DailyPost 1728

Cyber security happens to be America’s number one national security threat since 2014 and by extrapolation the number one international threat. In the criminal domain of Cyber Crime, *ransomware* as it stands today, would beat any other crime hollow, given the nature of sophistication, intensity and expanse of the damage.  It happens to be bringing down business reputations and countries are forced to get into the limping mode. With all the critical data encrypted, you become outsiders in your own enterprise, the superlative of a lame duck, which has no parallel in crime  history. Adding insult to injury you don’t know where to go and if you do, you are convinced of the fact that no worthwhile help would come in handy. The only question a crisis-ridden company, at that critical hour needs to answer, is whether to pay the ransom or not?

Even the payment of the whole ransom may not be  able to get you the complete data and there is also a  possibility of a second attack, is what the sequel to an attack is all about. Colonial Pipelines and JBS in US and Brazil respectively have conclusively proved the reality of the threat perception of the world, we live in. The pandemic has witnessed a quantum leap in ransomware attack, with at least 128 publicly disclosed incidents taking place globally in May 2021. What is important is to react hastily and conclusively. Whether the world has that capability, there is nobody who can provide that answer. Even in a cumulative manner, if something can be done, is still unknown. ”In the Carbis Bay communique, the G7 announced their intention to work together to tackle ransomware groups.” Later Biden and Putin discussed an extradition process to bring Russian cybercriminals to justice. Putin agreed in principle (read diplomatically), but insisted that the extradition be reciprocal.

Ransomware has become a Collaboration-ware today. Not only is it a blended crime; different offences across different bodies of law and also across different policing agencies and extending to  many countries. Connecting crime to the criminal in cyber offences have always been difficult, ransomware takes this complexity to uncrackable levels. Mostly using a distributed network of different cyber criminals, they are often unknown to each other. The ultimate challenge is that there is no key offender. The risk of arrest thus, is considerably brought down and in most of the globally well known cases, even the process could not be initiated, so to say. What has come out to the fore connecting the dots  is the prevalence of a professional industry, completely removed from the organized crime playbook.

Some connections have emerged out of a study of 4000 attacks between 2012 and 2021. The first step is taken by the Reconnaissance experts, they handover the workable intelligence regarding potential victims and access points to the hacking experts specializing in ”initial access.” After gaining initial access they keep on escalating the access privileges, search for data which can do the maximum damage when stolen or held for ransom. Key data is extracted and saved. Next players are the attack launchers. ”The ransomware is deployed, locking organizations out of their key data.” Ransomware gangs leak websites located in the Darknet and *”press release”* frighten the victim down the spine. The payment is in crypto currency, difficult to trace, the converted and laundered into fiat currency. The personas thus are: spammers, phishers, (steal credentials), initial access brokers, ransomware attackers hiring ransomware-as-a-service brokers, dark markeeters, monetizers etc. There are Ransomware consultants for these guys too.


Sanjay Sahay

Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.

Scroll to Top