R. Paul Wilson On: Ransomware Risks

R. Paul Wilson On: Ransomware Risks

It’s still surprising to me that many people who have come to rely on home computers and online services are unaware of the dangers of clicking random or unexpected links or visiting rogue sites.

There are many types of malware in circulation at any one time but ransomware – where your entire hard drive (or drives) is encrypted – has become a common, profitable weapon for online scammers.

The Good Old Days

In the early days of The Real Hustle, we decided to feature ransomware as it was beginning to feature in more and more reports of online crime; But it was still incredibly rare and in some cases, possible to defeat without paying up.

Our problem was how to demonstrate this form of fraud since the show was based on seeing how human beings interact with cons and scams and any computer scams were hardly thrilling to watch.

Our solution was flawed to say the least.

We entrusted a valuable laptop to someone who believed they were hired to do a simple job and in the process of doing that job (in a hotel business center) they had to use a USB stick that apparently locked all the laptop files then issued a warning to send/give money before the end of a countdown when it would all be deleted.

While the laptop, the USB and all the other elements were a setup, the on-screen victim believed all of it and their reaction was perfect for the show’s audience and overall, it helped illustrate what could happen under the right/wrong circumstances.

At that time, the scam was unusual but years later, it has become a much bigger problem.

Blissfully Unaware

One aspect of computer fraud that makes it both easy and profitable – even for less skilful hackers – is the fact that most people have no real idea how the internet (or the computer they use to access it) works and often feel perfectly safe because they installed anti-virus software six years ago.

An interesting illustration of this was the “shredder” scam we pulled on The Real Hustle.

Again, it was a difficult scam to illustrate since the “real world” goal would be to install the shredder into an office then sit back and collect as valuable data until the gaff is discovered or (more likely) the shredder was replaced.

In our version we had to complete the scam in one day then get reactions from people who had no idea they had been scammed!

It was a very clever device but in order to demonstrate it we had to deliver it to people as part of a “shredding service” complete with secret cameras (also inside the shredder).

Unlike most Real Hustle scams, there was no “sting” moment so instead we asked people how secure they felt after using the shredders before showing duplicate copies of the documents they destroyed.

All of our victims were baffled because to their mind the only way we could now have copies is if we reconstructed the papers with scotch tape!

The very idea that the act of shredding was also the way their information was captured didn’t occur to anyone.

The secret was a document scanner hidden inside the shredder that lit up as if to accompany the shredding paper but actually scanned both sides of any piece of paper before it was shredded.

This data was then transmitted via a cellular phone inside the device (constantly charged since the shredder was always plugged in).

This scam illustrated something that’s true to all forms of security that interact with technology: There will always be more precautions you could/should take and there always be new ways of defeating those precautions. 

Just like our scanning shredder, common steps that should protect users will eventually become corrupted or exposed to new methods.

Current Affairs

Ransomware is now a huge problem with thousands of new victims every day whose files are locked out by a bespoke cypher used to encrypt everything on a target drive.

On accessing their device, malware will notify the victim that their files have been captured and give details of how much they must pay to unlock their files and how/where to pay it.

Some criminals aim for smaller amounts from low-profile targets like private individuals or small companies but attacking higher-profile targets can earn a lot more money but with a much greater risk of being pursued.

Some ransomware attackers have targeted public services and even hospitals, locking out access to critical infrastructure and thereby getting the attention of multiple international agencies concerned that the tools of ransomware might also be used by nation states as a form of online warfare.

In fact, the methods created by these online blackmailers are powerful weapons that might open entire countries to life-threatening scenarios such as a nationwide shutdown of a power grid or essential communications.

Like many scams, the tools being used and created by the scammers can be re-applied with much more serious consequences.

An Expanding Toolkit

Many people still believe you need to open an executable file or start a program or app in order to activate a virus but these days there are many seemingly innocuous actions that can expose us to malware.

Just clicking a link in a rogue email can open the door to all sorts of problems*.

What’s more concerning is that ransomware criminals don’t even need to defeat whatever security you may have because there are other criminals who specialize in collecting passwords and existing vulnerabilities that are then sold to the hackers.

These access brokers might trawl thousands of exposed passwords, identify potentially lucrative victims and price that data accordingly or even take a share in potential ransomware attacks.

It’s like a little industry of symbiotic crooks, creating a functioning and effective network to steal more money.

Another tactic is to gain direct access via insiders who might be blackmailed but are most likely paid (sometimes as much as $1,000,000) to hand over the keys to their employer’s data.

Another “way in” is to gain access via network hardware (such as servers and storage devices) that are shipped with generic admin IDs and passwords.

Once found online, the malware can be easily applied and if the victim does not have up-to-date backups the ransom might be cheaper than any alternative measure.

And with modern encryption (a “feature” on most operating systems) there’s no need for a countdown or threat to delete – the data is just locked out (and useless) until you pay for the key.

No One Is Safe

One of the frustrating truths about modern computers that access the internet is that being online opens up thousands of potential different attacks from many different sources.

In fact, any type of connectivity exposes a device to problems and even cables bought from seemingly trustworthy sources can have tiny hardware hidden inside that will inject malware, reveal your identity/location or capture every keystroke.

It’s a game of technological whack-a-mole and no matter how many precautions you take or how clever you think you are, if targeted there’s almost no way to prevent being hacked or surveilled or having all of your data stolen or encrypted.

Seriously, if they want to get you, they’ll get you but for the most part, these crooks are fishing with wide nets and taking a few simple precautions (stronger passwords, two-factor authentication etc.) will keep you safe from lighting up as a potential target.

* For example, since the Covid pandemic, thousands of restaurants have switched from paper menus to online version accessible through a QR code. This is an enormous risk since I can think of several methods that could leverage this new habit and score millions of pounds, euros, and dollars with ease.

Lead image: Pete Linforth/Pixabay