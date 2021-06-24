Ransomware has made daily tech news pages since the beginning of the pandemic. Between an attack on a hospital in Germany or the taking of the air from the system of a major technology supplier, however, the cases also seemed distant and peculiar, until lines at gas stations began to form after one of the largest distributors The US fuel industry became a victim and saw its activities suspended for days, causing a high impact on pumps and prices.

This is what was cited by specialists heard by the ZDNet website as a spike in scams of this type, but contrary to what the idea of ​​a rise of this type usually brings, there is no expectation of a reduction in the short term. On the contrary, news that stricken big companies, such as JBS meat processor and Colonial Pipeline itself, paid ransoms worth millions of dollars to get their systems back proves that cybercrime is more profitable than ever.

Given the sophisticated performance that generates high values ​​on the account, the words of US President Joe Biden, that cases of ransomware against infrastructure would be treated as terrorism, may even sound like bravado. Specialist groups such as Darkside quickly came out saying that they do not want to reach society directly, but they also make it clear: the focus here is not to work for one or another nation or ideology, but rather to continue to profit. And they will, yes, keep doing it.

As Eleanor Fairford, director of incident management at the US government’s National Cybersecurity Center (NCSC) points out, the conclusion is the simplest: this is a model that works, simply because more and more victims are The experts’ recommendations against doing this, as the act that isn’t even a return-of-the-files guarantee, doesn’t sound so good when the supply of fuel or food is at stake. scammers may even sound like a minor loss to the losses of weeks operating below capacity while working on a recovery.

Simple vector, high earnings

Add to this the idea that many of the gateways to ransomware attacks are known vulnerabilities and are often already fixed or easily resolvable by companies, who only notice the problem when it’s too late. Between breaches in Microsoft Exchange servers, poorly configured VPNs or remote access systems with no connection integrity checks, ransomware attacks have also become an easy alternative, remotely applied by criminals fully capable of hiding their real identities while dealing with the prospect of big profits.

More than a widely spreadable money, from different untraceable accounts and different cryptocurrencies, the actions take place from countries without extradition agreements or, even, furtive allies in attacks against political rivals. That’s precisely why Biden turned his cannon to Russia during the G7 meeting last week and pressured President Vladimir Putin not to give shelter to criminals any longer. The leader agreed and said he was on the side of the Americans, eventually saying if these are true words.

Or not, since according to experts, there is a veiled understanding between these countries and cybercrime. Ciaran Martin, a professor at Oxford University and a former director of the NCSC, says there is a legitimate interest from Eastern European countries, as well as Asia, in allowing cybercriminals to act more or less freely, as long as they themselves interests are not met in the process. That’s why, for example, Colonial Pipeline is a target, but not a Russian oil company, for example.

Stricter laws in the West may be of no use in a scenario of this level, and yet, even if the iron fist were to fall on criminals, the gigantic gains could make the risks worthwhile. Martin, however, points out that, little by little, international governments are seeing ransomware attacks primarily as a real and immediate threat, and while arrests and harsh words aren’t so effective, there are other avenues.

Protection and preparation

Experts interviewed by ZDNet point to greater scrutiny, in favor of security measures and failure mitigation, as a way to contain the wave of ransomware attacks. It may be too early to talk about regulations in this sense, it is true, but in cooperation between public authorities and private sectors, especially those linked to essential structures of society, there is already greater pressure to adopt better practices and greater investments in this regard. .

Among elements that should already be standardized, such as periodic backups, backups and application of security updates, is the creation of measures that contain eventual payments and, also, platforms for monitoring potential threats. Artificial intelligence can help pinpoint possible input vectors, erratic behavior, and, most importantly, containment in the event of a successful attack.

The bottom line is that attackers are ready to act at any time, and now it’s time for corporations to get ready to act if something happens. Payment is still an alternative, but what else? The general idea is that, if the case reached the highest levels of government, it is because the danger is more than real, but also immediate, and those who do not have a ready-made action plan will find themselves in a bad light when the time of intrusion arrives. which, increasingly, sounds like an unavoidable possibility. It would no longer be a question of if, but of when.