Post by Webster on Aug 2, 2021 17:54:59 GMT
The Guardian:
‘It’s quite feasible to start a war’ - just how dangerous are ransomware hackers?
-Read more: www.theguardian.com/technology/2021/aug/01/crypto-criminals-hack-the-computer-systems-of-governments-firms-even-hospitals
‘It’s quite feasible to start a war’ - just how dangerous are ransomware hackers?
Sirin Kale
Sun 1 Aug 2021 05.00 EDT
--They have the sort of names that only teenage boys or aspiring Bond villains would dream up (REvil, Grief, Wizard Spider, Ragnar), they base themselves in countries that do not cooperate with international law enforcement and they don’t care whether they attack a hospital or a multinational corporation. Ransomware gangs are suddenly everywhere, seemingly unstoppable – and very successful.
In June, meat producer JBS, which supplies over a fifth of all the beef in the US, paid a £7.8m ransom to regain access to its computer systems. The same month, the US’s largest national fuel pipeline, Colonial Pipeline, paid £3.1m to ransomware hackers after they locked the company’s systems, causing days of fuel shortages and paralysing the east coast. “It was the hardest decision I’ve made in my 39 years in the energy industry,” said a deflated-looking Colonial CEO Joseph Blount in an evidence session before Congress. In July, hackers attacked software firm Kaseya, demanding £50m. As a result, hundreds of supermarkets had to close in Sweden, because their cash registers didn’t work.
The gangs – criminal enterprises that hack into internet-connected computer systems, lock access to them, and then sell a decryption key in exchange for payment in bitcoin – have targeted schools, hospitals, councils, airports, government bodies, oil pipelines, universities, nuclear contractors, insurance companies, chemical distributors and arms manufacturers. Hackers haven’t targeted air traffic controllers yet, but some believe that it’s only a matter of time.
All organisations are vulnerable, although a sweet spot is mid-size businesses that have enough revenue to make them a lucrative target, but aren’t large enough to have dedicated cybersecurity teams. “Everybody who uses internet-connected computer systems has vulnerabilities,” says Dr Herb Lin, a cybersecurity expert at Stanford University.
Russia is a major hotspot for ransomware attackers to headquarter themselves, as is Iran. Cyrillic – the Russian alphabet – is commonly used in ransomware forums or source codes. “It’s not that the Russian government is conducting these ransomware attacks,” Lin says, “but they have an arrangement in which the Russian-based cyber-mobs can do their activities outside Russia, and the country turns a blind eye to it. The tacit agreement is, if you hack a Russian system, you’re in trouble.” I ask Lin why the Russian authorities are so lenient. “My guess is that Putin gets a cut,” he says.
These hackers operate as organised gangs: some members specialise in identifying compromised systems and gaining access, while others handle the ransom negotiations. (Investigators tracing ransom payments will often see cryptocurrency transferred into many different cyberwallets after a transaction has been made, for this reason.)
And they are not shy of publicity – some have even given media interviews. “I know at the very least several affiliates have access to a ballistic missile launch system… It’s quite feasible to start a war,” said an unnamed REvil spokesperson airily in one interview. “But it’s not worth it – the consequences are not profitable.” Each group has a distinct character. “REvil has some flair, as does Pysa, who are quite snarky,” says Brett Callow of the cybersecurity firm Emsisoft. “At the other end of the spectrum, Ryuk are robotic in their approach.”
More recently, these gangs have pivoted into extorting individuals. If victims don’t pay, their stolen data is dumped online, or sold on the dark web to the highest bidder. (There is no way to know if the data is sold anyway, even if the victim does pay.) Some of these extortion demands take a vicious tenor: REvil recently threatened to publish damaging information about Invenergy CEO Michael Polsky after he refused to pay a ransom. “We know his secrets… we will share with you some disgusting photos, and many interesting facts from his life,” wrote the hackers on their dark web blog. And the pandemic has proved especially fecund for ransomware gangs. According to a report from cybersecurity software firm Bitdefender, attacks increased by 485% in 2020 alone. “It’s taken off since Covid because we have more people working from home,” says Sophia, a crisis communications expert who specialises in advising companies who have been targeted by ransomware hackers. Poorly secured remote access logins are a common route in. “More of a digital environment leads to more points of entry for the attackers,” she says. “The last year and a half has been a whole new ballgame.”....
Sun 1 Aug 2021 05.00 EDT
--They have the sort of names that only teenage boys or aspiring Bond villains would dream up (REvil, Grief, Wizard Spider, Ragnar), they base themselves in countries that do not cooperate with international law enforcement and they don’t care whether they attack a hospital or a multinational corporation. Ransomware gangs are suddenly everywhere, seemingly unstoppable – and very successful.
In June, meat producer JBS, which supplies over a fifth of all the beef in the US, paid a £7.8m ransom to regain access to its computer systems. The same month, the US’s largest national fuel pipeline, Colonial Pipeline, paid £3.1m to ransomware hackers after they locked the company’s systems, causing days of fuel shortages and paralysing the east coast. “It was the hardest decision I’ve made in my 39 years in the energy industry,” said a deflated-looking Colonial CEO Joseph Blount in an evidence session before Congress. In July, hackers attacked software firm Kaseya, demanding £50m. As a result, hundreds of supermarkets had to close in Sweden, because their cash registers didn’t work.
The gangs – criminal enterprises that hack into internet-connected computer systems, lock access to them, and then sell a decryption key in exchange for payment in bitcoin – have targeted schools, hospitals, councils, airports, government bodies, oil pipelines, universities, nuclear contractors, insurance companies, chemical distributors and arms manufacturers. Hackers haven’t targeted air traffic controllers yet, but some believe that it’s only a matter of time.
All organisations are vulnerable, although a sweet spot is mid-size businesses that have enough revenue to make them a lucrative target, but aren’t large enough to have dedicated cybersecurity teams. “Everybody who uses internet-connected computer systems has vulnerabilities,” says Dr Herb Lin, a cybersecurity expert at Stanford University.
Russia is a major hotspot for ransomware attackers to headquarter themselves, as is Iran. Cyrillic – the Russian alphabet – is commonly used in ransomware forums or source codes. “It’s not that the Russian government is conducting these ransomware attacks,” Lin says, “but they have an arrangement in which the Russian-based cyber-mobs can do their activities outside Russia, and the country turns a blind eye to it. The tacit agreement is, if you hack a Russian system, you’re in trouble.” I ask Lin why the Russian authorities are so lenient. “My guess is that Putin gets a cut,” he says.
These hackers operate as organised gangs: some members specialise in identifying compromised systems and gaining access, while others handle the ransom negotiations. (Investigators tracing ransom payments will often see cryptocurrency transferred into many different cyberwallets after a transaction has been made, for this reason.)
And they are not shy of publicity – some have even given media interviews. “I know at the very least several affiliates have access to a ballistic missile launch system… It’s quite feasible to start a war,” said an unnamed REvil spokesperson airily in one interview. “But it’s not worth it – the consequences are not profitable.” Each group has a distinct character. “REvil has some flair, as does Pysa, who are quite snarky,” says Brett Callow of the cybersecurity firm Emsisoft. “At the other end of the spectrum, Ryuk are robotic in their approach.”
More recently, these gangs have pivoted into extorting individuals. If victims don’t pay, their stolen data is dumped online, or sold on the dark web to the highest bidder. (There is no way to know if the data is sold anyway, even if the victim does pay.) Some of these extortion demands take a vicious tenor: REvil recently threatened to publish damaging information about Invenergy CEO Michael Polsky after he refused to pay a ransom. “We know his secrets… we will share with you some disgusting photos, and many interesting facts from his life,” wrote the hackers on their dark web blog. And the pandemic has proved especially fecund for ransomware gangs. According to a report from cybersecurity software firm Bitdefender, attacks increased by 485% in 2020 alone. “It’s taken off since Covid because we have more people working from home,” says Sophia, a crisis communications expert who specialises in advising companies who have been targeted by ransomware hackers. Poorly secured remote access logins are a common route in. “More of a digital environment leads to more points of entry for the attackers,” she says. “The last year and a half has been a whole new ballgame.”....