01 January 2024

The unappreciated threat of ransomware

Everyone has heard stories about unfortunate businessmen who have had their restaurant or store rendered inoperative until they paid "ransomware" to a cybercriminal.  The Economist explains that ransomware technology presents immense potential damages on a much larger scale:
In October cyber-criminals hacked into the British Library, a storied institution in the heart of London, encrypted its data and demanded money in exchange for the key. Months later the library and its catalogue of 14m books remain offline, with no end in sight. Similar ransomware attacks—in which criminals encrypt or steal data and demand a ransom to decrypt or refrain from leaking it—are not only undermining business and sapping prosperity across North America and Europe. Financially motivated attacks on infrastructure, such as schools, hospitals and power utilities, also pose a large and growing threat to national security. Western countries now face what a British parliamentary committee described on December 13th as “a high risk [of] a catastrophic ransomware attack at any moment”...

Ransomware has been mainly a Western problem but it is spreading globally. America, Australia, Britain, Canada and Germany are the most affected countries, but Brazil and India are not far behind them. Victims span the public and private sectors—in recent weeks attacks have hit an Italian cloud-service provider that hosts government data, Germany’s energy agency and a Chinese bank in New York, among others. An attack on Christmas Eve disrupted emergency care at a German hospital network, and attacks on the education sector are rising. This adds up to a slow-burning but serious national-security crisis. “It is the one serious organised crime that could bring the country to a standstill,” warned Graeme Biggar, the director of Britain’s National Crime Agency (NCA), recently...

 The hardest part of a ransomware attack was once cashing out and laundering the ransom. Attackers would have to buy high-end goods using stolen banking credentials and sell them on the black market in Russia, losing perhaps 60-70% of the profit along the way. Cryptocurrency has enabled them to cash out immediately with little risk...

At the same time, ransomware’s business model is also changing. In the past hackers demanded a ransom in exchange for decrypting a victim’s data. But scrambling data is usually the most technically demanding part of an attack, and the part most liable to alert a victim. Now attackers almost always exfiltrate the data and threaten to publish it online; in a growing minority of attacks they do not even bother encrypting it...

Generative artificial-intelligence (AI) tools like ChatGPT are helping improve everything from the quality of English in phishing emails to the potency of malware, says Mr Lyne. He points out that the online forums used by cyber-criminals already have dedicated AI sections. Ransomware syndicates remain “well-resourced, adaptable and [are] growing bolder”, says Mr MacColl, despite all the disruptive efforts of the past three years. “I’m fairly confident in saying they’re still doing as much harm to UK national security as anything Russia, China, Iran or North Korea does in cyberspace.” 
More at the link.

5 comments:

  1. The library system that I work got hit by ransom ware just prior to COVID, around Christmas 2019. All email from before that is gone and it took weeks for us to be fully fixed, although the catalog was back up quite quickly. And it's not like a small library is going to pay; we don't have any money to pay ransom. It was completely stupid.

    ReplyDelete
  2. Medical institutions are being hacked regularly as well. Just as with email, assume anything you say in your physician's office, will be published on the front page of the Times.

    ReplyDelete
  3. Sounds similar to what magic market forces are doing to/for/with college athletics and politics, only in a more direct manner.

    ReplyDelete
  4. Perhaps even worse is the loss of someone's lifework, perhaps a novel labored over for many years, or perhaps precious pictures that they no longer have in non-digital format. Then there is the factor that an older person, failing prey to such vermin, now must dig into what little nest egg they have in order to retrieve their lost material.

    To me, if the death penalty were enforced for such criminals, I'd be good with it. In fact, I doubt anything less will have much of an impact. And forget this 20+ years wait on death row. No, sir! If you're in another country, you are targeted by snipers.

    Wait--too much?

    I still stand with my belief that those who would do such things to people have no business living among us.

    ReplyDelete
    Replies
    1. These are state-sponsored attacks coming out of Russia mostly. You could sentence them to be fired into the sun for all the good it'll do you.
      What can be done is impress upon the people you know that they need to have a backup strategy, ideally one cloud-based and one physical.
      Furthermore, the people in those hospitals who are in charge of IT need to be held accountable when it turns out they have no action plan in place for this. If lax security means your health is put at risk, or if your information is stolen from an online shopping site then somebody needs to pay.
      There have been countless data breaches that have resulted in a slap on the wrist even when it becomes apparent that the companies being breached have done a bare minimum to keep your data secure because the risk/reward doesn't make it pay to do things right.
      Oh, and why blame the victims? Because if a bank left its depositors money in a shoebox with all their details, address, SSN etc., taped to it for easy identification, and didn't lock the doors at night, then who's to blame when it gets stolen? Whoever took it, yes, but also the bank for failing to live up to what they're legally obliged to do.

      Delete