Not only America and Russia, but all countries of the world are suffering from ransomware attacks. The network of these cybercriminals is so powerful that legal agencies are unable to reach the real criminal even if they want to. A few days ago, at the G-7 meeting held on the shores of the Gulf of Corbys in Britain, all member countries expressed their willingness to work together to deal with the ransomware groups. A few days later, US President Joe Biden met with Russian President Vladimir Putin. During it, the two leaders also discussed the extradition process to bring Russian cybercriminals to justice in the United States. In fact, America blames Russia for every cyberattack. The cyber attack is also a major issue of litigation between the two countries.
Cybercriminals help each other
These Darkwave cybercriminals also help save each other. This is the reason why after each cyberattack, these criminals quietly escape without leaving any evidence. Davis S Wall, professor of criminal science at the University of Leeds, UK, has studied these cybercriminals in depth. They also discovered in their research why these cybercriminals help each other while in enemy countries?
US, Russia agree on extradition of cybercriminals
Professor David S. Wall said it is reported that Putin agreed to this in principle, but insisted on extradition on both sides. Now only time will tell if the extradition treaty is concluded or not, but if there is a treaty, then who exactly will be extradited and for whom? The problem of law enforcement ransomware, in which malicious software (suspicious software, also known as computer viruses) is used to steal organizational documents and keep them for ransom, is a weapon of choice. double-edged.
It is so hard to catch the culprit of the ransomware attack
Not only is it a mixed crime, involving different offenses in different law bodies, but it is also a crime that concerns different police services and, in many cases, several countries and does not have a single main culprit. . Ransomware attacks involve different networks of cybercriminals and often do not know each other in order to minimize the risk of arrest.
Ransomware attacks become a professional industry
It is therefore important to examine these crimes in detail to understand how the United States and the G7 are handling the growing ransomware attacks that we have seen during the pandemic, with at least 128 such attacks in May 2021 having occurred. in the world and have been committed. Public. What you find when you combine the links is a professional industry far removed from the rules of organized crime and which seems to draw its inspiration directly from the daily activities of companies.
Not only the loss of money, the crime also gets encouragement
The ransomware industry causes huge losses in today’s world. Not only do these attacks have economic repercussions, causing billions of dollars in damage, but data stolen by the attacker continues to travel up the chain of crime and fuel other cybercriminals.
Changing the nature of ransomware attacks
The nature of ransomware attacks is also changing. The business model of the crime industry has changed and it is now more about providing ransomware as a service. This means that operators providing suspicious software, managing ransom and payment systems and also managing the reputation of the “brand”, but not exposed, reducing the risk of arrest, use their software for attacks to recruit associates. on heavy commissions.
The virus maker is not the attacker in all cases
The result is an intensive division of labor to commit the crime in which the person with the malware (virus) cannot necessarily plan and embody the ransomware attack. To further complicate this arrangement, both parties to commit crimes are served by the larger cybercrime ecosystem.
How does the ransomware work?
There are several stages of ransomware attack, which I came to this conclusion after analyzing around 4000 attacks between 2012 and 2021. The first is a reconnaissance attack in which criminals identify a potential victim and break in. in his network. Hackers then create initial access based on passwords obtained from dork web or other frauds etc.
What do cybercriminals do after getting the password?
Once early access is granted, attackers increase their privileges to search for key figures in the organization whose thefts cause more damage to the victim and hold them hostage for ransom. This is why hospital medical and police records are often targeted by ransomware. After stealing this data, criminals keep it safe before installing or activating ransomware.
Victims accept ransom from the organization
The victim organization then receives the first signal that it has been attacked, ransomware is installed and access to critical organizational data is cut off. The victim is immediately covered in shame as they drop a leaked website on the ransomware gang’s dark web. Press releases may also be issued that threaten to make the stolen sensitive data public, with the aim of intimidating the victim into paying a ransom.
The ransom is paid in cryptocurrency
A successful ransomware attack is considered to be an attack in which the ransom money is paid in cryptocurrencies that are difficult to trace and can be easily converted into normal currency. Cybercriminals often invest in it to increase their income and remunerate their associates through it so they don’t get caught.
It is possible that reasonably trained criminals will do all the work, but it is very rare. Criminal groups have practices to reduce the risk of being caught, and experts are trained for different levels of attack. These groups benefit from interdependence as the responsibility for crime changes at each stage. The underground world of cybercrime is full of expertise. Among them are spammers who serve as spy, conspiracy and fraudsters to steal people’s information and the data broker sells this stolen data on the dork web.
This data can only be obtained by a “beginner access broker” specializing in early breaches of computer systems. This sale takes place before the data is sold to ransomware attackers. These attackers often act as facilitating brokers for crimes and are also used to serve ransomware as well as other suspected malware.
Online sale of stolen data
These coordinated groups, black market vendors, provide an online marketplace where criminals can openly sell stolen data and start a commercial service, usually through the Tor network on the dorkweb. There are also currency traders who convert cryptocurrency to traditional currency, while intermediaries representing the victim and the perpetrator negotiate the ransom amount. This ecosystem is constantly growing. For example, recent activity has included “ransomware consultants” who charge fees to advise criminals at critical stages of an attack.
arrest of a criminal
Governments and law enforcement have stepped up efforts to tackle ransomware criminals after nearly a year of cyber attacks. Police in Ukraine and South Korea were coordinating to catch the infamous CLOP ransomware gang when the G-7 met in Cornwall in June 2021. The same week, Russian national Oleg Koshkin was convicted in a US court for running a malware encryption service that criminal groups used to carry out cyber attacks while avoiding antivirus software.
Police and agencies must be faster than criminals
While these developments are inevitable, ransomware attacks are complex crimes involving multiple criminal networks. As criminals change the way they act, law enforcement and cybersecurity experts will also need to step up their efforts to deal with it. But, the relative inertia of the police services and the lack of arrest of the main culprit will hold them back from these cybercriminals even if an extradition treaty is signed between the United States and Russia.