Extortion via ransomware isn’t something unheard of.
Untrained people find it hard to spot the difference between a legit website/email/attachment and get bitten by hackers.
Just last year, hackers extorted and victimized a total of five law enforcement agencies in Maine.
How did the hackers “hack” these law enforcement agencies?
They did what any other hacker would have done.
First, they accessed the law enforcement agencies’ computer databases.
Then they controlled the record management systems.
And that’s how they held these law enforcement agencies for ransom.
Since the year 2013, law enforcement agencies in over six states have fell victim to online extortion.
As alluded to before, ransomware attacks and extortion attempts are nothing new.
In fact, as far as the US goes, the first recorded (and recognized) ransomware attack took place during the days of the George H W Bush administration.
But as it turns out, the attacker behind those 1989 attacks had noble intentions.
In other words, the hacker gave away all the ransom money to healthcare-giving groups who worked with AIDS patients and researched the disease for a possible cure.
Fast forward to today and hackers have learned the valuable lesson that it is each man for his own in the modern world of the internet.
Hackers today don’t have altruistic motivations behind their attacks.
They kidnap computer systems and don’t let go unless the owner of the computer pays them money.
The business has become such a cash-cow that it has practically become an industry.
And not just an industry.
A fast growing industry for people who like to engage in criminal activities.
Most of the hacker use Eastern European countries as their base of operations.
And, obviously, launch attacks from there.
Why?
Because these Eastern European countries don’t come under American law.
And hence hackers there don’t have to worry about any potential American prosecution.
They are immune.
In the first four months of this year, hackers have used ransomware attacks to extort over $200 million from victims.
These victims include,
- Hospitals
- Individuals
- Government offices
- Businesses
- Law enforcement agencies
A cybercrime specialist and a law enforcement officer himself, Elijah Woodward, if people want to blame someone or something for an increase in ransomware attacks then they should blame the cyber scam industrial complex.
The cyber scam industrial complex has grown at an astounding rate in the last couple of years and has kept on growing.
In a recent talk, Woodward said that the entry bar for hackers to engage in cybercrime has become extremely low.
Forget about that geeky kid in your high school who used to have all the computer equipment and used it to hack into machines.
Today, almost anyone can become a hacker provided he/she has access to a smartphone and some motivation.
Modern smartphones are very power computer machines.
And hence possess the capability to carry out cyber attacks without much preparation.
Today, a person may not even need to have a degree in computers or learn hacking to carry out cyber attacks.
It has become this easy.
The skill barrier has dropped down considerably in the last several years.
If a person wants to carry our ransomware attacks then it is quite easy for him/her since Ransomware is available only for anyone to download for free.
Users can even customize standard ransomware programs and hence receive a ransom.
But there is another important reason as to why the business of ransomware attacks has really taken off:
Bitcoin.
Yes, that same unstable but universal digital currency.
Cybercriminals all over the world absolutely love Bitcoin transactions.
Past cyber criminals did not have this luxury.
In the old times, ransomware victims had no other option to pay hackers via easily traceable payment methods.
IN other words, credit cards and PayPal accounts.
Bitcoin transactions are virtually untraceable.
What Is A Ransomware? A Very Brief Introduction
Ransomware is a form of malware.
That’s it.
That’s your introduction.
Ransomware usually infects a machine via the network it is connected to.
How does it infect a machine?
It does that by hiding in email attachments.
But of course, there are many other ways hackers can gain access to a computer in a network.
Modern computers though powerful have numerous vulnerabilities that hackers love to exploit.
Once a ransomware gains access to a computer machine, the malware continues to encrypt all the available data on the user’s machine.
It may even encrypt all data on a given network if the hackers behind the attack play their cards right.
Victims of ransomware attack can’t access the computer data without a unique key.
Not before they pay a considerable amount of money to hackers in the form of a ransom.
Hence the term ransomware.
After victims have paid the ransom, the hackers send them these unique keys to unlock and decrypt their data.
In fact, hackers put out instructions for users on how to use cryptocurrencies such as Bitcoin to transfer a specific amount of money to them in their ransomware message.
Hackers tell the victim everything.
From how they hacked the computer to what needs to be done now.
Usually, victims have to pay Bitcoins to unlock their encrypted files.
Hackers communicate the whole message (in the form of a how-to guide) to the user via a text message that appears shortly after hackers gain control of the user’s computer machine.
The how-to message may also appear on all the computer machines in a given network.
It doesn’t change the fact that each machine will require a unique key to unlock its contents.
Hackers also show victims a timer.
After a specific period of time has passed, hackers warn users about potential consequences.
If a user does not pay the money in time, the ransomware attackers increase the ransom money.
And if a user refuses to comply even then, then hackers threaten the user with fake we’ll-delete-all-your-data messages.
In short, if you’re going to pay for ransomware then do so quickly.
You Will Pay The Piper (The Hacker)
Individual users have little other choice than to pay ransomware attackers.
But what do law enforcement agencies do when hackers get to them?
Well, they respond.
And their response can take several forms.
Each response comes with its own set of positives and negatives.
Sometimes, law enforcement agencies straight out reject hackers’ demands.
In other words, they refuse to pay the ransom.
These type of law enforcement agencies usually rely on huge data backups.
Then they use these backups to reconstitute the encrypted files.
But not all law enforcement agencies are this fortunate or prudent.
Some end up losing their data because they never cared to have backups in place.
There are law enforcement agencies that have no qualms about paying hackers their ransom.
And hence they pay for their encrypted data.
We even know some law enforcement agencies that try to double-cross hackers.
Needless to say, most of the times they fail and hackers delete their data.
According to a recent report published in the media via NBC new report, a certain Lincoln County Sheriff’s Office tried to deceive hackers via a simple enough scheme.
First, the Sheriff’s office agreed to pay the ransom.
When the hackers sent them the key, the Sheriff’s Office tried to cancel the Bitcoin payment after they had unlocked their data.
Needless to say, their ruse backfired.
Hackers attacked their systems again.
And the Sheriff’s office had to pay a $500 Bitcoin payment again.
After that, hackers, again, sent them the unlock key and everything went back to normal.
The interesting part about the whole Lincoln County Sheriff’s Office’s case is the amount of ransom.
Yes.
There is a reason why hackers only demanded $500 Bitcoin payment.
The reason is that this figure hits the sweet spot between the victim paying the money and the victim going to extreme lengths to get his/her data back.
So generally speaking, hackers only want a nominal amount of money as ransom.
Why?
Because they want the victims to pay.
They don’t want to hurt their victims by demanding a million dollars.
And that’s why you see ransomware attacks demanding reasonable amounts as ransom in exchange for the encrypted data.
This strategy works and that’s why hackers stick to it.
Victims too want to get out of their “kidnap” situation and hence aren’t too hesitant about paying such a reasonable amount of money as ransom.
Of course, plenty of people from other walks of life also consistently make deals with the devil so why not ransomware attack victims?
What about the experts?
What do they say about paying or not paying a ransom?
Well, their opinion is divided.
A portion of cyber security experts thinks that people should only pay the ransom if their data is critical and there are no reliable backups in place.
Some say people should only pay if the ransom is reasonable.
But what about law enforcement agencies?
Well, cybercrime specialists related to law enforcement agencies say that people should never pay these extortionists.
Brett Leatherman, who is the assistant section chief of the FBI cyber division says that his organization did not advocate that a person affected by a ransomware attack should pay the demanded ransom.
He also said that this principle stood especially true for law enforcement agencies.
Why?
Because if you pay the ransom, then hackers are likely to attack you in the future as well.
Cyber criminals are humans.
Humans, in turn, are social animals.
They share information.
So do these cyber criminals.
Once the word gets round the block, all sorts of cyber criminals will try to extort money out of a client they know pays the ransom.
Moreover, each time a victim pays the ransom it grows the cybercrime industry.
Sometimes, users don’t even know it but their ransom money is used for terrorist activities.
So, currently, we have established that law enforcement agencies should never pay hackers their ransom money.
So what about their data?
Or, more specifically, how should law enforcement agencies get their data back?
And how should they tackle this menace of ransomware attacks and extortion?
First, you should ask questions like these at the right moments.
When are those right moments?
Those moments are before you get attacked.
To put it more simply, you should pay more attention to your backup schedule if you want to stay safe from ransomware attacks.
And preserve your data with the utmost care.
Only then, these questions will impact on how you lead your future charge against cyber criminals.
Woodward says that a user’s best line of defense against hackers is keeping backups.
As a cyber security specialist, Woodward is also developing an education program aimed at cybersecurity law enforcement education for Calibre Press.
But Woodward also gives a warning shot to law enforcement agencies.
Mainly, that they should not keep their backups in the same network as the rest of their data or the original data.
Otherwise, hackers can and probably will compromise the backup file as well.
He also says that law enforcement agencies should regularly check the integrity of data backups.
This is the only way to ensure that critical data is always in a recoverable state.
Data Categorization vs Hackers
A lot of people have the new that the best way to defend against ransomware attacks is to buy costly security systems.
But that is not entirely true.
If you don’t have proper computer hygiene and can’t cut down on the ever-present human error, then even the most expensive and reputed firewalls along with antivirus software applications can’t protect you.
So before you go out and spend all your millions on computer security systems, take a step back and start taking basic steps to keep your data protected.
This is the only way to ensure that once hackers get to you, they can’t get to your data.
Only then will measures like antivirus and firewalls make sense.
Computer viruses act a lot like biological viruses.
They are similar because both of them make their victims sick.
A computer virus first infects the machine with each it comes into contact with in the beginning.
Then it spreads in that machine.
After that, the virus can infect any other computer machine that the first machine (which is not infected) communicates with.
The virus can also infect other types of machines such as printers, storage devices, and discs.
Why?
Because all of these also have the same building blocks, firmware, and software, as computer machines.
In short, if one of your clean devices is exposed to an infected device, there is a good chance the clean device will also get sick.
Leatherman, who works for the FBI, says that users must know that they have to observe the whole information supply chain.
Why?
Because any device which as a software and/or a firmware and is present in the chain is vulnerable to the virus.
Leatherman also cites the example of a humane law enforcement agency that had its HVAC system hacked.
The organization used the HVAC system for controlling climate parameters within the station.
Hackers say this opportunity and infected the HVAC system’s firmware and hence gained control of the device.
Ransomware along with any other type of malware is as evil and opportunistic as anyone can get.
Cyber criminals are very organized people.
They don’t just see a target and attack it.
First, they plan for it.
They use tools to search for security vulnerabilities within the computer networks in order to breach it.
Once they identify a breach hole in the security system, they attack.
The attack’s damage isn’t limited by how good the hackers are, but by the network’s architecture.
If it allows the hackers to hack into every other device on the network, then hackers will oblige.
This is one of the reasons why Leatherman says that law enforcement agencies should level up.
They should level up by adopting cybersecurity practices which are common among large corporations.
One of these practices is called data categorization.
Leatherman explains that if everything in the user’s network is connected to each other then once a hacker gains control of one device on the network, the hacker can and will go anywhere and everywhere else.
They will infect any and all data that they see lying unprotected.
To combat cyber attacks like ransomware attacks, law enforcement agencies have to look at their systems’ vulnerabilities.
How can they reduce their vulnerability to hackers?
Before we get to the solution, let’s analyze the problem.
The problems with protection against cyber attacks are many.
Two of them are as follows,
- Human machine interfaces, or HMI.
- Internet of things (IOT)
Users can interact with these machines from remote locations because they are connected to the internet.
And that’s what hackers are banking on.
Leatherman is clear about how law enforcement agencies should protect themselves.
He says that they should never connect a smart coffee maker and/or machine to order pizza with any sensitive data.
Both should never exist on the same network.
People, of course, want to enjoy the ease these machines bring.
But hackers rely on them to hack critical security systems.
So if it is convenient for the people, then it is also the same for the hackers.
Leatherman says that law enforcement agencies should build close networks for IOT devices which only offer convenience.
And this will lead to obvious benefits.
If a cybercriminal hacks into the agency’s network via a software or firmware of a smart IOT device, then he would only have access to similar devices on the network.
All the while, critical systems will sit pretty on an isolated network.
Humans make errors.
Sometimes these errors open huge doors for hackers.
In fact, the one thing law enforcement data networks can’t possibly guard against is human error.
But human errors aren’t supposed to cause big trouble right?
Wrong.
If a person (human) transfers a storage device from one machine to another machine of a more sensitive network, then that person has exposed the entire network include its sensitive portion.
In other words, if a computer machine is connected to critical data then officers in the facility should not use that machine to check emails or surf the web.
According to Leatherman, officers have done that in the past.
All a trusted insider (an officer) has to do is inadvertently open the system up for a hacker.
And that’s enough for the hacker to enter the system and cause chaos.
Leatherman advises that law enforcement agencies should restrict access to critical data.
People who need the critical data to perform their jobs should have permission to access the data.
Others shouldn’t.
And that holds true for the commanding staff as well.
Leatherman also suggests that everybody working in the facility should have a skin in the game in one way or another.
He believes that law enforcement executives have a much more critical role than they usually play.
They should do more for the security of their organizations.
And not always put the blame and the onus of responsibility on the IT people.
According to Leatherman, command staff along with chiefs and sheriffs must work together to identify IT related threats and vulnerability and then eliminate them.
Secure Data And Strict Adherence To Due Process
Needless to say, the percentage of victimized law enforcement agencies is very low.
Why?
According to Leatherman, hackers are not interested.
They are more interested in targets who can pay.
In other words, are lucrative.
This leads hackers towards hospitals and other medical practitioners.
Hospitals have paid five-figure ransom amounts in the last couple of years.
According to Woodward, hackers have attacked more law enforcement agencies than law enforcement agencies would care to admit.
Woodward believes law enforcement agencies should come forward and share their experiences with other victims.
This will help all the parties involved to guard against future ransomware attacks.
Woodward says that while law enforcement agencies are great when it comes to sharing lessons and scenarios regarding shootings, they aren’t so forthcoming when it comes to cyber attacks.
HE says, law enforcement agencies just don’t like to talk about cyber attacks.
Maybe they are embarrassing to talk about so law enforcement agencies tend to stay quiet on the matter.
Leatherman also says that even though very few law enforcement agencies have become ransomware victims, even a single one is one too many.
He says that when people are charged with a crime they must go through the due process.
One way that is done is via investigative activities.
Leatherman says law enforcement agencies must guard investigative information and not corrupt or damage it.
According to him, it is the constitutional responsibility of law enforcement agencies to secure the integrity of critical data.