The Anatomy of a Ransomware Attack
Kartikay, a member of the cyber team, sends greetings. As a result of recent ransomware attacks, gas shortages on the East Coast have been seen, as have problems with hospital networks and even disruptions in the supply chains of hamburgers in the United States. However, in the majority of cases, ransoms are paid in secret, and only a few details are ever made public. Even though, according to research firm Chainalysis, the practice is expected to generate $350 million in revenue by 2020.
Because of the secrecy surrounding ransomware assaults, the mechanisms of these attacks are still poorly understood. Listed below is an introduction to some of the most important participants in the surprising specialised field of hacking for profit:
- The hackers: The hacking phase of a ransomware assault is the initial step in the process. Access to a company’s network is granted to hackers through the use of stolen credentials or specialised intrusion tools. The fact is that they aren’t always those that carry out the attack. Following their successful entry, these hackers frequently sell their keys to other attackers who are eager to carry on the exploitation.
- The operators are as follows: In the ransomware industry, there is a whole sub-economy of what I’ll refer to as “operators,” or groups that design software to launch ransomware attacks. Sometimes these organizations will carry out the extortion personally, while other times they will just sell the ransom software, a practice known as ransomware-as-a-service (RaaS). This business model was pioneered by cybercrime organisations such as Maze and Netwalker.
- The infectors are as follows: They will then enter the victim’s network and begin the process of network reconnaissance after gaining access to the network through hacking and obtaining the ransomware software. (Infectors can be either the hackers or the operators, or they can be a completely separate criminal organisation.) There is a wide range of time it will take them to discover and steal the most valuable data from the network, from a few days to several months. After that, they’ll run the ransomware, which will lock (or encrypt) the network. Victims are then barred from regaining access unless they provide a fresh set of keys, known as a decryptor, for which they are willing to pay a fee.
- If a company doesn’t pay up straight away, hackers may hire a separate squad to threaten the company’s employees and executives. Emailing large groups of employees and phoning the victims’ partner companies with more threats are among the tactics being used.
- The lawyers are as follows: After being hacked, a victim’s initial action is frequently to contact an attorney. In a meeting, they’ll decide who has to be informed of the breach, whether payment to the attackers will break federal sanctions rules, and how much it will cost to defend against those rules if they do.
- The backup plan is as follows: Those that have been victimized might engage security services from businesses such as Mandiant Corporation, CrowdStrike, and Microsoft Corporation. These companies will assist victims in determining the initial source of the compromise, preventing re-entry, and, in certain cases, developing a solution that allows them to avoid paying anything at all.
- The insurers are as follows: If a corporation determines that it is necessary to pay a ransom, cyber insurance coverage are frequently designed to cover the expense. When it comes to ransom demands, the largest corporations typically stack policies to ensure they are protected against sums that can go into the tens of millions of dollars. General insurers such as Beazley PLC and AXA SA, as well as cyber-specific enterprises such as Coalition Inc., are among the cyber insurers. Ransomware has gotten so widespread in recent years that it has become an unprofitable business to be in.
The mixers are as follows: Once payment has been agreed upon, the victim is instructed to transfer the ransom to a bitcoin wallet of their choosing. They then launder the cryptocurrency by passing it through a mixer, who blends the currency with other digital coins to conceal its origin.
- The decrypters: After making a payment, victims are provided with a digital key that allows them to recover access to their network. Returning to the internet, on the other hand, might feel like walking into your house after being robbed. Some files aren’t where they used to be, and the software doesn’t always perform as expected. Decryption businesses make an effort to ensure that the decryption key performs as intended.
- That’s a simplified explanation of how these techniques function in practice. This thriving cottage economy is expected to develop much more in the coming years, as ransoms continue to rise in price and both hackers and cybersecurity corporations become more sophisticated. Be prepared for the situation to worsen before it improves. Kartikay Mehrotra is the author of this piece.
Is there anything I’m missing? I’d appreciate it if you could get in touch with me. Please contact me through this form.
If there’s one thing you should take away from this, it’s that Niantic, the company behind Pokemon Go, hopes to be more than a one-hit-wonder. The company is now working on over a dozen new games, including a Transformers release, and is attempting to determine how to commercialise its augmented reality capabilities.
And here’s what you need to know about the latest developments in global technology.
Apple is preparing to introduce a quicker and more intelligent watch later this year. In addition, the company is working on two new models for next year, one for entry-level consumers and another for extreme athletes.
Cheng Wei, the co-founder of Didi, the Chinese ride-hailing giant, is on his way to becoming extremely wealthy.
As part of the agreement, photo-sharing platform Shutterfly will purchase home decor marketplace Spoonflower for $225 million, further expanding the company’s reach into the creator economy.