The New York Times
08/02/2021 4:37 PM
Clarín.com
World
Updated 08/02/2021 4:37 PM
The screen goes blank.
A message appears in raw English, direct from Google's automatic translator,
advising that all your files have been encrypted
— made unusable — and that they can only be restored if a ransom is paid.
After a few comings and goings, you pay with Bitcoin or some other cryptocurrency, most likely to a criminal gang located in Russia.
There is no option: it
is cheaper and much faster to pay than to rebuild an entire computer system
from scratch.
To avoid further trouble or embarrassment, many victims do not even notify the police.
A few years ago the ransom could have been a few hundred dollars.
In early May, the Colonial Pipeline company
paid $ 5 million
to the DarkSide ransomware (data hijacking) gang to get oil flowing through their pipeline again.
(Part of it was recovered by the US Department of Justice)
In June, the meat processing company JBS
paid $ 11 million to the Russian gang REvil
(Ransomware Evil).
About a month ago, REvil again carried out what may be the largest cyber attack to date, paralyzing the systems of about a thousand companies after hacking into an information technology service provider that all of them used.
On this occasion,
the ransom demand was for $ 70 million
.
The criminals behind ransomware have also evolved, going from being solitary sharks to forming a business in which tasks are outsourced to criminal groups specialized in hacking, collecting ransoms or organizing robot armies.
Hackers easily attack computer systems.
Photo Shutterstock
Ransomware attacks
can paralyze
critical
infrastructure such
as hospitals and schools and even basic functions in large cities.
Methods
Using simple methods such
as email spoofing
, hackers can take control of entire computer systems, steal personal data and passwords, and then demand a ransom to restore access.
In about twelve years, ransomware has become
one of the leading cyber problems of our time
, big enough that President Biden put it high on the agenda to deal with Russian President Vladimir Putin when they met in June, and for congressional lawmakers to work on various bills that, among other things, would force victims to report the attacks to the government.
US President Joe Biden is concerned about the issue.
Photo Bloomberg
It is a war that must be fought and won.
Although the extortion business is run by a relatively small network of criminals seeking windfall profits, its ability to seriously disrupt economies and breach strategically critical companies or agencies also makes it
a formidable potential threat to national security.
The attack on the Colonial Pipeline led to
an almost instantaneous
fuel
shortage
and spread panic in the southeastern United States.
The big attacks are news, but the main target of the data hijacking gangs
is the small and medium business
or institution that is devastated by the interruption of their computers and the payment of the ransom.
No one knows how many have been attacked
as, unlike with personal information breaches, the law does not require that most ransomware attacks be reported (although this is one more thing that Congress may change soon).
The 2020 FBI Internet Crime Report
lists 2,474 attacks
in the United States, with losses exceeding $ 29.1 million.
The reality is probably of a different magnitude.
Millions and millions
The German data analytics company Statista estimates that 304 million attacks occurred worldwide in 2020,
a 62% increase over 2019
.
The majority, according to Statista, occurred in the professional sector: lawyers, accountants, consultants and the like.
Whatever the true scope, the problem will
not be solved with patches
, antivirus or two-factor authentication, although security experts stress that all protection helps.
"We are not going to be able to defend ourselves to get out of this problem,"
says Dmitri Alperovitch, president of the nonprofit bipartisan think tank Silverado Policy Accelerator and a leading authority on ransomware.
Joe Biden has discussed the issue with his Russian counterpart, Vladimir Putin.
Photo EFE
"We have too many vulnerabilities. Small businesses, libraries and fire departments
will never be able to afford
the technology and specialized security personnel they need."
The battle must take place elsewhere, and the place to start is Russia.
There, according to experts,
is where most attacks originate
.
Three other countries - China, Iran and North Korea - are also major players, and the obvious common feature is that they are all autocracies whose security apparatuses undoubtedly know very well who the hackers are and could neutralize them in a minute.
So the presumption is that
criminals are protected
, either through bribes - which they can hand out generously given their ostensible benefits - doing free government jobs, or both.
It's clear that ransomware gangs take good care not to target their powers.
Computer security analysts discovered that the REvil code was written in such a way that
the malware avoids any computer whose
default
language
is Russian, Ukrainian, Belarusian, Tajik, Armenian, Azerbaijani, Georgian, Kazakh, Kyrgyz, Turkish, Uzbek, Tatar, Romanian or Syrian.
The problem is not finding the criminals.
The US government has the means to identify and apprehend potential cybercriminals on its own territory and to help allies find them on theirs.
Washington has identified and charged many Russian cybercriminals.
Photo Shutterstock
In fact, Washington has identified and charged many Russian cybercriminals;
the FBI, for example,
has offered a reward of $ 3 million
for information leading to the arrest of Evgeniy Bogachev, alias "lucky12345", expert hacker from southern Russia whose malicious software has caused financial losses of more than 100 million of dollars.
Vladimir Putin
The key is to force Putin to act against them
.
Biden said that, in his June summit with him, he demanded that Russia end the ransomware bands it hosts and identified 16 critical sectors of the US economy where the attacks had consequences.
However, two weeks later, REvil carried out the largest cyber attack in history,
hacking into the systems of Kaseya
, a company that supplies management software for the information technology industry, and attacking hundreds of its small business clients.
That prompted Biden to phone Putin and later declare
that "we expect them to act
.
"
When asked by a reporter if he was going to kill REvil's servers if Putin didn't, Biden simply said "Yes."
Soon after, REvil abruptly disappeared from the dark web.
As tempting as it is to believe that Biden persuaded the Russians to act or that he wiped out the gang's servers with American resources, it
's just as possible that REvil shut down on its own
with intent, as it so often does in its dark world, to reappear later under other guises.
As long as hackers focus on business blackmail abroad,
Putin likely sees no reason to remove them
.
They do not harm him or his friends and can be used by his spies when necessary.
Hackers target business blackmail abroad.
Photo Shutterstock
Unlike "official" hackers, who work for military intelligence and have been sanctioned by Washington and Europe for meddling in elections or poking around government systems,
Putin can deny any responsibility
for what criminal gangs do.
"It's nonsense. It's funny," he said in June when asked about Russia's role in ransomware attacks.
"It is absurd to accuse Russia of this."
Apparently, the Russians also believe that they can turn their control over the ransomware gangs to
an advantage in negotiating with the West.
This was stated by Sergei Rybakov, the deputy foreign minister who leads the Russian side in the strategic stability talks that began at the Biden-Putin summit, when he recently
complained that the United States
was focusing on ransomware outside of other security issues. .
The ransomware, Rybakov implied,
is part of a larger pile
of figurines to trade.
That, commented Silverado expert Dmitri Alperovitch, indicates Putin
doesn't appreciate the seriousness
with which the new American president takes ransomware.
For reasons that are still unclear, as president Donald Trump was willing to give Putin carte blanche for any cyber-attack shenanigans.
Biden, by contrast,
sees himself as the champion of small businesses
and the middle class, and that's where ransomware hurts the most.
Writing for
The Washington Post
, Alperovitch and Matthew Rojansky, an expert on Russia who heads the Kennan Institute at the Wilson Center, which specializes in that country, argue that Biden should confront Putin with a clear message: Take strong action or face the consequences.
If the Russians do not agree, write the article's authors, the Biden government "
could hit Russia where it hurts most by
sanctioning its largest oil and gas companies, which are responsible for a significant fraction of the Russian government's revenue." .
In general, marking the court for Russia does not work.
Better to get the message out privately so
Putin is not forced to back down publicly
from the US Biden may have already delivered that message.
If so, you should be prepared to do so.
Cryptocurrencies
The other critical ransomware factor is cryptocurrencies. It is no coincidence that there were few ransomware attacks before Bitcoin emerged around twelve years ago. Now, cybercriminals
can charge in a currency that is difficult to track
and recover, even though the US government was able to do so when it recovered $ 2.3 million from Colonial Pipeline loot.
Cryptocurrencies are said to be one of the issues covered in legislation soon to be introduced by the U.S. Senate Committee on Homeland Security. Federal security forces are also urging Congress to pass a law that would force companies to critical industrial sectors affected by a cyberattack to inform the government and
a number of other laws against ransomware are being prepared.
Assembling a multi-front attack against ransomware
will take time and effort
.
Devising ways to control cryptocurrencies will undoubtedly be complex and thorny.
Companies will be reluctant to damage their brand by acknowledging that they have been hacked or paid ransoms, and lawmakers have traditionally been reluctant to pass laws imposing burdens on companies.
But letting Russian hackers continue to wreak havoc on America's digital infrastructure and the world with impunity
is an immediate and critical challenge
.
If this does not stop soon, further escalation and growth of cybercriminal syndicates organized in other dictatorships are almost certain.
Putin must be made to understand that it is not about geopolitics
or strategic relations, but about a new and fearsome form of organized crime.
Something that every government should try to crush.
If he refuses, Putin must know that he will be considered an accomplice and punished as such.
PB
Look also
DarkSide, Russia's “cyber gang” that blackmails in exchange for millionaire sums of virtual money
Vladimir Putin denied having received information about alleged cyberattacks denounced by Joe Biden