Digital data from around the world is being taken hostage. The data is freed only if victims pay ransoms.

Taking digital data hostage is one of the most common and worrisome trends in the dark virtual world of cybercrime.

In May and June of this year, governments, corporations, and individuals across the globe fell victim to two rounds of sophisticated ransomware attacks. Both cyberattacks used the same hacking tools that were stolen from the US National Security Agency within the last year by a mysterious group of hackers known as the Shadow Brokers.

The first cyberattack in May featured ransomware called WannaCry that seized computers, encrypted data, locked users out, and threatened to delete all records if a ransom was not paid within a set timeframe.

Targets included Britain’s National Health Service, Russia’s Interior Ministry, Germany’s federal railway system, Japan’s police network, Chinese government departments and universities, the American delivery corporation FedEx, the Spanish telecommunications company Telefónica, the French automaker Renault, and ordinary people.

The second cyberattack in June featured ransomware that similarly commandeered computers and demanded ransom for users to regain access. This cyberattack, however, was an improved and more lethal version of WannaCry because it encrypts and locks not only records but also entire hard drives.

It also does not have a so-called kill switch. It apparently began in Ukraine where various government ministries, banks, metro systems, and the machines monitoring radiation at the old Chernobyl nuclear plant.

It spread to tens of thousands of computers worldwide, disrupting and suspending the activities of diverse international organisations such as the Danish shipping conglomerate Maersk, the American pharmaceutical company Merck, the Russian energy corporation Rosneft, the Russian bank Home Credit, the French construction materials company Saint-Gobain, the British advertising agency WPP, and various American medical hospitals.

These cyberattacks are arguably the most brazen internet-based blackmail attempts ever made on a global scale. Some information security analysts consider them the equivalent of a nuclear bomb being detonated in cyberspace. The security expert Rohyt Belani, the chief executive of PhishMe, an e-mail security company, states that “this is almost like the atom bomb of ransomware”. It shows how easily a cyberweapon can cause significant damage and disruption at all levels of society.

It also raises important questions about the increasing number of different actors – including nation-states, companies, and criminals – that are developing, stockpiling, and using cyberweapons, in addition to having those same cyberweapons vulnerable to theft and commandeering to be used against their own creators as well as their citizens, assets, and other interests.

Ransomware is one of the oldest and most common forms of cyberattack. It encrypts victims’ records or entire hard drives which locks them out of the computers until they pay a ransom. Although it is nothing new, ransomware is a growing problem. IBM’s security research unit, for instance, estimated that in 2015 less than one per cent of spam was ransomware, but by 2016 it comprised 40 per cent of spam. These recent cyberattacks will probably raise the percentage even higher for this present year.

Ransomware attacks can occur in different ways. Almost half involve phishing e-mails persuading recipients to click on links or open attachments.

Another method involves hackers scanning for and exploiting various digital, software, and password vulnerabilities of an organisation to then seize and encrypt as many files as possible. Hackers also establish so-called watering hole attacks by infecting a website with ransomware and, whenever a user visits it, ransomware is downloaded onto their computer.

Taking digital data hostage, instead of stealing it, is becoming increasingly profitable. Ransomware has become an effective means by which to make money in a short amount of time. It has become relatively easy for people with little to no computer expertise to employ.

According to Jason Rebholz, a senior director of the Crypsis Group that helps ransomware victims, claims that “you don’t even need to have any skills to do this anymore”. Ransomware, for example, has helped make cybertheft much easier because of the emergence of new easy-to-use digital tools that encrypt victims’ data, difficult-to-trace digital currency like Bitcoin to demand ransoms, and online services that offer to conduct the data ransoming for a share in the profits.

But ransomware is also being employed for more destructive purposes than collecting financial ransoms. Some attackers’ main goals may be to spread mayhem by crippling the digital infrastructures of governments, corporations, and citizens.

Ransomware is supported by a sophisticated cybercriminal infrastructure of different kinds of programs and services. There are ransomware-as-a-service providers that facilitate the delivery of this malicious software over the internet.

These online services allow anyone, regardless of technical expertise, to generate their own ransomware file to seize control of someone’s computer, encrypt its systems, and demand a ransom to restore access; if the victim pays then the ransomware service takes part of the payment. There are even customer service lines, some with live chat options, that victims can use to acquire assistance when paying a ransom.

There are some useful steps that both institutions and individuals can take to help defend against inevitable future cyberattacks. First, update software. As Care, Gartner’s research director, argues, “it is safe to assume that all complex software is vulnerable to malware”. Do not be complacent about computer or network security. Remain vigilant by regularly updating software to install the latest security features.

Second, install antivirus software. Care emphasizes the need for detection, advising to “make sure your malware detection is updated and that your intrusion detection systems are operating and examining traffic”. Antivirus software helps detect and prevent different kinds of malware from infecting or infiltrating computers and networks. But only use antivirus software from reputable providers and ensure that it is continuously updated as well in order to block the latest and emerging threats.

Third, be suspicious of dubious e-mails and pop-up windows. Ensure e-mails are trustworthy by checking the sender’s address to determine if its legitimate; spotting spelling, grammatical, or formatting errors; and hovering over hyperlinks (without clicking on them) to see if they lead to dubious websites. Also be aware that e-mails from reputable sources, like banks or credit card companies, will not ask for sensitive information such as personal identification numbers or passwords.

Further, be suspicious of most pop-up windows that advertise antivirus software services or other products that guard against malware. It is advisable not to click on anything featured on these pop-ups and instead to just safely close it.

Fourth, back data. Backing up data should be a routine practice regardless of cyberthreats in case computers fail or become damaged or lost. Backing up data helps ensure that, if a hacker seizes and holds data hostage, one could simply restore it from the backup on another device. It is advisable to backup data onto an external drive that is kept unplugged from the computer and stored in a safe space.

Fifth, create a digital security plan as part of routine information management practices. There should be specific scheduling of checking for and installing the latest software updates.

For institutions and businesses, this scheduling should apply across the enterprise and be implemented at times best suited to avoid interruptions. For individuals, this scheduling could perhaps be done automatically for them by most reputable antivirus software providers.

Sixth, isolate infections. If already infected with ransomware, isolate the device and limit network connectivity. Make sure to disconnect the computer from both your internal network and the internet to prevent its spread. Report the crime to law enforcement and immediately seek assistance from legitimate information technology professionals specialising in data recovery.

The May cyberattack was eventually halted by a British security researcher, known as MalwareTech, who purchased a domain to help track it and that ended up acting as a kill switch.

Yet many victims affected by the ransomware remain unable to access their data. But the June cyberattack showed that this halt was only a temporary reprieve. Indeed, there are indications that other similar cyberattacks are brewing that will possibly be even more stealthy than either of these two rounds.

As Jonathan Care, research director at the information technology consultancy Gartner, states “right now, you are in the swamp, and the alligators are still lurking beneath the surface.” These cyberattacks are most probably signs of what more is to come.

These cyberattacks are alarming not only because of their global reach and impact but also because they illuminate the significant vulnerabilities of most computers, networks, and the internet.

According to Robert Pritchard, a former cybersecurity expert at the UK defense ministry, “this vulnerability still exists; other people are bound to exploit it. The current variant will make its way into antivirus software. But what about any new variants that will come in the future?” Or as the cybersecurity expert Justin Harvey warns, “these types of attacks are just going to keep happening, and we’ve known this since we first saw how big WannaCry was going to be last month. The real question is whether these are all just practice runs for the big one”.

There are some ways to help guard against future threats, including updating software, installing antivirus software, avoiding suspicious emails and pop-up windows, backing up data, creating digital security plans, and isolating infections.

Although these steps do not guarantee perfect security, implementing them are better than doing nothing.

The consequence could be valuable digital data being taken for ransom.

Marc Kosciejew is a lecturer and former head of department of library, information, and archive sciences.


Comments not loading?

We recommend using Google Chrome or Mozilla Firefox.

Comments powered by Disqus