DailyPost 1957
RANSOMWARE CASE STUDIES
The increase in the cases of ransomware and the challenges it poses to human existence, in a variety of ways, certainly calls for a research element in the fight against it. The sensationalizing that is happening through media reports is ending up nowhere. The current posture as it stands today gives the world a feeling that we are at our knees and the ransomware hackers can get their way through, at their whims and fancies. They indulge in open negotiations and get away with the nature of money even the best of the businesses cannot imagine. They also have the audacity of flaunting that money on fancy cars and luxury and make it known to the world.
Companies and governments have gone behind these hackers just like a lone organization most of the time. Companies more often than have ended up paying ransom, to the dismay of the world. Paying ransom is not a crime. That being the case the general evaluation is whether getting the system up and running without paying the ransom is cheaper or the vice versa. And in nearly all the cases paying ransom has been cheaper. The governments have not been able to provide any support, so what choice are they left with? Even the investigative agencies keep hitting a roadblock in ransomware investigation cases. Necessarily tackling this crime needs a different approach.
While now the media covers these stories in a big way, the outrage on the nature of disruption ransomware causes, should have been radically different. Even the government’s treat it as a different type of crime or more so an incident. If an organized crime gang were to hold the whole of the Colonial Pipelines hostage, what sort of an outrage could it have created? The impact is the same, and mostly it is much worse. Literally there are no results that can be shown at the end of the investigation. The collaboration of the ransomware gangs by way of intelligence and forming cartels can be treated as one of a kind in the world’s criminal history. The specialization in each of the activities adding up to the Ransomware Life Cycle is crazy.
Platform criminality and ransomware as a service, best example being REvil can put the world in tizzy. What the dismantling of REvil by Russia means nobody knows. What is really necessary is to understand these cases in totality; the protocols / frameworks and how they give way. The methods of entry into the system, the exploits thereof? How it has been possible to get into huge companies, who are spending money, effort and energy to be compliant. The modus operandi, the resources and state / non-state actors , the methods of camouflage, all need to be researched upon. Where does this nature of expertise come from in each case? Given the perilous situation we are in, a multipronged ransomware case study, end to end in each case on the lines mentioned will throw light on the big cases and will lay threadbare the problem from all angles: technical, legal, managerial, investigative, preventive, coordination, collaboration and expertise gap.
KNOWLEDGE BASE ON RANSOMWARE IS WEAK, BLEAK AND NON-ACTIONABLE.
Sanjay Sahay