Ransomware

We are not under threat of war. We are in a war already. It’s a different kind of war, fought with ones and zeros, not guns. It is a cyberspace invasion that disrupts everything from individual computer users to whole countries. One weapon of cybercriminals is Hacking. Another is Ransomware. Hacking is an unauthorized break-in to an individual computer or an entire network of computers. Hackers steal confidential data, embezzle money, spread rumors or misleading information, manipulate content, etc. Hackers are active in the computer systems they attack. Ransomware is not concerned with using the stolen data… just freezing any access to the computer and its information until the victim pays the attackers’ demands. Using encryption (a process of scrambling readable text), it holds files and systems hostage, or it disrupts the operation of a computer, rendering it unusable. When victims pay the ransom demands, they receive a decryption key (a code) to release blocked files or systems or a code to reboot their operating system, either one of which, by the way, may or may not work. Victims are usually instructed to pay the ransom in anonymous cryptocurrency like Bitcoin, because that type of payment is next to impossible to track. Attackers are making millions of dollars at this game. Sometimes, I just have to laugh. I imagine these ‘mercenaries’ in their boxer shorts, unbathed for days, clouds of cigarette smoke, Heavy Metal music, and stale pizza—I know, I know… stereotype… how-come-I-don’t-picture-a-girl-this-is-serious, Paula! You’re right! State-sponsored ransomware is serious big business that takes place in large state-owned office buildings, but let me have my moment, please, then we can talk about the super bright, super computer-literate villains hard at work, disrupting, endangering and ripping off people all over the world. A Little History The first Ransomware attack came in 1980 from a Harvard academic named Joseph Popp. At a World Health Organization conference about AIDS, he passed out 20,000 discs titled “Aids Information—Introductory Diskettes� to all the participants. These “gifts� carried a virus Popp had developed, later named the AIDS Trojan Virus. This virus kicked in after each individual computer had been booted up (started) ninety times. Then it encrypted files and directories (where you store your files—like folders). A message appeared that said the files and directories would be restored after the victim sent $189 to a P.O.Box in Panama. Mr. Popp was arrested but never went to trial, a decision based on mental health issues. The advent of the internet made it much easier to pass such malware around. Ground zero for Ransomware is considered to be 2005. Ransomware GpCoder and Archievus were deployed into the cyber world. Archievus encrypted everything in the victim’s My Documents file. A 30-digit password had to be purchased to free up the files. However, anti-viral software easily detected and removed these weapons, so there was not much money to be made. Show Me the Money It was hard to collect ransom money anonymously in those early Ransomware days. With the advent of cryptocurrency like Bitcoin, cyber criminals were off to the races. Cryptolocker emerged in 2013 with more sophisticated forms of encryption plus the ability to monetize itself anonymously through cryptocurrency. CHA-CHING! A cyber-security company, Crowdstrike, reports a cyber-security company, reports, “criminals recognized that if consumers or one-off business users are willing to pay $300 to $500 to unlock…a single endpoint, businesses…, other organizations would likely be willing to pay much more for mission-critical data, or to unlock an entire fleet of endpoints held hostage.� Thus, the beginnings of BGH… Big Game Hunting. “BGH combines Ransomware with the tactics, techniques and procedures (TTPs) common in targeted attacks aimed at larger organizations. Rather than launching large numbers of ransomware attacks against small targets, the goal of BGH is to focus efforts on fewer victims that can yield a greater financial payoff—one that is worth the criminals’ time and effort,� according to Crowdstrike. BGH is where really bad actors, often state-sponsored by China, N. Korea, Iran, and Russia, go after pipelines, supply chains, transportation, energy grids and health providers, causing mass, sometimes life-threatening disruption to critical infrastructure. Ransomware Today Just in the last few months in the USA crucial sectors of the economy have been targeted by Ransomware attacks. Targets included the Colonial Pipeline that cut off gas supplies and crippled transportation on the East Coast. JBS meat-packing plants which supply 25% of the beef and 20% of the pork sold in the United States were closed for two days before paying a ransom. Just that small amount of time disrupts the food chain for several months ahead and drives an increase in prices for consumers. In May, in the middle of a pandemic, the Irish Health Service experienced a massive Ransomware attack. According to ABC news, “One of the biggest challenges is that medics now have limited or no access to patients’ records, meaning they have limited knowledge of their medical histories. Lab results now also have to be printed and hand-delivered. That has slowed lab testing significantly and forced the health service to ration blood testing in many places, reserving it only for urgent cases.� U.S. Energy Secretary Jennifer Granholm warns that American adversaries have the capability of shutting down U.S. power grids and states that “there are thousands of attacks on all aspects of the energy and the private sectors...� To Pay Or Not To Pay Officially, governments encourage people not to pay the ransoms. The Irish Health Service did not pay. After a week, because of extensive human damage, the criminals sent a key. It barely worked. Progress remains slow. JBS paid $11 million in Bitcoin. Colonial Penn paid $4.4 million, $2.3 of which has been recovered by the U.S. Dept. of Justice. Protect Yourself There are two types of Ransomware attacks. Screenlocks and Encrypting. (There are also fake attacks so check to see if your device is still working.) If you get hit, immediately take a picture of the ransom note and disconnect your device from all other devices, routers, etc. Turn off all other devices. Go to: What to Do If You’re Infected by Ransomware: A Step-by-Step Guide | Tom’s Guide (tomsguide.com). and print these directions out to have at the ready. Call your local FBI or Secret Service office and report it. Something to do ahead is store back-ups to your important files on a separate hard drive or in the Cloud. Make sure your computer operating system is regularly updated. Go online and search for good, protective privacy practices. War and Peace It’s amazing how quickly perverse people move in to make of mess of beautiful things. Beautiful things need to be defended. We have to be brave, enlightened, smart warriors, alert to the dangers, fighting back to keep the cyber world beautiful and free. Vamos a ver!