Blake Dowling
Hackers are getting more aggressive — and asking for big bucks.
The increase of monetary demands in cybersecurity incidents (such as ransomware exposure) continues on the uptick.
Instead of tens of thousands, hackers now ask for hundreds of thousands to millions of dollars from those infected with this type of malware.
Hospitals and schools in Florida are the most lucrative targets for these criminals. One recent case was the Broward County School District, the target of ransomware just last month.
In this case, hackers behind the attack asked for a whopping $40 million to hand over the decryption keys to the school — allowing them to unlock their frozen files and network.
This type of crime starts when a criminal targets someone in the organization, usually by way of a seemingly innocent-looking email from someone they know or from an organization they do business with (spoofed, it’s not really them) containing a link.
Click the link and, bam! The threat is unleashed, and all computers are encrypted.
If you pay the ransom, the criminals say they will give you (maybe) the encryption keys to unlock your frozen system.
Broward Schools issued a statement saying they will not pay the ransom, but the ask is out there, and it is off the charts.
There are also some strange facts in this scenario.
The difference between the Broward attack and those in Rivera and other spots in Florida (where they paid a relatively small six-figure ransom of $600,000), the criminals priced those ransoms in a range the target could afford.
But in Broward, negotiations began. The school offered the hackers $500,000, but they said no, saying they know about the “royal family (?).”
Meanwhile, the school system chose to recover on its own; we will see if the hackers leak any data in the coming days/week. That is what they threaten to do if you don’t pay the ransom.
Unless there’s an “Earl of Ft. Lauderdale” I don’t know about, I think these criminals are a bit confused.
So regardless of the oddities with the Broward situation, why do these ransoms continue to go up?
Because people keep paying these “ransomware gangs.”
Just like anything else, if there were no profits, people would stop doing it, but it is more than just profitable; it is EXTREMELY profitable. These overseas gangs are raking in huge payouts.
According to ZDNet, the largest on record (for now) is $10 million.
Why can’t these criminals be stopped?
Because they are far away and there is no normal paper trail usually associated with financial crimes. There are no stacks of cash to haul, payments are made via cryptocurrency, and many overseas governments are not interested in cooperating with our law enforcement.
For example, the individual responsible for the “WannaCry” ransomware attack, which breached Sony (and many others) a couple of years ago, was identified as a North Korean.
But as authorities got closer, NK said he does not exist.
One of the few ransomware attackers that were actually apprehend was only caught when he was lured into custody by a whistleblower working with U.S. authorities.
A Russian, Egor Igorevich Kriuchkov, contacted an American IT person online, pitching the idea to infect his employer’s network with malware; once frozen, they would demand a ransom to unlock it.
The American said, “sounds good,” while secretly contacting law enforcement.
A trap was set, and when he came to the U.S., Kriuchkov was promptly arrested.
Normally, these attacks come via email, not by hand. The foreign hacking entity waits for someone to click on one of the emails. And once they do … payday.
It is also said that these email attacks, if they happen to infect a group inside its home country, are set to automatically go dormant — so as not to upset the hometown government that a President-for-life or similar character might run.
A hacker does not wish to upset the big guy (or get poisoned).
Plus, one assumes that many of these out-of-country hackers are in cahoots with their governments, assisting in U.S. election meddling or who knows what else.
Until law enforcement can stop them or their governments start turning them in instead of turning a blind eye, it is up to all of us to get in the fight.
Do not click on emails from people you do not know, scrutinize emails that appear to be from people you know, never give personal info, back up your data redundantly, deploy two-factor authentication, and tighten those passwords.
Most importantly, if your organization is targeted, don’t give in. Never pay the ransom, which is what keeps these computer criminals in the game.
If the money dries up, they move on.
And the Earl of Ft. Lauderdale and the Broward royal family stay safe.
___
Blake Dowling is CEO of Aegis Business Technologies and can be reached at [email protected].
