Ransomware attacks are the cyber threats of our times. It seems like no one is safe from having their data encrypted by dark web forces only to be asked to pay to get it back. The share of ransomware attacks really dramatically rose over the past years and usually by more than 100 up to 200 per year, theyre making businesses poorer. This is, you know, big money, hundreds of millions of dollars, maybe even billions of dollars per year in ransom, attacks and hackers much much richer. The best cyber criminals in the world, like some of the young guys in st petersburg or in other cities around the world. Theyre, making a million dollars a month were witnessing the industrialization of cybercrime. Not only is there money to be made in demanding large ransoms from hacking victims or from selling their precious data onto third parties, but theres also a business opportunity in servicing. The hackers themselves in this video well follow the money. How much are hackers making who is helping them and what are the costs of paying the ransom or not im in the district of anhelt bitterfeld in the german state of saxony amholt, just a few weeks ago, the council here fell victim to a savage cyber attack. Hackers got into their computer systems and crippled them. Computers, yeah and the council had fallen victim to a classic ransomware attack heres how they usually work. Having chosen their victim, the hacker gains access to key files on their computer, having exploited some security flaw to get in the hacker, then encrypts the files, meaning the victim, can no longer use them.
Theyll then discover a ransom demand from the hacker pay up and get your files back. 2021 has seen ransomware attacks on a scale never seen before a hack on the colonial pipeline affected fuel supplies to much of the u.s east coast. Another cyber attack on software provider corsair had an impact on businesses around the world is technique. As i speak to you its three weeks after the original cyber attack, but the council here still cant provide some pretty basic services. For example, in unhealth bitter felt you can currently buy a car. You cant drive it anywhere because you cant register it. The quickest way out of a ransomware attack is to pay the ransom. Usually the victim will get access to their files back, but if they dont pay well, their files stay encrypted and the hacker may even threaten to sell access to those files to someone else. So we dont know how much in ransom the hackers are demanding, but the cost to the council here of creating a whole new safe network, is going to be huge. But as soon as a ransomware attack happens, the victim can be sure its going to cost them. Not only is the average ransom demand estimated at 150, 000 to public and private bodies, but also theres the cost of recovery and thats, potentially the biggest cost of all. I mean the average ransomware attack results in 21 days of downtime for a business. The cost of that is average to over a quarter of a million dollars.
Hackers are aware of these extra costs to the victims and use them to their advantage when setting the ransom. They actually look at. You know how much money this company makes a month, if were shutting everything down, how how much is it going to cost that organization and whats a good price to set our ransom at thats, not too high, because we dont want them to you know avoid us And not pay it and try to find other ways to to get back online, but not too low because then were leaving money on the table. The past few years have seen ransomware attacks grow, not just in number but in size and with that so of the ransoms ransomware. If you think back to 2016 was an individual problem and you would have to pay a couple hundred dollars to get the key to recover that data in 2016 2017 timeframe, we started seeing threat actors emerge that understood that if they targeted an enterprise with that same Attack they could demand much higher dollar figures, so three, four hundred dollars became ten fifteen twenty thousand dollar in ransom. Attack that has gone up. You know exponentially, i think, were seeing routinely millions and millions tens. Fifty a hundred million dollars even more in some cases in ransom demands and these enormous ransom amounts are being paid. Colonial pipeline revealed it handed over five million dollars to the hackers just a day after the cyber attack began, the worlds biggest meat producer, jbs paid 11 million to end its ransomware nightmare victims, arent always open about whether or not they pay out, but clearly enough of Them are were certainly seeing and aware of many of these ransom payments going out because we track the cryptocurrency wallets that these threat actors are using and were able to identify when there are payments being made.
I think its a lot more frequently than anybody would care to admit, because these threat actors arent going to keep doing these types of attacks if theyre not making money off of it. However, the ransom isnt the only way the hackers can get money out of their victim. Remember theyve had access to all of their precious files. They can also make money by reselling data that they gained in the attacks, for example, of course, private personally identifiable data or also lets say, identity and access data that will allow third parties to maliciously exploit a company server or something like that. We cant talk about the costs of cyber attacks without talking about crypto currencies. The fact is: ransom payments, arent made in dollars or euros theyre made with cryptocurrencies online encrypted currencies that leave no paper trail anonymous, untraceable everything. A hacker could want its all the advantages of cash from a criminal standpoint, but with this added advantage of it being able to work across the internet, you know the problem with cash as a criminal is that its physical and you have to move it. Um cryptocurrency removes that issue for them, so its obviously a fairly attractive way to get all this done. They can effectively launder that without ever leaving their uh. You know their house and then they can also do things like jump from one chain, one one blockchain to another: blockchain uh, so converting it from bitcoin to monero or something like that, and it becomes very hard to follow the money.
So who are they? Well? As the scale of the ransomware hacks has changed in recent years, so have the attackers large scale. Cyber attacks are rarely carried out by the archetypal individual hacker hunched over a keyboard in a dimly lit room to attack a complex organization often takes a complex organization. We see an increasing professional professionalization of ransomware groups actually conducting these attacks, so its not only individuals, its a criminal activity where people want to make money and theres a whole ecosystem. There theres an ecosystem of tools, ecosystems of organized crime, networks, hacking networks, tool, networks, uh teams that work together around the world, thats rod beckstrom once head of the national cyber security center. He spent years on the front line of the us fight against cybercrime. No firmament will simplify the world and say theres three superpowers in in hacking: theres u.s, russia, china. They have very different models and different motivations. You know if you look at the us us kind of wants to be the uh protector of the free world, so theyre, using their their capabilities to watch whats going on in the world, prosecute crimes, press crew, drug rings, counter terrorism, etc, etc. If you look at china, their goal is to become you know, a super rich and prosperous middle kingdom to be a world power. Russia, on the other hand, is lost its empire right. The soviet unions gone. It may wish to regain that and in the meantime, it doesnt have the same power status geopolitically it had before, and so it seeks relevance.
How does it become relevant, yeah by being disruptive and a great way to be disruptive is to interfere with your rivals, infrastructure and their businesses theres an important distinction to make when it comes to national governments and cyber attacks and thats between states commissioning the hacks themselves Or simply just allowing them to be carried out from their territory, theres, definitely a sense of it being easier to conduct this sort of operation in in certain parts of the world compared to others. So thats, not the same as a nation state funding. This type of activity – but you know, in terms of its consequence, its kind of similar, the us and others – have accused russia of providing a safe haven for hackers, turning a blind eye to their activities. As long as russian targets are left alone, the kremlin has never confirmed nor denied it. The countrys surplus of computing talent and shortage of well paid jobs make russia a rich breeding ground for hackers. When you have state run hacking activities, the people that work for the state as employees of the government dont make nearly as much as they can make doing criminal activities that this hacking is bad for russia, because youre teaching your best and brightest youre, brilliant young people Who could be building companies and and building fruitful technologies? In some cases in many cases are doing criminal activities and thats not good. Often, these criminal groups can rival in size their biggest targets.
Vast networks of hackers operating on the dark web not only carrying out the ransomware attacks but helping others to execute them too, its known as ransomware as a service and like its legitimate counterparts, software as a service. It involves the leasing out of computer programs at a price, but you wont find a download link for these ones by searching on google. It handles all of the key management it handles all of the data extortion in some cases, and it also can handle the negotiation and payment in some cases, and so you can come in as a fairly novice criminal actor just having some skills and use this ransomware. As a service to basically be the back end of your operations, what we can see is that these groups become increasingly professional not only in terms of the tools that they develop, but also in terms of the lets say, customer service they offer to clients. And for that that service theyre, taking you know 20 25 30 off the top of the ransom demand. These dark web services include a lot of the things we expect from the normal web. The wannabe hacker can get access to customer support, faqs and even reviews. I would argue that ransomware operators took some cues from silicon valley and, and that was actually a part of you know what kind of inspired ransomware as a service its not that silicon values to blame, and these criminal groups wont just offer support to the hacker who Hires them theyll also offer their services to the party whos been hacked.
They engage with these victims in case victims have questions on. You know how to pay or how, how to regain their data or how to pay the ransom, because its in the interest of these ransomware groups to get paid or to receive the ransoms. If you get infected with ransomware, it will teach you how to sign up. For a bitcoin wallet, how to you know connect your credit card to all these different things is very helpful. Um in that sense, like some of these, these operators even have like fully serviced and actually quite good support services. The whole industry around hacking has reached a level of professionalism that many legitimate sectors could only dream of with the cybercrime business booming on the dark web. Are we losing the battle against the hackers? I dont think that either public or private companies are especially well prepared for ransomware attacks. These attacks are extremely complex and the technologies that they target are extremely complex, so its very difficult for one organization to secure their entire networks against any kind of attack. Its about being uh, you know having good hygiene being being safe, but also being forward working with threat, hunting and threat intelligence to make sure that youre not waiting to be a victim uh, because, if you are are hoping its not gon na happen to you hope Is not a strategy calling it out as a business model, thats deliberate, because ransoms go back. You know at least 500 600 years um in in terms of written history like its not a new idea, its just being applied in this different framework and and that framework makes it really successful.
I have a law of cyber security, its called beckstroms law of cyber security, its 12 words, anything networked can be hacked, everything is being networked. Everything is vulnerable and thats all from this edition of dw business beyond.