We are not under threat of war. We are in a war already. Itâs a different kind of war, fought with ones and zeros, not guns. It is a cyberspace invasion that disrupts everything from individual computer users to whole countries. One weapon of cybercriminals is Hacking. Another is Ransomware.
Hacking is an unauthorized break-in to an individual computer or an entire network of computers. Hackers steal confidential data, embezzle money, spread rumors or misleading information, manipulate content, etc. Hackers are active in the computer systems they attack.
Ransomware is not concerned with using the stolen dataâŚ just freezing any access to the computer and its information until the victim pays the attackersâ demands. Using encryption (a process of scrambling readable text), it holds files and systems hostage, or it disrupts the operation of a computer, rendering it unusable. When victims pay the ransom demands, they receive a decryption key (a code) to release blocked files or systems or a code to reboot their operating system, either one of which, by the way, may or may not work.
Victims are usually instructed to pay the ransom in anonymous cryptocurrency like Bitcoin, because that type of payment is next to impossible to track. Attackers are making millions of dollars at this game.
Sometimes, I just have to laugh. I imagine these âmercenariesâ in their boxer shorts, unbathed for days, clouds of cigarette smoke, Heavy Metal music, and stale pizzaâI know, I knowâŚ stereotypeâŚ how-come-I-donât-picture-a-girl-this-is-serious, Paula! Youâre right! State-sponsored ransomware is serious big business that takes place in large state-owned office buildings, but let me have my moment, please, then we can talk about the super bright, super computer-literate villains hard at work, disrupting, endangering and ripping off people all over the world.
A Little History
The first Ransomware attack came in 1980 from a Harvard academic named Joseph Popp. At a World Health Organization conference about AIDS, he passed out 20,000 discs titled âAids InformationâIntroductory Diskettesâ to all the participants. These âgiftsâ carried a virus Popp had developed, later named the AIDS Trojan Virus. This virus kicked in after each individual computer had been booted up (started) ninety times. Then it encrypted files and directories (where you store your filesâlike folders). A message appeared that said the files and directories would be restored after the victim sent $189 to a P.O.Box in Panama. Mr. Popp was arrested but never went to trial, a decision based on mental health issues.
The advent of the internet made it much easier to pass such malware around. Ground zero for Ransomware is considered to be 2005. Ransomware GpCoder and Archievus were deployed into the cyber world. Archievus encrypted everything in the victimâs My Documents file. A 30-digit password had to be purchased to free up the files. However, anti-viral software easily detected and removed these weapons, so there was not much money to be made.
Show Me the Money
It was hard to collect ransom money anonymously in those early Ransomware days. With the advent of cryptocurrency like Bitcoin, cyber criminals were off to the races. Cryptolocker emerged in 2013 with more sophisticated forms of encryption plus the ability to monetize itself anonymously through cryptocurrency.
A cyber-security company, Crowdstrike, reports a cyber-security company, reports, âcriminals recognized that if consumers or one-off business users are willing to pay $300 to $500 to unlockâŚa single endpoint, businessesâŚ, other organizations would likely be willing to pay much more for mission-critical data, or to unlock an entire fleet of endpoints held hostage.â Thus, the beginnings of BGHâŚ Big Game Hunting.
âBGH combines Ransomware with the tactics, techniques and procedures (TTPs) common in targeted attacks aimed at larger organizations. Rather than launching large numbers of ransomware attacks against small targets, the goal of BGH is to focus efforts on fewer victims that can yield a greater financial payoffâone that is worth the criminalsâ time and effort,â according to Crowdstrike.
BGH is where really bad actors, often state-sponsored by China, N. Korea, Iran, and Russia, go after pipelines, supply chains, transportation, energy grids and health providers, causing mass, sometimes life-threatening disruption to critical infrastructure.
Just in the last few months in the USA crucial sectors of the economy have been targeted by Ransomware attacks. Targets included the Colonial Pipeline that cut off gas supplies and crippled transportation on the East Coast.
JBS meat-packing plants which supply 25% of the beef and 20% of the pork sold in the United States were closed for two days before paying a ransom. Just that small amount of time disrupts the food chain for several months ahead and drives an increase in prices for consumers.
In May, in the middle of a pandemic, the Irish Health Service experienced a massive Ransomware attack. According to ABC news, âOne of the biggest challenges is that medics now have limited or no access to patientsâ records, meaning they have limited knowledge of their medical histories. Lab results now also have to be printed and hand-delivered. That has slowed lab testing significantly and forced the health service to ration blood testing in many places, reserving it only for urgent cases.â
U.S. Energy Secretary Jennifer Granholm warns that American adversaries have the capability of shutting down U.S. power grids and states that âthere are thousands of attacks on all aspects of the energy and the private sectors...â
To Pay Or Not To Pay
Officially, governments encourage people not to pay the ransoms. The Irish Health Service did not pay. After a week, because of extensive human damage, the criminals sent a key. It barely worked. Progress remains slow. JBS paid $11 million in Bitcoin. Colonial Penn paid $4.4 million, $2.3 of which has been recovered by the U.S. Dept. of Justice.
There are two types of Ransomware attacks. Screenlocks and Encrypting. (There are also fake attacks so check to see if your device is still working.) If you get hit, immediately take a picture of the ransom note and disconnect your device from all other devices, routers, etc. Turn off all other devices. Go to: What to Do If Youâre Infected by Ransomware: A Step-by-Step Guide | Tomâs Guide (tomsguide.com). and print these directions out to have at the ready. Call your local FBI or Secret Service office and report it.
Something to do ahead is store back-ups to your important files on a separate hard drive or in the Cloud. Make sure your computer operating system is regularly updated. Go online and search for good, protective privacy practices.
War and Peace
Itâs amazing how quickly perverse people move in to make of mess of beautiful things. Beautiful things need to be defended. We have to be brave, enlightened, smart warriors, alert to the dangers, fighting back to keep the cyber world beautiful and free.
Vamos a ver!