Ransomware — The Line Between Crime And Terror

THE RECENT ransomware infections, “WannaCry” and “Petya”, are a worrying trend for the world as they could be precursors of something more ominous.

Like WannaCry, Petya spread quickly through networks that use Microsoft Windows. However, the real motives for Petya are not clear as the account for bitcoin ransom payments was swiftly shut down by its Internet service provider.

While ransomware has re-entered the spotlight, it still only makes up a small share of the overall malware threat that a globally interconnected world faces. According to IT security software firm G Data and IT security institute AV-Test, the malware market share of ransomware is smaller compared to other malware specimens like viruses, trojans, worms, scripts and password trojans. However, the threat that ransomware poses can be inordinately larger.

This was evident with Petya. It spread through several large firms including Danish shipping and transport firm Maersk, British advertising giant WPP, US pharmaceuticals firm Merck and US food company Mondelez. The chaos created by Petya was very costly for these corporations.

The lack of money collected suggests that the infection was more an example of cyber terrorism than cyber crime.

You might also want to read:

Charger Award — Taking Stock Of The Market

The Certainty Of Uncertainty Ahead

Crime Or Terror?

Ransomware is a form of cyber crime that leverages on the ubiquity of computer networks and their interconnectivity. It blocks access to computers. They have been common since the mid-2000s, though the first attack has been traced back to the late 1980s with the physical distribution of floppy disks containining a virus. Among the more notorious recent ransomware are CryptoWall and TeslaCrypt.

In 2015, a group known as the Armada Collective carried out ransomware attacks on three banks in Greece. The group demanded €7 million from each bank but none of the banks paid up. Instead, they beefed up their defenses and staved off further disruptions despite subsequent attempts by the Armada Collective to unleash ransomware.

However, it looks like the people behind the Armada Collective were never caught. In late June this year, the hacker group threatened to launch a distributed denial-of-service (DDoS) attack against seven South Korean banks unless they paid about US$315,000 in bitcoin in total.

DDoS attacks overwhelm and immobilise websites by directing a lot of traffic to them. The warning prompted the banks to strengthen their security systems.

The experience of the Greek and Korean banks shows that any negative impact of ransomware is largely inversely proportional to the money that is invested to ramp up cyber security. We don’t often hear of banks being affected by ransomware or viruses because they are very conscious of cyber security, spending billions on securing their systems. A malware-weakened banking system would be a huge systemic risk for countries.

What If It Strikes Infrastructure?

However, no system is foolproof. Malware will likely get more sophisticated. Worst-case scenarios would be malware that can infect critical infrastructure like water utilities, power grids and global navigation systems. There have been no reports over the years of hacker groups and malware causing deaths, but the possibility cannot be discounted. Who would want the Die Hard series of films to be considered prescient?

There are several fundamental cyber security best practices that can reduce the risk of being infected by ransomware. They include:

1. Backing up data regularly and keeping software up to date;

2. There should also be awareness of signs of ransomware distribution tactics such as phishing attacks and spoofed websites.

The recent debilitating attacks of WannaCry and Petra are a stark reminder that people and corporations are hugely dependent on computer systems that are open to manipulation and failure. The risks of using such systems are ignored because of the convenience that they accord. There is also a general feeling that there is always someone else who has their eyes on the ball in terms of managing the risks. We have seen that this is not so.

As technology advances, it is probable that the sophistication of ransomware infections will also advance in tandem. The more success that cybercriminals have, the hungrier they will be to extract greater amounts of money from victims. The logical conclusion will be to go for bigger targets. Any attack on such targets could cross the line for cyber crime to cyber terrorism.

Thus It Was Unboxed by One-Five-Four Analytics presents alternative angles to current events. Reach us at 154analytics@gmail.com

Main Image: BoonritP / Shutterstock.com

See also  Meddling With The Middleman