Ransomware attacks: Standing your ground pays off!

Ransomware attacks are particularly cruel: Cyber criminals encrypt data and demand a ransom for its safe release, threatening that they will either delete data to bring a company to its knees or make the data public. For important business data and sensitive, personal information, this is a horrifying scenario and disaster for every company. Without access to data, entire production lines can stand still. The Allianz Risk Barometer 2022 even identified ransomware as one of the biggest business risks worldwide. In a nutshell, ransomware spells trouble.

But first of all, attacks can be prevented by training employees and encrypting data transfer – especially with rapidly increasing IT complexity, there are more entry points that should remain closed to criminals. It is claimed that anti-malware software blocks up to one million new malware variants every day.

If malware has been detected, companies can immediately trigger their contingency plan. Every company should have one of these, and at the same time start negotiations with the criminals. Sometimes, attackers even manage to trip themselves up and reveal information that might lead to their arrest. And it is perfectly OK to feel good when the authorities come knocking at their door!

Blackmail beyond the back streets

Today’s private eyes don’t need to hide in the closet to take compromising photographs that they can use to blackmail their victims. Now cybercriminals usually send professional emails with eye-catching attachments or access data in other ways – such as social engineering. If criminals gain access to data, they encrypt it and blackmail the owner – but the attackers have to show some smarts to ultimately get money into their own account. Fortunately, this is not always the case. Which is good news for you.

Caution is the name of the game

The FBI has good profilers, as does the German BKA. For example, if malware creates a file called penis32.exe, it might reveal a teenager at work. But that’s often not enough to nail the culprit. Fortunately, the attacker made it easy for the police this time: The malware contacted a website that the teenager had registered under his real name and also included his address. All they had to do was pick him up. And if that wasn’t enough: His IP address was easily traced back to his father's internet account. This cost the young man a few years in prison and community service.

But it is not only the young criminals who are clearly following in these footsteps: Italian programmers of commercial spyware have also been caught out. Such software is used anonymously to avoid diplomatic and legal complications. But independent analysts discovered the company’s URL in the code of Android.Mobilespy. That wasn’t such a bright idea!

The sheep in wolf's clothing

A few petty criminals wanted to appear more dangerous than their technical abilities allowed and called their blackmail attempts "Hitler Ransonware" – with a typo in the name and made themselves even more ridiculous by demanding just 25 euros. To top it off, the malware didn’t even encrypt anything, but erased all data after an hour. Who would pay for the decryption of data that has been deleted and that is usually easy to recover or restore from a backup (which should always be available)?

The situation was similar for another group: In order to intimidate the victim and drive up the ransom demand, the hackers published part of the captured data – which, however, belonged to a completely different company. Can these idiots be taken seriously? The affected company may have had to do so… but most cases of cybercrime are often nebulous.

The smoking gun – criminal business models are short-term

The malware CryptoDefense is very professional and offers strong encryption. Without the decryption code, the data was inaccessible and ransom payments via Bitcoins remained largely anonymous. Allegedly, the criminals earned around $34,000 in the first month. But then it was over: The decryption method used left a copy of the decryption code on the victim's computer. Anyone who knew about it could easily decrypt their files themselves. The masterminds must have been quite annoyed…

Hot pursuit in Japan

It's not your day when the police are at the door with an arrest warrant for sending death threats. Especially if you don’t know anything about it and they were sent via a remote control virus from your PC without your knowledge,

In Japan, the author of this virus was so desperate for recognition and set out on a cat-and-mouse chase with the police in a plot that would might have come from Hollywood's best screenwriters. When the police struggled to catch him, they were willing to pay $27,000 for clues leading to his capture. The author sent riddles to the press, suggesting that whoever solved the riddles would find a cat. The cat was found on an island with an SD card containing the virus code attached to its collar. But real life isn't Hollywood: There was a surveillance camera near the cat. For a 30-year-old man from Tokyo, this slip up led to eight years in prison.

Other attackers also fell for the remote control virus: They encrypted the victim's entire system including their own access to the system. Always take the key with you when you leave the house! 

Honesty is clearly the best policy.

People who spread malware usually don’t prosper for long – and they are increasingly facing strong opponents who know how to protect themselves. This is because cybersecurity awareness is far more widespread in companies of all sizes. Negotiators in companies are also becoming more professional: Recently a company encouraged a group of hackers to publish the data and refused to pay. The hackers were happy to oblige. And the company were able to download their unencrypted data. 

Source: https://medium.com/threat-intel/malware-fails-cybersecurity-d37fa1fc525