“This is a battle, this is a war”: Experts try to defeat ransomware attackers

[ad_1]

Cybersecurity experts like to joke that the hackers who turn ransomware attacks into a multi-billion dollar industry are usually more professional than the biggest victims.

Ransomware attacks-when cyber attackers lock targeted computer systems or data until the ransom is paid-after the attack hit one of the largest oil pipelines in the United States, it became the focus of attention again this week. Toshiba’s European operations And Ireland’s health services.

Although the government has promised to solve this problem, experts say that criminal gangs have become more aggressive and continue to have the upper hand. They said that for companies, there will be more pain.

“This may be the biggest problem in terms of security, because companies must decide how much they participate in this cat and mouse game,” said Myrna Soto, Chief Strategy and Trust Officer of Forcepoint. “To be honest, this is a battle, this is a war.”

Last year, the number of ransomware attacks increased by more than 60% to 305 million Data from SonicWall, Because hackers took advantage of the transition from working at home to work and the resulting loopholes. CrowdStrike’s cybersecurity researchers say that only more than a quarter of victims pay to unlock the system.

There are about two gangsters in the market and their business is booming.They made at least $18 billion in ransom According to the cybersecurity organization Emsisoft, by 2020, the average expenditure will be about $150,000. Once attacked indiscriminately, many people began to “hunt and kill”-pursuing the biggest goal and demanding huge expenditures.

After the emergence of ransomware as a service (Raas), criminals lacking technical acumen also joined in. In this organization, the organization leased the virus on the dark web as a “subordinate” and cut their income.

Rick Holland, chief information security officer of the cybersecurity organization Digital Shadows, said: “The barriers to entry are very low.”

Allegedly the perpetrator of the colonial pipeline hack, this is a Russian group called DarkSide, Ran a membership plan like thisAccording to the network security organization FireEye, this means that another organization may also be involved in the colonial attack.

Joshua Motta, co-founder and chief executive officer of Coalition, a cyber insurance group, said: “There is a division of labor, and criminals are cooperating across borders.”

Private and public sector only** estimated bar graph (in millions of dollars) showing global ransomware cost*

Follow the money

Cyber ​​experts and the government continue to debate the most effective way to defeat cyber cartels. One of the most difficult questions is whether the government should completely prohibit victims from paying ransoms.

Brett Callow, an analyst at Emsisoft, said: “This is an issue that the government urgently needs to consider.” “Make ransomware attacks unprofitable and the attacks will stop.”

But opponents warn that given the low cost and low risk of launching an attack, the ban will not serve to deter hackers and may push gangs to more vulnerable targets, such as hospitals.

The FBI recommended not to pay the ransom, but in the colonial case, the White House admitted that the company was stuck in a difficult situation.

Last month, the public-private partnership working group of large technology groups including Microsoft and Amazon, together with U.S. officials, recommended that companies be required to review alternatives. Pay the ransom, And then report to the government agency whether the ransom was paid.

Many victims are unwilling to disclose whether they have been attacked or paid because they are worried about reputation damage or strong opposition from laws and regulations.However, Jen Ellis, vice president of community and public affairs and board member of the network organization Rapid7, said: “This can be done privately and there are many ways to stigmatize you. But reporting it gives us greater ability to investigate payments. [and] Follow them. “

This is linked to another need called for by the task force and others: the government has greater supervision of cryptocurrency exchanges, and they believe that cryptocurrency exchanges should comply with the same “know your customers” as traditional financial services. And anti-money laundering laws.

How investigators find clues

At the same time, the US government has stepped up its efforts to hunt down and prosecute ransomware criminal gangs. The US Department of Justice launched its special ransomware department last month. According to a memo written by the Acting Deputy Attorney General John Carlin of the Financial Times, one of its goals is to take action to “destroy and dismantle the criminal ecosystem.”

Tom Kellermann, head of VMware’s cyber security strategy and member of the U.S. Secret Service’s cyber investigation advisory board, said that this may usually involve the removal of servers and other hosting services that help the development of cyber cartels.

Kellermann suggested that Internet service providers can play a role in eliminating dark web forums related to specific gangs. “Why don’t they bury their heads and remove them from the Internet completely?”

Allan Liska of Recorded Future’s Computer Security Incident Response Team said that criminals are often sloppy, which leaves clues to investigators that enable them to take such actions because they “cannot be tracked.” As the ultimate ransomware operator.

There are already signs that in the event of a colony closure, targeting hackers’ infrastructure can help prevent even greater catastrophes. According to two people familiar with the matter, a group of technology and internet companies, as well as US agencies such as the FBI, thwarted the attackers by shutting down US servers used by US hackers to store data before sending the data to Russia. People familiar with the situation. The interruption was first reported by Bloomberg.

There are few attempts to prosecute these groups, many of which operate with impunity in Russia, and it is unlikely that they would be extradited. Last month, the U.S. Treasury Department even accused FSB, one of the Russian intelligence agencies, of “Cultivation and Selection” Ransomware group Evil Corp.

In return, criminals usually avoid targeting Russian organizations and can be required to share access to the victim’s system. “I joked that the safest way to protect yourself from ransomware attacks is to convert all keyboards to a layout using Russian Cyrillic,” Liska said.

A bar graph showing the most important data breaches by the number of records, millions (2020)

Use sanctions

Dmitri Alperovitch, co-founder of the security organization CrowdStrike, now runs the Silverado Policy Accelerator think tank. Say on twitter: “We don’t have a ransomware problem. We have a Russia problem. That’s it.”

The Public-Private Ransomware Working Group recommends strengthening international coordination and “applying pressure” on countries that refuse to cooperate (for example, through sanctions or withholding aid or visas).

So far, the United States has chosen to impose sanctions on certain organizations (such as Evil Corp) in order to deter potential ransom payers. In October, the U.S. Treasury Department warning Any group that might help facilitate ransom payments-cybersecurity, negotiators, and insurance companies-must not violate sanctions and issue similar warnings to financial institutions such as cryptocurrency exchanges.

Not everyone heeds these warnings.according to Data from ChainalysisThe company analyzed blockchain transactions. Approximately 15% of the ransom payments it tracked in 2020 (or a total of nearly $60 million) may have violated sanctions, as these sanctions appear to have been sent to or associated with blacklisted organizations. The organization has an associated organization.

There are few options for prosecuting the government. An expert familiar with government methods said that he hopes the authorities will take active actions in front of the perpetrators of the colonial hacker attacks. “There are 10 or 15 young boys or girls attending a lot of parties and wanting a lot of money. You don’t follow them in Russia, but you follow them when you vacation in Greece.”



[ad_2]

Source link