Hardware, software, ransomware… Sounds like the punchline of a corny joke or a minor plot detail in a Bond film, right?
Ransomware has existed for some time, and it has made life miserable for a lot of people. Ransomware is a derivative of malware, a general term for software with a malicious intent. Just as its name suggests, the main goal of ransomware is to extort money from the user by holding something on their computer “hostage” or putting them into a compromising situation.
Ransomware attacks typically occur when a user unknowingly contracts a Trojan (malware disguised as legitimate software) via a downloaded file or vulnerability in their network’s security. In 1989 the first major instance of ransomware occurred when a disk entitled “AIDS Information Introductory Diskette” was distributed to a mailing list. Once people on the mailing list ran the disk, a program entitled “AIDS” was activated.
“AIDS”, also known as “PC Cyborg” operated by hiding and encrypting all the files on the infected users’ hard drives, rendering their systems unusable. The users then received a vague prompt informing them that their license to use a particular piece of software had lapsed. Next they were prompted to pay $189 to a “PC Cyborg Corporation” in order to regain access to the files on their computer.
The AIDS ransomware and the majority of ransomware that has appeared since is classified as encrypting ransomware. While there are differences between the various iterations of encrypting ransomware, the common thread between these attacks is that a user’s system is encrypted by a cryptovirus that can only be unlocked with the decryption key held by the virus’ creator.
The other major category of ransomware is called non-encrypting ransomware. Non-encrypting ransomware has increased in popularity over the past five years. Since encryption is not used in these attacks they tend to rely more on fear tactics and smoke screens in order to convince victims to pay up.
Regardless of method, ransomware clearly has become a big problem in that it is preying on thousands of vulnerable people every day and putting millions of dollars into the pockets of cyber criminals.
Beware of Ransomware
Ransomware is becoming an epidemic. It has been on the rise in enterprise businesses, governments and even law enforcement agencies. Even sensitive data from hospitals and police departments have been victimized and forced to pay hefty ransoms to protect their information, leaving no one safe. Since last year, the FBI has seen a dramatic increase in these vicious attacks, especially towards businesses. Detrimental financial documents can be held hostage, and other important data can slow production in businesses causing a breakdown in day to day activities.
According to the Internet Crime Complaint Center, Americans have paid up to $24 million in ransoms. It was shown in the first quarter of 2016 that ransomware attacks have quadrupled and continued to rise since. There have been several recent attacks that can be disguised as common services such as the popular app, Pokemon Go.
One of the most startling threats of ransomware are the ones that include pornography in exchange for ransom to be paid in order to protect yourself from possible criminal charges. The ransom is usually demanded in bitcoin because it offers the cyber criminals a secure and untraceable way to keep their financial history hidden. The use of bitcoin for payment of ransoms makes the sources more difficult to track because of the ability to change hands so many times before reaching a final payout destination. Ransomware is so widespread that there was even a company that offered Ransomware as a Service or Raas, proving just how easy it is for these cyber criminals to get started targeting victims.
Apps and Common Services
In an effort to catch up with the “catch them all” craze, cyber criminals have released a form of ransomware that is disguised as Pokemon Go for Windows in attempts to trick users into installing the malware. This specific version of ransomware is particularly dangerous because it creates a backdoor user account in Windows so that the hackers will still have access to your files even after the ransom has been paid. The Cyber security news site Graham Cluley advises users of Pokemon Go to avoid any links or email attachments that seem suspicious and only download apps from trusted sources. So far, Pokemon Go is not available for Windows, so it is advised that Pokemon Go only be installed from Google Play and the App Store for IOS and Android devices.
Think ransomware can’t follow you on your apps? Think again. Last year, an Android app called “Adult Player” was released. This app accesses the device’s front facing camera and snaps a photo of the user on the homescreen of the device. It then threatens to report the user with criminal charges as a scare tactic. One ransom message reads, “FBI Attention! Your device has been blocked up for safety reasons listed below. All actions performed on this PC are fixed. All your files are encrypted. You are accused of viewing/ storage/ and/or dissemination of banned pornography (child pornography, zoophilia/rape, etc.) You have violated World Declaration on non-proliferation of child pornography…”
Among the most startling versions of ransomware are ones that have attempted to extort users with threats of reports to authorities of child pornography. While law enforcement is becoming more aware of ransomware attacks, some of this ransomware does in fact place child pornography on the device which makes the situation difficult to explain. Many of these ransomware cases have been easy to prove that the images are caused by malware infections, but the threat of a damaging reputation and possible false accusations are enough to cause victims to pay the ransom and avoid going to the police.
If the criminals behind the child pornography ransomware are apprehended, they will be charged with not only the cyber crimes but also distribution of child pornography. These charges carry sentences of 5-40 years that will be tacked on to cyber crime charges.
RaaS – Ransomware as a Service
Companies offering Ransomware as a Service allow cyber criminals to create their own ransomware by entering information and allows the criminal to customize their own ransomware attack without having the technical knowledge. According to Bleeping Computer, one RaaS service is called Shark Ransomware Project. The developers of Shark Ransomware act as the middleman for the ransom payments. If the criminal is successful in collecting a ransom from their victims, the Shark development team keeps 20% of the ransom profits. The program even handles bitcoin payment transactions for the criminal.
How Police Catch Cyber Criminals
Ransomware is considered a cyber crime. Borth Ransomware and cyber crime have been on the upswing during the past two decades, as broadband technology service is becoming very common even in small communities. All police departments across the nation now have a need for cyber crime experts who understand how to trace malware to an ultimate source. While many officers have been trained in the basics of computer forensics, many departments are also opting for contracted assistance from computer experts who can function as associate officers in cyber crime and ransomware investigations.
Stealth is a key necessity for all cyber criminals, but there is practically no way a cyber criminal can completely hide from being traceable. Major policing agencies such as the FBI claim that there are no “untraceable” routes that a cyber criminal can use to avoid detection and identification, including use of a Tor browser that is designed specifically for anonymity. Disguises can be employed, but the forensics opportunities are still there for a true cyber expert. Actually, many times crimes committed in open public with multiple witnesses can still be more difficult to solve.
Changing Cyber Criminal Behavior
The type of attacks included as cyber crimes can vary greatly in many instances. The central question when investigating any crime is always motive, regardless of how the crime was enacted. Some actions like denial of service attacks are performed by organizations and are done as signals to certain entities or purposed attacks to disrupt business flow. While no theft may be occurring, the attack overwhelming the operation can cause the digital portal to shut down when overloaded. In most cases, money is still the motive, and many times the information gathered from a hack provides the necessary information to infiltrate personal bank accounts. Digital access is merely another way to steal.
The problem that police are facing today is the transition from attacks directed by a “lone wolf” to those that are orchestrated by groups, often for financial gain. Not only are the independent culprits still operating, but now police must deal with organizations as computer operation knowledge saturates society. This requires police to update their training as well, but cyber forensics professionals are still necessary for assistance.
Penalties for Cyber Crimes
Penalties for cyber crime can range greatly depending on what is actually transpiring. Theft is theft regardless of the method of stealing, but the actual function of hacking is a crime within itself, which means penalties can be enhanced in many instances. Making a bomb threat using a computer is a solid example of how charges can range when cyber crimes are committed. While the communication device action is a separate charge, the true charges of false reporting and terroristic threatening will often apply as well.
These crimes are punished traditionally per standard statutes, but the cyber use is additional criminal activity also. Otherwise, cyber crimes are generally categorized as either hacking, spamming or identity theft. Identity theft is easily the most common individual attack and identity thieves are regularly guilty of a combination of charges because of the method of access, whether that be hacking through to an account or spamming the victim into providing the necessary information. The penalty will be assessed per charge but the actual charge is determined by the communication method employed.
How to Prevent Cyber Crime and What to Do if Attacked
Cyber crime can be difficult to stop, but there is no deterrence like solid encryption of personal or business files. Any business should have a multi-layered firewall that is protected by a significantly difficult alpha-numeric password, along with multiple access questions to verify identity. Banking institutions have already included this multiple step process in securing customer accounts, but individuals should be acutely aware of potential theft as well. Actually, changes in banking regulations and policy have changed, and the responsibility for an attack on a personal account is now directed at the account holder. Encryption has never been more important, and encryption strength should be the focus.
Anyone who has been a victim of a cyber crime should always report the crime to the police of jurisdiction and let them conduct a full investigation into who perpetrated the digital crime. Theft is not always a necessary component of a need to report, as actions like cyber bullying are also forms of criminal activity. Many times cyber criminals forget that the Internet is actually a public place and public law applies in every situation.