DailyPost 1739
TOWARDS TARGETED RANSOMWARE
In the age of COVID-19, mutants are the order of the day, each successive one more potent than the earlier one. Ransomware is like the current pandemic, it gives a feeling of being both distant and not dangerous, when in the midst of it you understand what it really is. You don’t know what has hit you and where to go. This was the second surge. The patient, hospital, logistics and government, everybody was at a loss. Same is the story of ransomware, it has been steadily gaining ground for the last few years, but for those unaffected, it seemed to be an academic exercise. It kept on increasing in an exponential manner and the world is feeling the heat now, in the midst of it, not knowing where to go. World businesses have ended up paying ransom in the recent past. Is this not a deadly surge?
If we go by some of the ransom payments this year; $2.3 million by Travelex, Colonial Pipelines $5 million, JBS $11 million, Garmin demanded $10 million, payment not known, Cognizant April 2021 payment not known etc. In the last two cases the data was decrypted, so you can come to your own fair judgement. These are a few of the cases in the jungle raj of data, the world over. This gives a clear indication of the fact that the ransomware industry is moving steadily in the direction of targeted ransomware attacks. They feel that is where the money is and they have been proven right. The technical, social engineering and business acumen professionalism which these hackers have gained over the years have emboldened them to go in for bigger catches.
They have realised that they have the skills by which they can turn the world upside down and they are doing it. Every single case proves their hypothesis. The world is just not ready to handle a crime of this nature. WannaCry was a test case of crowdsourcing ransom. Its spread was phenomenal, nobody knew what was the quantum of actual proceeds? Running behind hundreds of targets across the globe, now knowing the real damage, not knowing whom to arm twist and keep waiting for a few hundred dollars to trickle in, from some of the impacted, was not the business proposition they were in for. The effort was humongous, time and patience was required either way, and being run as professional companies, they turned towards targeted ransomware. This change in business strategy resulted in yielding them a big bounty.
They developed their own playbook and they go by it. They ingested immense professionalism in each of their activities and higher still, seamless integration of all these translated into a successful targeted ransomware attack. Each of the elements of this professional attack team was perfected, which is quite evident from the impact. The strategy of copying data even before Ransomware payload was put into operation speaks volumes about their understanding of the trade they are in and also the ecosystem. Even after the ransom was paid, the copy of the data remained with them, which is then offered for further extortion; financial blackmail, sell it to business competitors; simply, make maximum money out of that data, whichever way. To add to the agony nearly 36% of the companies / victims face a second attack by the same hackers.
TARGETED RANSOMWARE HAS ALREADY PUT COMPANIES, CYBER SECURITY EXPERTS, INVESTIGATION AGENCIES AND THE GOVERNMENTS ON THEIR HEAD.
Sanjay Sahay