Cyber Attacks: Many big companies in America were recently cyber attacked, criminals also demanded ransom. This issue was also raised in the G-7 meeting.
Cybercriminals cooperate with each other (Cyber Attacks) – symbolic picture
Dark Web Explained: Recently the G-7 summit was held in Cornwall, UK. In which member countries expressed their willingness to work together to deal with gangs that carry out ransomware attacks. A few days later, US President Joe Biden met with Russian President Vladimir Putin, where the extradition process to bring Russian cybercriminals to justice in the US was also discussed. It is reported that Putin has agreed in principle to this, but he has insisted on extradition from both sides.
Now only time will tell whether the extradition treaty is reached or not, but if there is a treaty, then who will be extradited exactly and for whom? These questions will remain. David S. Wall, Professor of Criminology at the University of Leeds, UK, says on this, the problem of ransomware for law enforcement – in which malware (suspicious software, also called computer virus) is used to steal organization’s documents.
After theft, after that they stop them for ransom. It is like a double edged sword. Not only is it a mixed crime, involving different offenses in different bodies of law, but it is also a crime that spans different police agencies and, in many cases, several countries and does not involve a single main culprit. is. Ransomware attacks involve different networks of cybercriminals and are often unaware of each other in order to minimize the risk of arrest.
In such a situation, it is important to look at these crimes in detail to understand how the US and the G7 deal with the increasing ransomware attack. From what we have seen during the pandemic, in May 2021 there were at least 128 such attacks that happened in the world and they were made public. When we put together the links, what we find is a professional industry that is far removed from the rules of organized crime and seems to draw its inspiration directly from the everyday activities of business.
Economic losses due to attacks
The ransomware industry causes huge amount of loss in today’s world. These attacks not only have economic repercussions, causing billions of dollars in damage, but the data stolen by the attacker continues to move up the crime chain and fuel other cybercriminals. The nature of ransomware attacks is also changing. The crime industry business model has changed and it is now more like providing ransomware as a service.
This means operators provide suspicious software, manage ransom and payment systems. Then also manage the reputation of the ‘brand’, but do not show up so as to reduce the risk of arrest, they recruit associates on a hefty commission to use their software to attack. The result is an intensive division of labor to commit the crime, in which the person who has the malware (virus) may not necessarily plan and embody the ransomware attack. To further complicate this arrangement, both parties to commit crimes are served by the elaborate cybercrime ecosystem.
How does ransomware work?
David says, there are several stages of ransomware attack, which I have come to this conclusion after analyzing about 4000 attacks between 2012 and 2021. The first is a reconnaissance attack in which criminals identify a potential victim and break into their network. The hackers then create ‘early access’ on the basis of passwords obtained from dork web or other forgery.
Once early access is gained, attackers elevate their privileges to search for key organization figures whose thefts cause more damage to the victim and hold her hostage for ransom. That’s why medical records and police records of hospitals are often targeted by ransomware. After stealing these data, criminals keep them safe before installing or activating any ransomware.
the victim is indicated
The victim organization is then given the first signal that they have been attacked, ransomware is installed and access to the organization’s critical data is cut off. The victim is immediately shamed by registering a leaked website on the dark web of the ransomware gang. Press releases may also be issued, which may threaten to make the sensitive stolen data public, intended to intimidate the victim into paying a ransom.
A successful ransomware attack is considered one in which the ransom is paid in cryptocurrency. Which is difficult to trace and the amount can be easily converted into normal currency. Cyber criminals often invest in this to increase their income and pay associates through it so that they cannot be caught.
Experts are prepared for attacks
It is possible that properly skilled criminals can do all the work but this is very rare. It is customary to have a crime group to reduce the risk of being caught, and have specialists for different levels of attack. These groups benefit from interdependence as the accountability of the crime changes at each stage. The underground world of cybercrime is full of expertise.
Among them are spammers who are served as spying, conspiracy and fraudsters to steal people’s information and the data broker sells these stolen data on the dork web. These data can only be procured by a ‘Beginner Access Broker’ who specializes in initial breaches into computer systems. This sale happens before the data is sold to ransomware attackers.
criminals work as brokers
These attackers often act as facilitating brokers for the crime and their service is used to service ransomware software as well as other suspected malware. These coordinated groups, vendors of darkmarkets, provide an online marketplace where criminals can openly sell stolen data and start a business service, usually through the Tor network on the dorkweb.
There are also currency traders who convert cryptocurrency into traditional currency, while intermediaries representing the victim and the perpetrator negotiate the ransom amount. This ecosystem is growing continuously. For example, recent activity has included a ‘ransomware advisor’, which charges a fee for advising criminals in critical stages of an attack.
How difficult is it to arrest a criminal?
Governments and law enforcement agencies have stepped up their efforts to tackle ransomware criminals after nearly a year of being terrified of cyber attacks. In June 2021, when the G-7 meeting was taking place in Cornwall, the police of Ukraine and South Korea were coordinating to nab the infamous CLOP ransomware gang. That same week, Russian national Oleg Koshkin was convicted by a US court of running a malware encryption service that criminal groups were using to conduct cyberattacks while evading antivirus software.
While these developments are inevitable, ransomware attacks are complex crimes involving multiple networks of criminals. As criminals are changing the way criminals commit crimes, law enforcers and cyber security experts will also have to step up efforts to tackle them. But the relative inertia in the police department and the absence of arrest of the main culprit will keep them a step behind from these cybercriminals even if an extradition treaty is signed between the US and Russia.
Also read- Pakistan’s Foreign Minister Qureshi was defending the Taliban, the NSA of Afghanistan gave the answer, then Pakistan got furious
Also read- Alien Life: Mushrooms on the Surface of Mars, Radio Signals Found in 1977… Events That Point to Aliens