Security experts often joke that burglars who turn money into a multibillion-dollar corporation are often more sophisticated than their predecessors.
The ransom release – when cybercriminals shut down computers or their information until the ransom is paid – is resumed this week after the eagles hit one of the largest pipelines in the US, Toshiba’s business in Europe and health work in Ireland.
While governments have promised to address the problem, experts say the gang is on the rise and continue to dominate. For businesses, he said, there is a lot of pain ahead.
“This is the biggest security issue because companies have to decide how to participate in cat-and-mouse games,” said Myrna Soto, chief technology officer and trust manager at Forcepoint. In fact, it is a war — a war. ”
Last year, the number of eagles soared by more than 60 percent to 305m, according to data from SonicWall, where the ridiculers took advantage of the opportunity to work from home, as well as the difficulties that arose. More than half of the victims paid to unlock their machines, according to cyber security investigators at CrowdStrike.
About a dozen teams dominate the market, and the business has been doing well. He received at least $ 18bn in ransom by 2020, according to cyber security team Emsisoft, it costs around $ 150,000. When left unmanaged, many can now be “hunted for big animals” – pursuing larger goals and making more money.
A handful of cybercriminals have also intervened, following a pay-as-a-service, or Raas, program where groups borrow their viruses on the black internet to “interact” and reduce their findings.
“There are a lot of obstacles in getting here,” said Rick Holland, chief of security at cyber security team Digital Shadows.
The alleged perpetrators of the abduction of the Colonial Pipeline, a Russian group called DarkSide, He ran such a program, according to FireEye’s cyber security team, means that another group could take part in the violence.
“There are now divisions in the workplace and terrorists working together,” said Joshua Motta, co-founder and head of the cyber insurance group.
Follow the money
Business and government experts continue to debate the best way to fight cybercrime. One of the most difficult questions is whether governments should stop the victims from paying all the money.
“This is something that governments need to think about,” said Brett Callow, a researcher at Emsisoft. “Make interest rates useless, and the risks disappear.”
Opponents, however, warn that the ban will not help curb burglars, due to low cost and low risk-causing risks, and could force terrorists to threaten, such as hospitals.
The FBI advises against paying the ransom, but in the case of colonialism, the White House acknowledged the difficulties left by companies.
Last month, a public and private group of major technology companies including Microsoft and Amazon, along with US officials, urged it to be necessary for companies to review alternatives before taking action. pay the ransom, and then tell the government agency if they have paid the ransom.
Many victims remain silent in order to disclose whether they have been abused or compensated, for fear of damage to their reputation or of legal and legal damage. But Jen Ellis, vice president of rural and community affairs on the cyber group Rapid7 and a board member, said: “It can be done in secret, there are ways to do this to change it. But reporting gives us the opportunity to monitor payments. [and] follow it. ”
This is in line with other demands that the staff and others have called for: greater oversight of cryptocurrency exchange transactions, which they believe should apply to the same “your-client” and anti-money laundering laws such as financial transactions.
How researchers can find answers
In the meantime, the US government has launched a crackdown on criminal gangs, with the Justice Department setting up a volunteer group last month. Some of its motives, according to John Carlin’s chief of police records, Financial Times, are taking action “to disrupt and destroy the environment”.
This could include shutting down servers and other support services that support cyber-trading organizations, according to Tom Kellermann, head of cyber security at VMware and a member of the cyber advisory committee at the US Secret Service.
Kellermann also suggested that there may be a role for cybercriminals to crack down on terrorist Web sites. “Why not dig deep, just take it off the internet completely?”
Often, the instability of the perpetrators is a source of information for investigators that can lead to action, according to Allan Liska of the cybersecurity team, as “not a very good thing to do” as a last resort.
In the meantime, it appears that the deployment of drug traffickers has helped to prevent a serious threat to the Colonial stand. On Saturday, a group of intelligence and cyber companies, as well as US agencies such as the FBI, thwarted the attackers by shutting down US servers that the burglars used to store before sending them to Russia, according to two people familiar with the matter. Disruption was first reported by Bloomberg.
There have been little attempts to deter the terrorists, many of whom are operating illegally from Russia, who will not be able to repel them. Last month, US Treasure criticized one of Russia’s leading lawmakers, the FSB, “Farming is a partnership” Evil Corp.
Similarly, the perpetrators avoid illuminating the institutions in Russia, and may be asked to share the opportunity to use the victim’s methods. “I joke that the only way to protect yourself from redemption is to turn all your keyboards into a Russian Cyrillic,” Liska said.
Application of penalties
Dmitri Alperovitch, co-founder of the CrowdStrike security team who is now leading the Silverado Policy Accelerator think tank, He said on Twitter: “We have no problem saving. We have a problem in Russia. That’s right. “
The independent working group advocated international cooperation and “forced” countries that refuse to participate in the treaty – for example, to impose sanctions or suspend aid or visas.
In the meantime, the US has decided to crack down on other groups, such as Evil Corp, as a barrier to compensation. In October, US Treasure he issued a warning for any group that can help help pay the ransom – online security, contacts with insurance companies – to avoid violations, and to issue a similar warning to financial institutions such as crypto exchanges.
Not everyone has heeded the warning. According to data from Chainalysis, which analyzes blockchain scenarios, about 15% of the profits made in 2020 – or about $ 60m in total – could be a violation of the rules, as they appear to have been sent to registered or affiliated groups.
In selecting a number of cases, one accounting expert said he hoped that the government would wait to take a firm stand against the Colonial fraud. “Only 10 or 15 young boys or girls have a social networking experience and want more money. You don’t follow them in Russia, you follow them when they go on vacation to Greece. ”