Words: Charl van der Walt, Head of Security Research – Orange Cyberdefense
Ransomware is modern piracy. Where it comes from, why we should care, and what we should do
The by-line from an eWeek article in 2012[1] read: “Rather than encrypt the entire hard drive, criminals are using fairly unsophisticated ransomware to lock a victim’s PC and then demand cash for the keys.” It was one of few early observations of the emerging new threat that was ransomware – one of the myriads of business models that cybercrime was experimenting with at the time. But the journalist ends the article with a quote: “I think it is just a temporary trend until someone finds a better idea to make money easier”.
The quote turned out to be an ironic but eerily insightful prediction. The crime, as it turns out, was anything but ‘temporary’. This form of cyber extortion has come to dominate the current security discourse, impacting thousands of businesses and costing the economy millions of dollars each month.
Ransomware is “a subset of malware in which the data on a victim’s computer is locked – typically by encryption – and payment is demanded before the ransomed data is decrypted and access is returned to the victim.”. The first malware that meets this definition was the AIDS Trojan, which targeted all delegates at the 1989 World Health Organization AIDS conference in Stockholm.
When the Bitcoin boom took hold in the mid 2010’s it signaled a surge in ransomware attacks and a shift in focus for the attackers. Cryptocurrency provided cyber criminals an easy way of being paid, and laundering that money, with very little risk.
Ransomware was put firmly in the public eye in 2017 when the WannaCry ransomware attack had a global impact. The UK’s NHS was one of the highest profile victims of WannaCry with thousands of NHS hospitals and surgeries affected and costs running to £92 million. In total computer systems in 150 countries were impacted and the total losses caused globally was estimated at $4 billion.
Fast forward to 2020 and ransomware is a well-established and highly lucrative part of the cybercrime ecosystem. In recent times several attacker groups have shifted to so-called ‘double extortion’ attacks, using ‘public’ websites that list their victims with samples of stolen data as a way of coaxing them to cave into demands.
This bold new strategy has proven to be very successful for the criminal but has also give us an opportunity to methodically track this subset of the cybercrime ecosystem. Our data shows a startling trend.
In this presentation we will tell the story of ransomware – a fascinating take of Somali pirates and East European crime lords. We will examine the current form and impact of the crime and discover why the GÉANT community should be seriously concerned about this insidious threat. Finally, we will discuss what we need to avoid being a victim, and how we should prepare if the worst unfortunately happens.
Charl van der Walt,Head of Security Research – Orange Cyberdefense
Charl van der Walt is Head of Security Research for Orange Cyberdefense, where he now leads a specialist security research unit that identifies, tracks, analyses & communicates significant developments in the security landscape that may impact customers. Previously Charl was a co-founder of SensePost – a penetration testing company that has made a mark on the industry globally for two decades. Charl and his team are globally recognised and frequently showcased at international security events such as Black Hat, RSA & BSides.
GÉANT uses cookies to deliver the best possible web experience. By continuing and using this site, you agree that we may store and access cookies on your device. Please ensure you have read GÉANT’s Privacy Notice and Cookies Policy.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.