The screen goes blank. A message appears in raw English, direct from Google’s automatic translator, notifying that all your files have been encrypted – made unusable – and can only be restored if a ransom is paid.
After a few comings and goings, you pay with Bitcoin or some other cryptocurrency, most likely to a criminal gang located in Russia. There is no option: it is cheaper and much faster to pay than to rebuild an entire computer system right from the start. To avoid further trouble or embarrassment, many victims do not even notify the police.
A few years ago the ransom could have been a few hundred dollars. In early May, the Colonial Pipeline company paid 5 million dollars to the DarkSide ransomware (data hijacking) gang to get the oil flowing through their pipeline again. (Part was recovered by the US Department of Justice)
In June, the meat processing company JBS paid $ 11 million to the Russian band REvil (Evil Ransomware). About a month ago, REvil again carried out what may be the largest cyber attack to date, paralyzing the systems of about a thousand companies after hacking into an information technology service provider that all of them used.
This time, the ransom demand was for $ 70 million. The criminals behind ransomware have also evolved, going from being solitary sharks to forming a business in which tasks are outsourced to criminal groups specialized in hacking, collecting ransoms or organizing robot armies.
Ransomware attacks they can paralyze infrastructures criticisms such as hospitals and schools and even the basic functions of large cities.
Using such simple methods like spoofing emails, hackers can take control of entire computer systems, steal personal data and passwords, and then demand a ransom to restore access.
In about twelve years, ransomware has become one of the main cyber problems of our time, big enough for President Biden to put it high on the agenda to deal with Russia’s President Vladimir Putin when they met in June, and for congressional lawmakers to work on various bills that, among other things, they would force the victims to report the attacks to the government.
It is a war that must be fought and won. Although the extortion business is run by a relatively small network of criminals seeking extraordinary profits, its ability to seriously disrupt economies and breach strategically critical companies or agencies also makes it a formidable potential threat to national security.
The attack on the Colonial Pipeline resulted in an almost instantaneous shortage fuel and spread panic in the southeastern United States.
Big attacks make news, but the main prey of data hijacking gangs is the small and medium business or institution that is devastated by the interruption of its computers and the payment of the ransom.
No one knows how many have been attackedas, unlike with personal information breaches, most ransomware attacks are not required by law to be reported (although this is something else that Congress may change soon).
The 2020 FBI Internet Crime Report lists 2,474 attacks in the United States, with losses exceeding $ 29.1 million. The reality is probably of a different magnitude.
Millions and millions
The German data analytics company Statista estimates that in 2020 there were 304 million attacks worldwide, an increase of 62% compared to 2019. The majority, according to Statista, occurred in the professional sector: lawyers, accountants, consultants and the like.
Whatever the true scope, the problem will not resolve with patches, antivirus, or two-factor authentication, although security experts stress that any protection helps.
“We will not be able to defend ourselves to get out of this problem”says Dmitri Alperovitch, president of the nonprofit bipartisan think tank Silverado Policy Accelerator and a leading authority on ransomware.
“We have too many vulnerabilities. Small businesses, libraries and fire departments they can never afford the necessary technology and specialized security personnel. “The battle must take place elsewhere, and the place to start is Russia.
There, according to experts, is where most attacks originate. Three other countries — China, Iran, and North Korea — are also major players, and the obvious common feature is that they are all autocracies whose security apparatuses undoubtedly know very well who the hackers are and could neutralize them in a minute.
So the presumption is that criminals are protectedEither through bribes – which they can hand out generously given their ostensible benefits – doing free government jobs, or both.
It’s clear that ransomware gangs take good care not to target their powers. Computer security analysts discovered that REvil’s code was written in such a way that malware avoid any computer whose language by default it is Russian, Ukrainian, Belarusian, Tajik, Armenian, Azerbaijani, Georgian, Kazakh, Kyrgyz, Turkish, Uzbek, Tatar, Romanian or Syrian.
The problem is not finding the criminals. The US government has the means to identify and apprehend potential cybercriminals on its own territory and to help allies find them on theirs.
In fact, Washington has identified and charged many Russian cybercriminals; the FBI, for example, has offered a reward of 3 million dollars for information leading to the arrest of Evgeniy Bogachev, alias “lucky12345”, an expert hacker from southern Russia whose malicious software has caused financial losses of more than $ 100 million.
The key is to force Putin to act against them. Biden said that, in his June summit with him, he demanded that Russia end the ransomware bands it harbors and identified 16 critical sectors of the US economy where the attacks had consequences.
However, two weeks later, REvil carried out the largest cyber attack in history. by hacking into Kaseya’s systems, a company that supplies management software for the information technology industry, and attacking hundreds of its small business clients.
That prompted Biden to call Putin on the phone and later testify. that “we hope they act”. When asked by a reporter if he was going to kill REvil’s servers if Putin didn’t, Biden simply said “Yes.” Soon after, REvil abruptly disappeared from the dark web.
As tempting as it is to believe that Biden persuaded the Russians to act or that he wiped out the gang’s servers with American resources, it is equally possible that REvil turned off on its own intending, as so often in his dark world, to reappear later under other guises.
As long as hackers focus on business blackmail abroad, Putin probably sees no reason to remove them. They do not harm him or his friends and can be used by his spies when necessary.
Unlike “official” hackers, who work for military intelligence and have been sanctioned by Washington and Europe for meddling in elections or poking around government systems, Putin can deny all responsibility for what the criminal gangs do. “It’s nonsense. It’s funny,” he said in June when asked about Russia’s role in ransomware attacks. “It is absurd to accuse Russia of this.”
Apparently the Russians also believe they can turn their control over ransomware gangs into an advantage to negotiate with the West.
This was indicated by Sergei Rybakov, deputy foreign minister who leads the Russian side in the strategic stability talks that began at the Biden-Putin summit, when recently complained that the United States you were focusing on ransomware out of other security concerns.
The ransomware, Rybakov implied, is part of a higher pile of figurines to exchange.
That, Silverado expert Dmitri Alperovitch said, indicates that Putin does not appreciate seriousness with which the new American president takes the ransomware.
For reasons that are not yet clear, as President Donald Trump, he was willing to give Putin carte blanche for any cyberattack shenanigans. Biden, on the other hand, looks like the champion of small businesses and the middle class, and that’s where ransomware hurts the most.
Writing both for The Washington Post, Alperovitch and Matthew Rojansky, an expert on Russia who heads the Kennan Institute at the Wilson Center, which specializes in that country, argue that Biden should confront Putin with a clear message: Take strong action or face the consequences.
If the Russians do not agree, write the authors of the article, the government of Biden “could hit Russia where it hurts the most sanctioning its largest oil and gas companies, which are responsible for a significant fraction of the Russian government’s revenue. “
In general, marking the court for Russia does not work. It would be better to convey the message privately so that Putin is not forced to back down publicly to the US Biden may have already delivered that message. If so, you should be prepared to do so.
The other critical ransomware factor is cryptocurrencies. It is no coincidence that there were few ransomware attacks before Bitcoin emerged around twelve years ago. Now, cybercriminals can charge in a hard-to-trace currency and recover, even though the US government was able to do so when it recovered $ 2.3 million from Colonial Pipeline’s loot.
Cryptocurrencies are said to be one of the issues covered in legislation soon to be presented by the U.S. Senate Committee on Homeland Security.Federal security forces are also urging Congress to pass a law that requires companies to critical industrial sectors affected by a cyberattack to inform the government and A number of other anti-ransomware laws are in the works.
Build a multi-frontal attack against ransomware it will take time and effort. Devising ways to control cryptocurrencies will undoubtedly be complex and thorny. Companies will be reluctant to damage their brand by acknowledging that they have been hacked or paid ransoms, and lawmakers have traditionally been reluctant to pass laws imposing burdens on companies.
But letting Russian hackers continue to wreak havoc on America’s digital infrastructure and the world with impunity. is an immediate and critical challenge. If this does not stop soon, further escalation and the growth of cybercriminal syndicates organized in other dictatorships are almost certain.
Putin must be made to understand that it is not about geopolitics nor of strategic relationships, but of a new and fearsome form of organized crime. Something that every government should try to crush. If he refuses, Putin must know that he will be considered an accomplice and punished as such.