching its own dedicated ransom unit last month. According to a memo from Acting Deputy Attorney-General John Carlin, shown in the Financial Times, one of its goals is to “disrupt and dismantle the criminal ecosystem.”

According to Tom Kellerman, head of cyber security strategy at the U.S. Secret Service’s VMware and Cyber ​​Investigation Advisory Board, this could typically delete servers and other hosting services that facilitate cyber cartel ventures.

Kellerman suggested that Internet service providers could play a role in eradicating dark web forums involving certain gangs. “Why don’t they cinhole it, just snag the internet completely?”

According to Alan Lisker of Record Future’s Computer Security Event Response Team, it is often the case that criminal collaborators are so drowsy that investigators will be able to take such action because they are tracked as the ultimate ransomware operator.

Meanwhile, there are indications that targeting hackers’ infrastructure helps prevent further catastrophic disasters in the case of colonial shutdowns. On Saturday, a group of technology and cyber agencies, as well as U.S. agencies such as the FBI, thwarted attackers by shutting down U.S.-based servers that hackers were using to store information before sending them to Russia, according to two people familiar with the situation. The disruption was first reported by Bloomberg.

There have been very few attempts to prosecute these parties, many of whom are working on impunity from Russia that is unlikely to extradite them. Last month, the U.S. Treasury even indicted a Russian intelligence service, the FSB “Cultivation and Cooperation” ransomware group Evil Corp.

In return, criminals generally avoid targeting Russian organizations and may be urged to share their access to their damaged systems. “I joked that the safest way to protect yourself from ransomware is to convert all your keyboards using the Russian Cyrillic format,” Liska said.

The bar chart shows the top breach, the top breach by million (2020)

Use of prohibitions

Dmitry Alperovich, co-founder of the security group Crowd Strike, who now runs the Silvarado Policy Accelerator think-tank, Said on Twitter: “We don’t have any rainwear problems. We have a problem with Russia. That’s it. “

The Public-Private Rainsware Task Force has recommended greater international coordination and “pressure” on countries that refuse to cooperate – for example, through sanctions or through aid or visa assistance.

To date, the United States has imposed sanctions on certain groups, such as the Evil Corps, as a deterrent to ransom seekers. In October, the U.S. Treasury A warning was issued Any group that can help facilitate the payment of ransom – cyber security, negotiators and insurance companies – does not violate the sanctions and has issued similar warnings to financial institutions such as crypto exchanges.

Not everyone heeded these warnings. According to Information from channelisis, Which analyzes blockchain transactions, found that in 2020 it violated the ban on about 15 percent of tracked ransom payments – or close to মোট 0 million in total – because they appeared to be sent to blacklisted groups or those affiliated with such groups.

With a few options for trial, an expert familiar with the government’s approach said he hoped the authorities would wait aggressively after the perpetrators of the hack in the colony. “It’s 10 or 15 young men and women who party a lot and want a lot of money. You don’t go after them in Russia, you go after them when you go on holiday in Greece. “

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *