In the past year, some of the UK’s most prominent institutions, including the Guardian and Royal Mail, have fallen victim to ransomware, a cyber crime that has become defining of our time. This criminal act involves hackers encrypting computer networks and demanding payment in exchange for the keys to restore them, causing chaos and leaving victims desperate for recovery.
Ransomware gangs have targeted nearly every sector of society, from healthcare and business to government and education, making demands that often reach into the tens of millions. Ironically, just before the release of my own book on ransomware, my publisher experienced a devastating attack, leaving my co-author and me unable to contact our editors via phone or email.
In recent weeks alone, the UK has witnessed separate attacks compromising sensitive NHS employee records, confidential emails, and the data of over a million patients. In the US, a baby’s tragic death was attributed to a ransomware attack on an Alabama hospital in 2019, which disabled monitors displaying crucial foetal heart-rate tracing information at a nurses’ station.
So how has this criminal enterprise gained such significant traction? Just a decade ago, ransomware was a relatively unknown crime that primarily impacted home computer users. Hackers would demand a few hundred pounds in cryptocurrency for the return of locked family photos and personal files. They worked mostly individually or in small groups, using spam emails to distribute ransomware to a wide range of potential victims, knowing only a small fraction would fall into their trap.
While early ransomware profits were modest under this “spray and pray” model, it appealed to hackers due to its simplicity. Traditional data breaches required labor-intensive efforts to find buyers for stolen information, such as credit card numbers, but ransomware made the hack itself profitable.
Criminals seeking the path of least resistance quickly joined the extortion economy, leading to the organization of ransomware gangs that resembled legitimate corporations. Many found shelter in countries like Russia, North Korea, and Iran, while parts of eastern Europe also became hotspots for cyber gangs. Today, hackers operate worldwide.
The most ambitious gangs, like Ryuk and REvil, began recruiting experts with the skills to infiltrate large organizations with deeper pockets than individual users, using a strategy called “big game hunting.” Job advertisements on the dark web outlined specific qualifications, such as proficiency in Cobalt Strike, a legitimate tool co-opted by hackers to identify system vulnerabilities. Applicants were even asked to provide examples of their prior successful attacks before being considered for an online interview.
Similar to how legitimate manufacturers outsource logistics or web design, ransomware gangs started delegating tasks outside their expertise. They hired specialists from the dark web to steal credentials and identify vulnerabilities within target networks. They also engaged others to ensure their ransomware remained undetectable by standard anti-malware scanners. Some groups even outsourced calls to a call center in India, contacting employees or clients of victim organizations that had not paid the ransom. This outsourcing allowed the gangs to focus on enhancing the quality of their ransomware, resulting in heightened success and devastation for victims.
In late 2019, the Maze gang pioneered a strategy that inflicted even more pain on victims. Instead of simply locking companies out of their networks, Maze downloaded extensive amounts of the most sensitive files before activating the ransomware. They then threatened to leak the data if the ransom demand was not met. Companies often felt compelled to pay, fearing the release of sensitive information even if they had reliable backups. This approach inspired other gangs to adopt what became known as “double extortion,” creating “leak sites” on the dark web for cyber criminals or the public to access stolen data.
This paved the way for a new type of cyber ransom tactic, as demonstrated in attacks against British Airways, Boots, and the BBC. Instead of encrypting victims’ networks, hackers directly stole sensitive records such as names, addresses, national insurance numbers, and banking details, proceeding immediately to ransom demands. Additional UK victims, including Transport for London and Shell, have since been identified. The global impact of this attack extended to US government agencies, including the Department of Energy. In this latest twist, victims have lost the failsafe option of protecting themselves through robust backups.
Despite advancing criminal tactics, efforts to weaken cyber gangs are underway. The Netherlands, known for its fast and reliable internet, has become a favored spot for hackers to set up their servers for criminal activities. In response, the Dutch national police established a high tech crime unit in 2007. Beyond arrests, the unit prioritizes actions that reduce hackers’ returns on investment, seizing their servers, disrupting ransomware-spreading botnets, and warning potential victims of imminent attacks.
With the possibility of hostile foreign governments leveraging ransomware for intelligence operations, the focus on data theft by hackers becomes increasingly alarming, and law enforcement efforts to combat it grow more crucial. As George Orwell once observed, “The history of civilization is largely the history of weapons.” Today, digital weapons are shaping our world, and ransomware poses perhaps the greatest threat of all. Hackers are only beginning to explore its potential for both monetary gain and chaos.
Denial of responsibility! VigourTimes is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
