A quiet morning in Brazil
In 1991, a director of Coca-Cola Brazil was kidnapped and held at gunpoint. Corinne Coffin’s capture became a worldwide news sensation as a gang held her hostage for $2.5 million.[1] The story reflected the physical threat company executives faced operating in dangerous countries.
Fast forward to 2021, the Brazilian meat giant JBS.S.A faced a very different kind of ransom. Executives woke to find they had been locked out of all their IT systems by a mysterious virus. The entire global operations system was affected. Workers were turned away from work, meat prices spiked, and the JBS executives held their breath.
Unlike the ransom from 30 years ago, it was not a single executive held hostage. From the CEO to the slaughterhouse attendant, every worker was now looking down the barrel of a virtual rifle. Make the wrong move, and they could lose everything.
Ransomware has become one of the viruses of choice for criminals in the 21st century. Every week we hear about a different ransomware attack. In 2019, Statista recorded a total of 187.9 million ransomware cases worldwide. [2] But the actual number is likely far higher. This article explores why ransomware has become the virus of choice and what factors are driving the attacks.
What is ransomware?
Ransomware is a type of computer virus that encrypts files, making them unusable. The virus is often spread through ‘Phishing’ emails, which usually contain a link or an attachment that holds malware. Once the malware is on one system, it can spread throughout the entire network.
Malicious actors then demand ransom (usually crypto) in exchange for decryption. In 2021, the hackers demanded JBS pay $70 million.[3] If JBS didn’t pay the ransom, the hackers would threaten to delete or release the data to the public. Users face a choice, try to recover the data through a third party or pay the ransom.
Why has the virus become so popular?
A key reason for the growth in popularity is the ease with which the virus can attack systems. Phishing emails contain software that can be sent at scale to thousands of addresses at a time.
Even if a company’s defences can block most spam, it only takes one person to click on an email to crash the entire system. This method is likely how the JBS attack started. An employee may have clicked on a single email, causing a chain reaction. The same can also be said for browsing the internet. Users may enter a site and leave without even knowing that the virus was installed on their system.
Another significant benefit of the malware is that it makes it almost impossible for law enforcement to track down the attacker. Many ransomware attacks do not occur in the jurisdiction where the attack took place. Hackers can strike from any location in the world. Whether it’s a kid with a computer or a nation-state, the nature of the internet makes it almost impossible to catch criminals.
Tracking has shown that most of these groups operate out of Eastern Europe, where there is little to no enforcement against them. The anonymous nature of payments in crypto also creates a safety net for criminals preventing law enforcement from tracing the money.
However, there has been a change in hackers’ business model in recent years, which could be a critical reason behind the surge. The group likely behind the JBS attack is known as REvil. There is a crucial factor that separates them from the standard hacker.
REevil, classify itself as ransomware as a Service (RaaS). Virus developers use this business model to lease ransomware variants, the same way legitimate software developers lease SaaS products. Some products go for as low as $100. The RaaS providers also take a cut of any successful attack.
This model has significantly reduced the barrier to entry, allowing for economies of scale and the same network effects that assist traditional SaaS providers. You and I can now log on to the dark web, download the software and plan an attack. Therefore, this may be one of the critical reasons that the rate of ransomware attacks has increased.
Transitus approach — the core issue
In our opinion, there is something particularly insidious about ransomware compared to other viruses. Ransom and extortion have always been a thorn in the side of humanity since we first recognised its power. Groups have always taken advantage of someone’s vulnerability to gain a type of reward.
Criminals may not be as brazen to pick off individuals on the street as they did in 1991, but ransomware instils the same fear. It is fear of losing everything you have built instantly through no fault of your own. JBS felt this fear to the point that they paid $11 million to the hackers to not release their data. [4]
There is no easy solution to defeating these viruses. The rate at which they spread, being unable to track hackers, and the rise of RasS are fuelling these hacks. At a minimum, we can take appropriate mitigation strategies to defend ourselves against them. We will explore these strategies in a later article. However, understanding ransomware puts you in a position to recognise the threat and do something about it.
[1] https://www.mtv.com/news/2962012/captive-netflix-documentary-review/
[2] https://www.techrepublic.com/article/why-ransomware-has-become-such-a-huge-problem-for-businesses/
[3] https://www.cbsnews.com/news/ransomware-attack-revil-hackers-demand-70-million/
[4] https://www.bloomberg.com/news/articles/2021-06-09/jbs-paid-11-million-in-ransom-to-resolve-cyberattack-dj