Ransomware and the new digital mafia

It is enough for an employee to download an infected email, or for a security patch not to be installed in time on a company’s servers, so that hackers, through sophisticated encryption software, can hijack sensitive company data, to then ask for millionaire ransoms.Ransomware, or digital hijacking, is currently one of the most profitable criminal enterprises in the world and some experts estimate that it has already outgrown the drug business.

Is the world ready to fight hackers?

By: Gabriel E. Leby B. –www.galevy.com

On March 22, 2018, the city of Atlanta, in the state of Georgia, in the United States, was the victim of one of the most media-focused computer attacks that the world has witnessed so far, it was about the kidnapping of all the sensitive information of the city through a software called Ransomware SamSam, which using the so-called “Brute Force”, accessed the city’s servers and encrypted (Encoded) the sensitive information of the public administration [ 1], and then ask for ransom for it.

This was not the first attack made by this group of criminals, since they previously attacked other targets, ranging from small cities like Farmington, New Mexico to the Colorado Department of Transportation and the Erie County Medical Center, all of them in the United States. [2]

The hackers in charge of the attack, calling themselves SamSam, demanded fifty thousand dollars for the passwords to decrypt all the hijacked information in Atlanta, However, unlike the previous victims, the authorities decided not to pay the ransom and preferred to invest in cutting edge technology to strengthen all the city’s systems and recover the information, with an estimated investment of almost 9.5 million dollars [3].

Additionally, the different federal agencies, together with the local authorities, concentrated their efforts on capturing the hackers and in less than 6 months they arrested the Iranians: Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, who were formally accused of perpetrating the attack [4].

A growing crime

Unlike what happened in Atlanta, and according to a report by Retina del País magazine in Spain, many of the kidnappings are solved by paying the ransom:

“Those who know these situations define them as hours of anguish, nervousness and maximum tension, especially the first time. Whatever the decision, the damage is done. It is not unusual to opt for payment. Recent examples, such as Garmin and the American city of Lafayette, or older ones, such as Uber, demonstrate this. Some companies even admit that they have succumbed to pressure. The CWT displayed in a public chat the negotiation with the hackers -where the amount finally paid is observed- and seven British universities sent an email to their students accepting the ransom after running out of the cloud services provided by Blackbaus” [5].

A Billionaire Business

According to Álvaro del Hoyo, IBM European Cybersecurity Competence Center member [6], cybercrime already economically exceeds the drug trafficking business and is becoming the greatest threat that authorities around the world face today, especially due to the lack of regulation, technological tools and specific knowledge to fight them.

The main problem that the authorities experience with this type of computer crime is that it generally occurs on the Dark Web, (Dark Internet) that makes up the fragment of the Internet that can only be accessed through specific applications and that is part of the Deep Web [7], which allows to easily mask and dilute any illegal activity and keep it hidden from the authorities around the world, which although it does not guarantee an exclusive anonymity for criminals, it does facilitate their work [8].

A problem that is just beginning

For now, the very lucrative business of Ransomware has focused on the corporate and business environment, taking advantage of security weaknesses; however, organizations have begun to implement information security policies, either on their own initiative or pressure from the same insurance companies that are conditioning the issuance of policies to higher levels of security, which is why it is very likely that in the coming years the business will begin to transfer to people, especially when the Internet of Things is consolidated where security is not necessarily the main priority of manufacturers that seek to compete mainly in the costs reduction.

In the next few years, it is very likely that autonomous cars will start rolling in major cities and it is entirely possible that the software that makes these vehicles work could be captured by hackers:

“It is only a matter of time before our car refuses to start and shows a warning on its screen informing us that it will not start until we pay an amount in bitcoins as a reward, or our phone, refrigerator, electronic lock or defibrillator (which can be compromised from dozens of meters away)”. [9]

As the offer of Internet-connected devices increases, security risks are also likely to grow, which ultimately translates into opportunities for criminals, who in turn and according to what the evidence shows, each day improve more their techniques and knowledge in cybersecurity.

In Conclusion, Ransomwar is a type of cybercrime to which the authorities and governments have not paid enough attention, mainly due to the lack of regulation and legislation in this regard and possibly because it is a still much unknown crime, at the same time that the authorities do not have the knowledge or the enough technological tools to fight it, being for now a very lucrative business for criminals that has focused on attacking the vulnerabilities of the corporate and government sector, however, it is very likely that in the coming years, given the strengthening of these systems, cyber criminals will focus on people’s daily use devices, especially on the Internet of Things, which could become a social problem of great dimensions, if governments do not implement urgent measures and manufacturers pay more attention to the security of their devices.

 [1] Article by CNN about the cyber-attack occurred in Atlanta

 [2] Article about SAMSAM Attacks

[3] Reuters report about the hijacking impact in Atlanta.

[4] New York Times article about the capture of the hackers

[5] Article by Retina del País magazine in Spain

[6] Mention in the Retina del País magazine in Spain

[7] Andinalink article: Hidden threat of the Internet

[8] Xataca article about Dark Web

[9] Article by Retina del País magazine in Spain about: The future of Ransonware

Disclaimer: This article corresponds to a review and analysis in the context of digital transformation in the information society, and is duly supported by reliable and verified academic and/or journalistic sources. This is NOT an opinion article and therefore the information it contains does not necessarily represent the position of Andinalink, or its authors’ or the entities with which they are formally linked, regarding the issues, persons, entities or organizations mentioned in the text.