Ransomware Operators Aren’t Just Exploiting Major Corporations
Ransomware is a type of malware that restricts access to a computer system until a ransom is paid. If you are infected by ransomware, the malware will block you from accessing your computer and applications, and then demand that you pay a ransom in order to regain access. You will never hear a security expert advocate for paying a ransom. In fact, if you are being held to ransom by cybercriminals, they’ll most likely tell you not to pay. Why is that? Because once you start paying, you may find yourself on the receiving end of more ransomware attacks in the days ahead.
Some ransomware operators specialize in using what is referred to as a “double-extortion” model. This refers to the fact that the hackers will not only encrypt your files rendering them inaccessible, but they will also post your personal data on the hacker’s leak site that is generally available on the so-called “dark web.”
The issue of whether or not victims should pay ransoms took center stage this week on Capitol Hill, as Congress summoned the CEO of Colonial Pipeline, Joseph Blount, to answer questions from regarding the $4.4 million payout that was made to Russia’s DarkSide Ransomware Gang in the wake of a historic hack that affected the fuel supply chain on the east coast of the United States.
Many government officials disagreed with the decision to pay DarkSide, as they feel that acquiescing to criminals will only encourage future ransomware attacks against major corporations.
For corporations, the act of paying ransoms can actually lead to civil penalties, as the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory last October that targeted payments made to hacking groups that are under US sanctions and read, “ransomware payments made to sanctioned persons or to comprehensively sanctioned jurisdictions could be used to fund activities adverse to the national security and foreign policy objectives of the United States.”
Colonial’s Blount was aware of the OFAC directive and told lawmakers, "I do know that repeatedly throughout the process, the fact of whether DarkSide was on the sanctions list or not was fact-checked repeatedly."
Hacked companies are presented with a difficult decision on whether or not to pay a ransom. The cost of rebuilding their complicated network is just one consideration. Additionally, the fact that most companies carry insurance against such intrusions also plays heavily in the decision-making process. The issue of insurance is thought by many to be a driving force in the growth of major ransomware attacks against larger entities.
This sentiment was echoed by former US Counterterrorism official, Richard Clarke, and Senior Fellow at the Council on Foreign Relations (CFR), Robert K. Knake, who in a column for the NY Daily News wrote, “Usually (victims of a cyber-attack) it is a corporation that never tells the public about the attack. The companies do tell their insurance carriers, and they, in turn, pay up. It’s cheaper for the insurance companies to pay the hackers to unlock the networks than to pay computer security companies to rebuild the corporate network from scratch.”
For individuals, the question of whether to pay a ransom is far less complicated. Many times, the ransom demand may be worth less than the trouble of replacing the software on their infected PC or laptop or the hardware itself. Some ransomware groups that price their demand reasonably find that people are more than willing to pay to recover their files.
Among the most prolific ransomware variants seen today are the countless members of the STOP/Djvu Ransomware Family. Most varieties within the STOP/Djvu family work almost identically but are distinguished by a unique four-letter designation. The four-letter sequence is then used as a file extension that is appended to every single encrypted file. These include the variant strains: Nusm, Mppq, Pahd, Paas, Ehiz and many others.
The easiest way to avoid ever having to be in a position to pay a ransom is to maintain appropriate offline backups of your critical files. This is the key to never having to bow to the demands of online criminals. You may have to scrap a piece of hardware or reset it to factory settings unfortunately, but you’ll always be able to reupload your critical data to a new device.
Julio Rivera is a business and political strategist, the Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by websites including Newsmax, Townhall, American Thinker and BizPacReview.