Tuesday, May 25, 2021

"Money-go-round: The booming cottage industry behind ransomware"

From Politico.eu, May 18:

Too many people stand to make too much money from ransomware attacks. That has to change, warn EU lawmakers.

A U.S. pipeline blocked. Irish hospitals brought to a standstill. A French insurer's operations hacked. A Toshiba business unit hit. In the span of two weeks, four high-profile incidents have alerted the world to the growing danger of ransomware attacks.

But as policymakers try to respond, they're finding out that the problem is larger than cybercriminals extorting corporations and governments to regain access to their own data.

It extends to a booming cottage industry linked to such attacks involving everyone from cyber insurers to security consultants and programmers in which many people stand to make money, and few have an interest in making the attacks go away.

"At the moment it's very easy to pay organized crime. Is that really right? Should we not have a serious policy review about it?" said Ciaran Martin, former head of the U.K.'s cybersecurity agency who now teaches at Oxford University.

The realization that the incentives of industry players may be skewed comes as ransomware has emerged as the foremost cybersecurity threat facing businesses and public services.

For most victims, an attack begins when their computer is taken over by a worm-like virus. It then spreads across local networks, encrypts data, locks screens and demands a ransom, often in cryptocurrencies like Bitcoin, in exchange for giving back control.

In hospitals, this means doctors not being able to access patient records and having to work with pen and paper. In companies, it's losing access to operational data and critical trade records.

Part of the reason such attacks have become more widespread is the greater sophistication of tools used to carry them out.

The ransomware used to attack U.S. pipeline operator Colonial, called DarkSide, is in fact an entire platform which offers "ransomware-as-a-service" — complete with features like a built-in call functionality to increase pressure on victims.

Other ransomware threatens to leak victims' data if they don't pay, or encrypts it twice to double the profit. Some were engineered by state-linked groups in Russia and North Korea using exploits allegedly developed by U.S. intelligence services.

So far, authorities have a simple but clear message to fight the problem: Don't pay the hackers.

"Our position is clear: Don't pay," said Philipp Amann, head of strategy at Europe's law enforcement agency Europol. "You're dealing with criminals. If you pay once you're very likely to become a victim again."....

....MUCH MORE

Recently: 

"DarkSide Ransomware has Netted Over $90 million in Bitcoin" (Colonial Pipeline et al.) 

As seen in a slightly different context just a couple weeks ago:
....Or, as a somewhat out-of-favor writer put it, regarding the Viking raids on England:
....It is always a temptation for a rich and lazy nation,
To puff and look important and to say: –
"Though we know we should defeat you,
we have not the time to meet you.
We will therefore pay you cash to go away."

And that is called paying the Dane-geld;
But we've proved it again and again,
That if once you have paid him the Dane-geld
You never get rid of the Dane....
Rudyard Kipling, 1911

Meanwhile In Ireland: State Does Not Pay Ransom, Hackers Turn Over Decryption Key