Too right it does! For anyone who thinks cyber crime is just a tabloid headline or a story spread by scaremongering geeks is I’m afraid very much mistaken – cyber crime is rife and pays extremely well. Forget about the big million dollar stuff, it’s small to moderate stuff that the smarter crooks are targeting – in many cases it doesn’t even get reported as companies are reluctant to admin security breaches.
Here’s a very recent example that happened to a private medical centre in Hollywood, USA. The Hollywood Presbyterian Medical Centre has just paid a $17,000 ransom to a hacking group who installed malware on their computer systems which then encrypted key files. There are limited details of the exact nature of the attack, but it is believed that it was simply a classic ransomware exploit.
Ransomware is simple but very effective malicious software which usually operates in a couple of main ways – it’s focus is denying access rather than actually stealing data.
- Screen Locking – the malware will lock your computer screen or prevent you logging in, effectively stopping all access to the computer. It’s often accompanied with a request for a ‘fine or donation’ payment to remove the screen lock.
- Encryption – this won’t touch your computer system or applications but will encrypt data files effectively blocking your access to them. The ransomware will usually offer to sell you the decryption key
The screen lock type is usually fairly simple to bypass if you have some knowledge and the right tools. However to decrypt the files you’ll need the private key which was used to encrypt them in the first place.
Which is why the hospital was forced to pay the ransom, despite the obvious problems with that tactic. Happily the decryption key was supplied and the hospital was able to recover it’s system and data with the help of some IT experts. Generally the criminals who use ransomware do honour the deal as it encourage future victims to pay.
It’s a good payday though for the hackers for what is likely to be little more than a few hours work. Attackers will generally pick soft targets with poor security to attack, so it’s unlikely it was that difficult to install the malware on their network.
For the attackers though. it’s the forensic investigation that is the most dangerous part of the crime. Covering your tracks after committing a network based attack and ransom is extremely difficult to do properly, sure you can install the malware over a Tor Connection or use a safe VPN in a remote country. However you have to maintain this level of obscurement throughout the attack, specialist investigators can glean lots of information from a variety of advanced forensic tools. The FBI and US security services are notoriously aggressive in pursuing computer criminals across international borders too.