Ransomware revisited

aRoot file mirroring software

Ransomware is not new but continues to cause serious damages.

Almost five years ago, I gave a talk in our techmasters club about the crypto locker, and a few people realized how damaging it was. Fast forward to 2019, and you can even see folks at sixty minutes interviewing hacked CEOs as well as FBI agents. I am glad sixty minutes covered it, and I wish all media “fake” and “non-fake” reserve a few segments every night to educate the masses, small businesses, and the usual CEOs.

In an earlier blog, We wrote about a system administrator who lost his job because of a total data loss. Later I found out that the board hired him back, and fired his non-proactive CEO.
We also covered the Atlanta attacks.
We reported the devastation of emergency services, hospitals, and clinics.
During these times, we received only two threats. Some victims demanded that we remove their names from the list.

Data availability and crippled services

Ransomware disabled a new drove of critical services. Many attacks are targeting local government agencies. See, when you cripple 911 services, you are committing a war crime against innocent civilians. Imagine elders and children who can not get first responders to get to them. Imagine you were in an accident and emergency services cannot dispatch an ambulance to save your life. You will feel like you are in third world country en “etat d’anarchie.”

The rising cost of ransomware

As of today, crypto hijackers made out with an additional hundred million dollars in payments. More hospitals, cities, 911 services, and many county services were crippled. The attackers have found a niche and have been focusing on their target market. They segment their market effectively, selecting victims that must continue to run to provide services to the citizens and to save lives and property. Some are sent to the paper age as 60 minutes called it. Some are shut down first before paying to get the data back. Atlanta spent over $20,000,000 to restore services (and IT staff continues to cleanup). However, the good news is that Savandi and Mansouri, the two Iranian nationals accused of perpetrating the attack on Atlanta, were charged on Dec 5th, 2018. However, where are they?

Ransomware Outsourcing and distribution channels

Attackers have also perfected their methods. Like there are distribution channels in all products, there are now distribution channels in malware. There are middle-men as well. They now have managed services and value-added resellers. Unskilled attackers rent ransomware from the skilled ones and pay them a fraction of the revenues. Reveton ransomware used the same model.

Some attackers rent the core and use it to deliver their payload.
They use their specific versions of tools to get whatever they need and threaten to leak critical data unless they get sent some bitcoins.

Diversity of attackers

Attackers come from all over the world. They can be US citizens or be from “safe havens” in Russia, Iran, China, North Korea. They can be sharecropper individuals or networks of highly skilled people. However, the distribution channel model also helps technically unsavvy people start a crime venture or sharecropper startup.

Government agencies to the rescue

The FBI continues to prosecute the culprits aggressively, yet the stats are alarming and should keep IT managers and executives awake at night. It takes cross-agency and cross-country collaboration to unearth and stop some attackers.
According to the Internet Crime Complaint Center (IC3.Gov), the US saw more than 7.45 billion dollars of financial losses.
Well, drivers also must be worried and drive carefully. Heck! Everyone should be worried as attackers add other softer targets to their target markets.

References and related articles:

Elder Fraud — FBI. https://www.fbi.gov/news/stories/results-of-elder-fraud-sweep-announced-030719



Ransomware revisited was last modified: September 6th, 2019 by aRoot

Share this Post