Ransomware is nasty malware used to encrypt a network and demand payment in exchange for a decryption key, sometimes also involving a threat to release confidential information if not paid. With Ireland’s Health Service Executive (HSE) being forced to pay out $20 million to the Conti ransomware gang (believed to be run by the Russia-based cybercrime group Wizard Spider) and Colonial Pipeline paying about $5 million to the Darkside ransomware group, one can ask, why is it so hard to track down cybercriminals like these?
1. Jurisdiction – Extradition treaties for hackers operating in China, Russia, or other countries may not be in place. Extradition may not be wanted by those countries and those countries may even be supporting the hacking groups in question.
2. VPN, proxies, malware, and other technologies – Ransomware, APTs, and other hackers may want to use an alias (handle) and use the dark web to sell their toolkits. They can also use VPNs and proxies to hide their tracks. While internet service, VPN, or proxy providers have access to the real IP address of hackers, they may be located in another country – so it may not be possible to even get their IP. An address may also be hidden through malware and botnets (zombies) that run without human intervention after the initial click, as through a phishing email.
3. Inadequate laws/how to prosecute – Criminal law may be different in another country, or the laws in your country may not be specific to a new type of attack.
4. Lack of reporting in a timely manner/not reported at all – Your company may be reluctant to admit their security was ineffective or may not know how to report it. In the end, nothing may come of the reporting.
5. Gathering legal evidence – Even accurate log files won’t stand up under examination by a defense attorney. This is why in digital forensics it is so important to maintain chain of custody.
6. Consequences for Business – With so much money being made (estimated at $1.5 trillion a year in 2018), Cyber crime is profitable and you may want to acquire cyber insurance.
On a positive note, there have been some coordinated actions taken by big players when it comes to ransomware.
Tech Kahunas knows the needs of SMBs and organizations.
We’ll stay on top of the threats.
We’ll watch your data.
We’ll review your risks.
We’ve got years of this.