Ransomware is nasty malware used to encrypt a network and demand payment in exchange for a decryption key, sometimes also involving a threat to release confidential information if not paid.
With Ireland’s Health Service Executive (HSE) being forced to pay out $20 million to the Conti ransomware gang (believed to be run by the Russia-based cybercrime group Wizard Spider) and Colonial Pipeline paying about $5 million to the Darkside ransomware group, one can ask, why is it so hard to track down cybercriminals like these?
Extradition treaties for hackers operating in China, Russia, or other countries may not be in place. Extradition may not be wanted by those countries and those countries may even be supporting the hacking groups in question.
VPN, proxies, malware, and other technologies
Ransomware, APTs, and other hackers may want to use an alias (handle) and use the dark web to sell their toolkits. They can also use VPNs and proxies to hide their tracks.
While internet service, VPN, or proxy providers have access to the real IP address of hackers, they may be located in another country – so it may not be possible even to get their IP.
An address may also be hidden through malware and botnets (zombies) that run without human intervention after the initial click, as through a phishing email.
Inadequate laws/how to prosecute
Criminal law may be different in another country, or the laws in your country may not be specific to a new type of attack.
Lack of reporting in a timely manner/not reported at all
Your company may be reluctant to admit its security was ineffective or may not know how to report it. In the end, nothing may come of the reporting.
Gathering legal evidence
Even accurate log files won’t stand up under examination by a defense attorney. This is why in digital forensics it is so important to maintain chain of custody.
Conclusion: Consequences for Business
With so much money being made (estimated at $1.5 trillion a year in 2018), Cybercrime is profitable and you may want to acquire cyber insurance.
On a positive note, there have been some coordinated actions taken by big players when it comes to ransomware.
Tech Kahunas is a San Diego Managed IT Services provider which provides IT support and services like 24/7 monitoring, data backup and restore, and malware protection.
Tech Kahunas will help you Defend Your Island. Set up a free 30-minute Strategy Session with us now.