Business News

‘It’s a fight, it’s a war’: experts want to defeat ransomware attackers

[ad_1]

Cybersecurity experts like to joke that hackers who have turned rantsomware attacks into millions of millions of industries are often more professional than the biggest victims.

Ransomware attacks – when cyber attackers block their target computer systems or data until they pay the ransom – have come into focus this week, after the attacks hit one of the largest oil pipelines in the U.S. Toshiba’s European business and the Irish Health Service.

While governments are committed to tackling the problem, experts said criminal gangs are more entrepreneurial and continue to dominate. For companies, they said, there is more pain.

“This is probably the biggest safety issue, as companies have to decide how far they can go in this game of cat and mouse,” said Myrna Soto, Forcepoint’s chief strategy officer and trust manager. “It’s a fight, it’s a war, actually.”

Last year, the number of ransomware attacks rose more than 60 percent to 305m, according to SonicWall data, hackers took advantage of moving from work to home and as a result the vulnerabilities opened up. More than a quarter of victims pay to unlock their systems, according to cybersecurity researchers at CrowdStrike.

Two dozen gangs dominate the market, and business has been booming. At least they won $ 18 billion in bailouts In 2020, according to the cybersecurity group Emsisoft, it will pay an average of about $ 150,000. Once non-discriminatory in their attacks, many engage in “high-stakes hunting” in pursuit of the highest goals of demanding high pay.

Technologically less intelligent criminals have also joined in, after the creation of ransomware-as-a-service (Raas), where groups rent their viruses on the dark web to “affiliates” and take a cut in profits.

“There are very small barriers to accessing it now,” said Rick Holland, head of information security for the Digital Shadows cybersecurity team.

The alleged perpetrators of the Colonial Pipeline hack, a Russian gang called DarkSide, such a member directed a program, According to the FireEye cybersecurity group, which means another group may also be involved in the colonial attack.

“There is a division of labor now and the criminals are engaged in transnational cooperation,” said Joshua Motta, co-founder and co-director of the Cyber ​​Coalition group.

Private Sector and Public Sector ** Bar Calculation Diagram ($ m) showing global ransomware costs *

Follow the money

Cyber ​​experts and governments continue to discuss the most effective way to overcome cyber cartels. One of the most serious questions is whether governments should completely ban victims from paying ransom.

“This is something that governments need to take seriously,” said Brett Callow, an analyst at Emsisoft. “Ransomware attacks have not been profitable, and the attacks would be stopped.”

But opponents have warned that the ban would do little to prevent hackers, with low cost and low risk of attacks, and push gangs to weaker targets, such as hospitals.

The FBI advises not to pay the bailout, but in the case of the Colonials, the White House acknowledged the difficult attitude left by the companies.

Last month, a public and private group of large technology groups such as Microsoft and Amazon, along with U.S. officials, recommended that companies be required to review alternatives. paying the ransom, and then notify a governing body if they pay the ransom.

Many victims are not reported to have been assaulted or paid for, for fear of reputable harm or legal and regulatory reactions. But Jen Ellis, vice president and board member of the Rapid7 cyber group community and public affairs, said: “It can be done privately, there are ways to destigmatize it. But reporting it gives us a greater ability to investigate payments. [and] follow them “.

This ties in with another demand from the working group and others: greater oversight by the government of cryptocurrency exchanges, which believe traditional financial services should “know your client” and comply with the same anti-money laundering laws.

How researchers can find clues

Meanwhile, the U.S. government has made great efforts to hunt down and prosecute ransomware gangs, and the Department of Justice launched its own ransomware unit last month. Among the targets is a statement from Acting Deputy Attorney General John Carlin, seen by the Financial Times, that he is taking steps to “break and dismantle the criminal ecosystem”.

This could mean the elimination of servers and other hosting services that typically facilitate cyber-poster business, said Tom Kellermann, head of VMware’s cybersecurity strategy and a member of the U.S. Secret Service’s cyber investigation advisory board.

Kellermann suggested that Internet service providers could play a role in eliminating dark web forums associated with certain bands. “Why don’t they sink, they just completely demolish it from the internet?”

Often on the part of affiliated criminals, they will leave clues to investigators who will allow them to take such action, according to Allan Liska of Recorded Future’s computer security incident team Allan Liska, “because they are not as good as their cover.” tracks ”as a ransomware operator.

Already, there is evidence that targeting hackers ’infrastructure helped prevent an even more catastrophic catastrophe in the event of the Colonial closure. On Saturday, a group of technology and cyber companies, and agencies such as the U.S. FBI, thwarted the attackers’ use of data-based servers to store data after the closure of two U.S.-based servers in Russia, two people familiar with the situation. Bloomberg reported the breakup for the first time.

There have been few attempts to prosecute the gangs, many of whom are operating with impunity from Russia and are unlikely to be extradited. Last month, the U.S. Treasury also denounced one of Russia’s intelligence services, the FSB “Practice and choose” Evil Corp ransomware team.

In return, criminals typically avoid targeting Russian institutions and may call for shared access to the victim’s systems. “I’m kidding that the safest way to protect yourself from ransomware is to convert all your keyboards to use Russian Cyrillic design,” Liska said.

Bar chart showing major data breaches by number of records, million (2020)

Use of penalties

Dmitri Alperovitch, founder of the CrowdStrike security team, now leads the Silverado Policy Accelerator think-tank. he said on Twitter: “We don’t have a ransomware problem. We have a Russian problem. That’s it.”

The public-private ransomware working group recommended “increasing pressure” on nations that refuse to cooperate internationally and cooperate, for example, through sanctions or by attaching aid or visas.

So far, the U.S. has decided to impose sanctions on certain groups, such as Evil Corp., for potential bailouts. In October, the U.S. Treasury gave a warning any group that would help facilitate the payment of the ransom – cybersecurity, negotiator and insurance company – not to break the penalties, and gave a similar warning to financial institutions such as crypto exchanges.

Not everyone has heeded these warnings. According to Chainalysis data, which examines blockchain transactions, could violate penalties for about 15 percent of the rescues that followed in 2020 – or a total of about $ 60 million – because they appear to have been blacklisted or linked to those groups.

With few options for the prosecution, an expert who knew the government’s point of view said authorities expected the perpetrators of the colonial hack to wait to go on the offensive. “There are 10 or 15 young boys or girls who have a lot of parties and want a lot of money. You don’t go to Russia after them, you go to Greece on holiday. ”



[ad_2]

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button