Behind the booming ransomware industry: How hackers hold businesses hostage | Business Beyond

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
they're happening thousands of times every day  ransomware attacks are the cyber threats of our   times it seems like no one is safe from  having their data encrypted by dark web   forces only to be asked to pay to get it  back the share of ransomware attacks really   dramatically rose over the past years and  usually by more than 100 up to 200 per year   they're making businesses poorer this is you  know big money hundreds of millions of dollars   maybe even billions of dollars per year in  ransom attacks and hackers much much richer   the best cyber criminals in the world like  some of the young guys in st petersburg or   in other cities around the world they're making  a million dollars a month we're witnessing the   industrialization of cybercrime not only is  there money to be made in demanding large   ransoms from hacking victims or from selling their  precious data onto third parties but there's also   a business opportunity in servicing the hackers  themselves in this video we'll follow the money   how much are hackers making who is helping them  and what are the costs of paying the ransom or not i'm in the district of anhelt bitterfeld in the   german state of saxony amholt just a few  weeks ago the council here fell victim   to a savage cyber attack hackers got into their  computer systems and crippled them computers yeah and the council had fallen victim to a classic  ransomware attack here's how they usually   work having chosen their victim the hacker  gains access to key files on their computer   having exploited some security flaw to get  in the hacker then encrypts the files meaning   the victim can no longer use them they'll then  discover a ransom demand from the hacker pay up   and get your files back 2021 has seen ransomware  attacks on a scale never seen before a hack on   the colonial pipeline affected fuel supplies  to much of the u.s east coast another cyber   attack on software provider corsair had  an impact on businesses around the world is technique as i speak to you it's three weeks after the  original cyber attack but the council here   still can't provide some pretty basic services  for example in unhealth bitter felt you can   currently buy a car you can't drive it  anywhere because you can't register it   the quickest way out of a ransomware attack  is to pay the ransom usually the victim will   get access to their files back but if they  don't pay well their files stay encrypted   and the hacker may even threaten to sell  access to those files to someone else so we don't know how much in ransom the hackers  are demanding but the cost to the council here   of creating a whole new safe  network is going to be huge but as soon as a ransomware attack happens  the victim can be sure it's going to   cost them not only is the average ransom demand  estimated at 150 000 to public and private bodies   but also there's the cost of recovery  and that's potentially the biggest   cost of all i mean the average ransomware attack  results in 21 days of downtime for a business   the cost of that is average to  over a quarter of a million dollars   hackers are aware of these extra costs to the  victims and use them to their advantage when   setting the ransom they actually look at  you know how much money this company makes   a month if we're shutting everything down how  how much is it going to cost that organization   and what's a good price to set our ransom at  that's not too high because we don't want them to   you know avoid us and not pay it and try to find  other ways to to get back online but not too low   because then we're leaving money on the table the  past few years have seen ransomware attacks grow   not just in number but in size and with that so  of the ransoms ransomware if you think back to   2016 was an individual problem and you would have  to pay a couple hundred dollars to get the key   to recover that data in 2016-2017 timeframe  we started seeing threat actors emerge that   understood that if they targeted an enterprise  with that same attack they could demand much   higher dollar figures so three four hundred  dollars became ten fifteen twenty thousand   dollar in ransom attack that has gone up you  know exponentially i think we're seeing routinely   millions and millions tens fifty a hundred million  dollars even more in some cases in ransom demands   and these enormous ransom amounts are being  paid colonial pipeline revealed it handed   over five million dollars to the hackers  just a day after the cyber attack began   the world's biggest meat producer jbs paid  11 million to end its ransomware nightmare   victims aren't always open about whether or  not they pay out but clearly enough of them   are we're certainly seeing and aware of many of  these ransom payments going out because we track   the cryptocurrency wallets that these threat  actors are using and we're able to identify when   there are payments being made i think it's a  lot more frequently than anybody would care to   admit because these threat actors aren't  going to keep doing these types of attacks   if they're not making money off of it however  the ransom isn't the only way the hackers can   get money out of their victim remember they've  had access to all of their precious files   they can also make money by reselling data  that they gained in the attacks for example   of course private personally identifiable data  or also let's say identity and access data   that will allow third parties to maliciously  exploit a company server or something like that   we can't talk about the costs of cyber attacks  without talking about crypto currencies   the fact is ransom payments aren't made  in dollars or euros they're made with   cryptocurrencies online encrypted currencies  that leave no paper trail anonymous untraceable   everything a hacker could want it's all the  advantages of cash from a criminal standpoint but   with this added advantage of it being able to work  across the internet you know the problem with cash   as a criminal is that it's physical and you have  to move it um cryptocurrency removes that issue   for them so it's obviously a fairly  attractive way to get all this done   they can effectively launder that without ever  leaving their uh you know their house and then   they can also do things like jump from one chain  one one blockchain to another blockchain uh so   converting it from bitcoin to monero or something  like that and it becomes very hard to follow the   money so who are they well as the scale of the  ransomware hacks has changed in recent years   so have the attackers large-scale cyber attacks  are rarely carried out by the archetypal   individual hacker hunched over a keyboard in a  dimly lit room to attack a complex organization   often takes a complex organization we see an  increasing professional professionalization   of ransomware groups actually conducting  these attacks so it's not only individuals   it's a criminal activity where people want to make  money and there's a whole ecosystem there there's   an ecosystem of tools ecosystems of organized  crime networks hacking networks tool networks uh   teams that work together around the world that's  rod beckstrom once head of the national cyber   security center he spent years on the front line  of the us fight against cybercrime no firmament   will simplify the world and say there's three  superpowers in in hacking there's u.s russia china   they have very different models and different  motivations you know if you look at the us us kind   of wants to be the uh protector of the free world  so they're using their their capabilities to watch   what's going on in the world prosecute crimes  press crew drug rings counter terrorism etc etc   if you look at china their goal is to become you  know a super rich and prosperous middle kingdom   to be a world power russia on the other hand is  lost its empire right the soviet union's gone   it may wish to regain that and in the meantime it  doesn't have the same power status geopolitically   it had before and so it seeks relevance how does  it become relevant yeah by being disruptive and a   great way to be disruptive is to interfere with  your rivals infrastructure and their businesses   there's an important distinction to make when it  comes to national governments and cyber attacks   and that's between states commissioning the  hacks themselves or simply just allowing them   to be carried out from their territory there's  definitely a sense of it being easier to conduct   this sort of operation in in certain parts of the  world compared to others so that's not the same as   a nation-state funding this type of activity but  you know in terms of its consequence it's kind of   similar the us and others have accused russia  of providing a safe haven for hackers turning a   blind eye to their activities as long as russian  targets are left alone the kremlin has never   confirmed nor denied it the country's surplus of  computing talent and shortage of well-paid jobs   make russia a rich breeding ground for hackers  when you have state-run hacking activities the   people that work for the state as employees  of the government don't make nearly as much   as they can make doing criminal activities  that this hacking is bad for russia because   you're teaching your best and brightest you're  brilliant young people who could be building   companies and and building fruitful technologies  in some cases in many cases are doing criminal   activities and that's not good often these  criminal groups can rival in size their biggest   targets vast networks of hackers operating on  the dark web not only carrying out the ransomware   attacks but helping others to execute them too  it's known as ransomware as a service and like   its legitimate counterparts software as a service  it involves the leasing out of computer programs   at a price but you won't find a download link for  these ones by searching on google it handles all   of the key management it handles all of the data  extortion in some cases and it also can handle   the negotiation and payment in some cases and so  you can come in as a fairly novice criminal actor   just having some skills and use this ransomware  as a service to basically be the back end of your   operations what we can see is that these groups  become increasingly professional not only in   terms of the tools that they develop but also in  terms of the let's say customer service they offer   to clients and for that that service they're  taking you know 20 25 30 off the top of the   ransom demand these dark web services include a  lot of the things we expect from the normal web   the wannabe hacker can get access to customer  support faqs and even reviews i would argue that   ransomware operators took some cues from silicon  valley and and that was actually a part of you   know what kind of inspired ransomware as a  service it's not that silicon values to blame   and these criminal groups won't just offer support  to the hacker who hires them they'll also offer   their services to the party who's been hacked they  engage with these victims in case victims have   questions on you know how to pay or how how  to regain their data or how to pay the ransom   because it's in the interest of these ransomware  groups to get paid or to receive the ransoms   if you get infected with ransomware it will teach  you how to sign up for a bitcoin wallet how to   you know connect your credit card to all these  different things is very helpful um in that sense   like some of these these operators even have  like fully serviced and actually quite good   support services the whole industry around  hacking has reached a level of professionalism   that many legitimate sectors could only  dream of with the cybercrime business   booming on the dark web are we losing the  battle against the hackers i don't think that   either public or private companies are especially  well prepared for ransomware attacks these attacks   are extremely complex and the technologies that  they target are extremely complex so it's very   difficult for one organization to secure their  entire networks against any kind of attack it's   about being uh you know having good hygiene  being being safe but also being forward working   with threat hunting and threat intelligence to  make sure that you're not waiting to be a victim   uh because if you are are hoping it's not gonna  happen to you hope is not a strategy calling it   out as a business model that's deliberate because  ransoms go back you know at least 500 600 years   um in in terms of written history like it's not a  new idea it's just being applied in this different   framework and and that framework makes it really  successful i have a law of cyber security it's   called beckstrom's law of cyber security it's  12 words anything networked can be hacked   everything is being networked everything is  vulnerable and that's all from this edition of dw   business beyond if you want to know more about the  money that makes the world go round check out our   playlist and while you're clicking on things  why not click on like and subscribe too cheers you
Info
Channel: DW News
Views: 102,519
Rating: undefined out of 5
Keywords: DW News, ransomware, hackers, hacking, business beyond, ransomware attack, cyber security
Id: HpJDa3J3lvU
Channel Id: undefined
Length: 16min 9sec (969 seconds)
Published: Sat Sep 04 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.