Behind the booming ransomware industry: How hackers hold businesses hostage | Business Beyond

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

they're happening thousands of times every day ransomware attacks are the cyber threats of our times it seems like no one is safe from having their data encrypted by dark web forces only to be asked to pay to get it back the share of ransomware attacks really dramatically rose over the past years and usually by more than 100 up to 200 per year they're making businesses poorer this is you know big money hundreds of millions of dollars maybe even billions of dollars per year in ransom attacks and hackers much much richer the best cyber criminals in the world like some of the young guys in st petersburg or in other cities around the world they're making a million dollars a month we're witnessing the industrialization of cybercrime not only is there money to be made in demanding large ransoms from hacking victims or from selling their precious data onto third parties but there's also a business opportunity in servicing the hackers themselves in this video we'll follow the money how much are hackers making who is helping them and what are the costs of paying the ransom or not i'm in the district of anhelt bitterfeld in the german state of saxony amholt just a few weeks ago the council here fell victim to a savage cyber attack hackers got into their computer systems and crippled them computers yeah and the council had fallen victim to a classic ransomware attack here's how they usually work having chosen their victim the hacker gains access to key files on their computer having exploited some security flaw to get in the hacker then encrypts the files meaning the victim can no longer use them they'll then discover a ransom demand from the hacker pay up and get your files back 2021 has seen ransomware attacks on a scale never seen before a hack on the colonial pipeline affected fuel supplies to much of the u.s east coast another cyber attack on software provider corsair had an impact on businesses around the world is technique as i speak to you it's three weeks after the original cyber attack but the council here still can't provide some pretty basic services for example in unhealth bitter felt you can currently buy a car you can't drive it anywhere because you can't register it the quickest way out of a ransomware attack is to pay the ransom usually the victim will get access to their files back but if they don't pay well their files stay encrypted and the hacker may even threaten to sell access to those files to someone else so we don't know how much in ransom the hackers are demanding but the cost to the council here of creating a whole new safe network is going to be huge but as soon as a ransomware attack happens the victim can be sure it's going to cost them not only is the average ransom demand estimated at 150 000 to public and private bodies but also there's the cost of recovery and that's potentially the biggest cost of all i mean the average ransomware attack results in 21 days of downtime for a business the cost of that is average to over a quarter of a million dollars hackers are aware of these extra costs to the victims and use them to their advantage when setting the ransom they actually look at you know how much money this company makes a month if we're shutting everything down how how much is it going to cost that organization and what's a good price to set our ransom at that's not too high because we don't want them to you know avoid us and not pay it and try to find other ways to to get back online but not too low because then we're leaving money on the table the past few years have seen ransomware attacks grow not just in number but in size and with that so of the ransoms ransomware if you think back to 2016 was an individual problem and you would have to pay a couple hundred dollars to get the key to recover that data in 2016-2017 timeframe we started seeing threat actors emerge that understood that if they targeted an enterprise with that same attack they could demand much higher dollar figures so three four hundred dollars became ten fifteen twenty thousand dollar in ransom attack that has gone up you know exponentially i think we're seeing routinely millions and millions tens fifty a hundred million dollars even more in some cases in ransom demands and these enormous ransom amounts are being paid colonial pipeline revealed it handed over five million dollars to the hackers just a day after the cyber attack began the world's biggest meat producer jbs paid 11 million to end its ransomware nightmare victims aren't always open about whether or not they pay out but clearly enough of them are we're certainly seeing and aware of many of these ransom payments going out because we track the cryptocurrency wallets that these threat actors are using and we're able to identify when there are payments being made i think it's a lot more frequently than anybody would care to admit because these threat actors aren't going to keep doing these types of attacks if they're not making money off of it however the ransom isn't the only way the hackers can get money out of their victim remember they've had access to all of their precious files they can also make money by reselling data that they gained in the attacks for example of course private personally identifiable data or also let's say identity and access data that will allow third parties to maliciously exploit a company server or something like that we can't talk about the costs of cyber attacks without talking about crypto currencies the fact is ransom payments aren't made in dollars or euros they're made with cryptocurrencies online encrypted currencies that leave no paper trail anonymous untraceable everything a hacker could want it's all the advantages of cash from a criminal standpoint but with this added advantage of it being able to work across the internet you know the problem with cash as a criminal is that it's physical and you have to move it um cryptocurrency removes that issue for them so it's obviously a fairly attractive way to get all this done they can effectively launder that without ever leaving their uh you know their house and then they can also do things like jump from one chain one one blockchain to another blockchain uh so converting it from bitcoin to monero or something like that and it becomes very hard to follow the money so who are they well as the scale of the ransomware hacks has changed in recent years so have the attackers large-scale cyber attacks are rarely carried out by the archetypal individual hacker hunched over a keyboard in a dimly lit room to attack a complex organization often takes a complex organization we see an increasing professional professionalization of ransomware groups actually conducting these attacks so it's not only individuals it's a criminal activity where people want to make money and there's a whole ecosystem there there's an ecosystem of tools ecosystems of organized crime networks hacking networks tool networks uh teams that work together around the world that's rod beckstrom once head of the national cyber security center he spent years on the front line of the us fight against cybercrime no firmament will simplify the world and say there's three superpowers in in hacking there's u.s russia china they have very different models and different motivations you know if you look at the us us kind of wants to be the uh protector of the free world so they're using their their capabilities to watch what's going on in the world prosecute crimes press crew drug rings counter terrorism etc etc if you look at china their goal is to become you know a super rich and prosperous middle kingdom to be a world power russia on the other hand is lost its empire right the soviet union's gone it may wish to regain that and in the meantime it doesn't have the same power status geopolitically it had before and so it seeks relevance how does it become relevant yeah by being disruptive and a great way to be disruptive is to interfere with your rivals infrastructure and their businesses there's an important distinction to make when it comes to national governments and cyber attacks and that's between states commissioning the hacks themselves or simply just allowing them to be carried out from their territory there's definitely a sense of it being easier to conduct this sort of operation in in certain parts of the world compared to others so that's not the same as a nation-state funding this type of activity but you know in terms of its consequence it's kind of similar the us and others have accused russia of providing a safe haven for hackers turning a blind eye to their activities as long as russian targets are left alone the kremlin has never confirmed nor denied it the country's surplus of computing talent and shortage of well-paid jobs make russia a rich breeding ground for hackers when you have state-run hacking activities the people that work for the state as employees of the government don't make nearly as much as they can make doing criminal activities that this hacking is bad for russia because you're teaching your best and brightest you're brilliant young people who could be building companies and and building fruitful technologies in some cases in many cases are doing criminal activities and that's not good often these criminal groups can rival in size their biggest targets vast networks of hackers operating on the dark web not only carrying out the ransomware attacks but helping others to execute them too it's known as ransomware as a service and like its legitimate counterparts software as a service it involves the leasing out of computer programs at a price but you won't find a download link for these ones by searching on google it handles all of the key management it handles all of the data extortion in some cases and it also can handle the negotiation and payment in some cases and so you can come in as a fairly novice criminal actor just having some skills and use this ransomware as a service to basically be the back end of your operations what we can see is that these groups become increasingly professional not only in terms of the tools that they develop but also in terms of the let's say customer service they offer to clients and for that that service they're taking you know 20 25 30 off the top of the ransom demand these dark web services include a lot of the things we expect from the normal web the wannabe hacker can get access to customer support faqs and even reviews i would argue that ransomware operators took some cues from silicon valley and and that was actually a part of you know what kind of inspired ransomware as a service it's not that silicon values to blame and these criminal groups won't just offer support to the hacker who hires them they'll also offer their services to the party who's been hacked they engage with these victims in case victims have questions on you know how to pay or how how to regain their data or how to pay the ransom because it's in the interest of these ransomware groups to get paid or to receive the ransoms if you get infected with ransomware it will teach you how to sign up for a bitcoin wallet how to you know connect your credit card to all these different things is very helpful um in that sense like some of these these operators even have like fully serviced and actually quite good support services the whole industry around hacking has reached a level of professionalism that many legitimate sectors could only dream of with the cybercrime business booming on the dark web are we losing the battle against the hackers i don't think that either public or private companies are especially well prepared for ransomware attacks these attacks are extremely complex and the technologies that they target are extremely complex so it's very difficult for one organization to secure their entire networks against any kind of attack it's about being uh you know having good hygiene being being safe but also being forward working with threat hunting and threat intelligence to make sure that you're not waiting to be a victim uh because if you are are hoping it's not gonna happen to you hope is not a strategy calling it out as a business model that's deliberate because ransoms go back you know at least 500 600 years um in in terms of written history like it's not a new idea it's just being applied in this different framework and and that framework makes it really successful i have a law of cyber security it's called beckstrom's law of cyber security it's 12 words anything networked can be hacked everything is being networked everything is vulnerable and that's all from this edition of dw business beyond if you want to know more about the money that makes the world go round check out our playlist and while you're clicking on things why not click on like and subscribe too cheers you

Info

Channel: DW News

Views: 102,519

Rating: undefined out of 5

Keywords: DW News, ransomware, hackers, hacking, business beyond, ransomware attack, cyber security

Id: HpJDa3J3lvU

Channel Id: undefined

Length: 16min 9sec (969 seconds)

Published: Sat Sep 04 2021