Cyber criminals launching more professional attacks

January 27, 2020 Gracie Awalt

By Gracie Awalt, Marketing Associate

In 2019, health care experienced more ransomware attacks than other industries, according to research conducted by the Beazley Group. Cybercrime is now so prevalent, that the Federal Bureau of Investigation (FBI) recently declared the payment of ransom to be a personal business decision. (The FBI had previously advised against making ransom payments.)

“Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals. However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers,” according to an FBI statement released in October 2019.

 

Attack systems evolve

As cybercrime becomes more common, cybercriminals are launching increasingly professional attacks. Like an ecosystem, cybercrime is being conducted by a network of individuals – someone writes the code; someone provides the customer service; and a graphic designer creates more aesthetic ransomware.

There are even been reports of “entrepreneurial coders” who create easy-to-use ransomware-as-a-service platforms, allowing inexperienced hackers to gain access to coding services and the tools necessary to become cybercriminals.

And as more victims choose to pay ransom, cybercriminals are employing customer service tactics to engage with victims in chat rooms, providing cryptocurrency payment advice and guidance on restoring stolen data.

F-Secure, a Finnish cyber security company, studied the customer service practices of several ransomware groups – Cryptomix, Shade, Jigsaw, TorrentLocker and Cerber.

For the study, they created a fake Hotmail account for “Christine,” a fictitious woman who was not tech-savvy. The company used an actual non-technically oriented person to pose as “Christine” and contact the criminals behind each ransomware attack through chat rooms.

The study found that these customer service departments often agreed to lower ransom prices. F-Secure was able to negotiate a 29% average discount. Customer service also agreed to extend payment deadlines. 

The ransomware group Cerber was found to have the “most professional-looking webpages.” Each page could be translated into 12 different languages, and the homepage displayed the current ransom price and a deadline countdown. Other pages included FAQs, a chat support page, and a free trial decryption page.

Jigsaw was identified as the ransomware group with the best customer service. The customer service employee, communicating via email, was flexible with the ransom price and payment deadline, and helpfully described how to pay with cryptocurrency.

“The customer care that the criminals provide appears to be effective . . . I hate to say it. It’s mass crime, conducted in business as usual fashion,” said Erka Koivunen, a cyber security advisor for F-Secure.

To learn more about protecting yourself from cybercriminals, please visit our Cyber Resource site.  

 

Sources

  1. https://www.us-cert.gov/Ransomware
  2. https://www.beazley.com/documents/2019/Beazley-Breach-Briefing-2019-Press-release.pdf
  3. https://www.ic3.gov/media/2019/191002.aspx
  4. https://www.theneweconomy.com/technology/raas-satans-business-model
  5. https://www.cnet.com/news/ransomware-goes-pro-customer-service-google-25-million-black-hat/
  6. https://f-secure.bg/wp-content/uploads/2016/08/customer_journey_of_crypto-ransomware_f-secure.pdf

 

Gracie Awalt can be reached at gracie-awalt@tmlt.org.

Previous Article
TMB updates rules for physicians who retire, close, or leave a practice
TMB updates rules for physicians who retire, close, or leave a practice

Retiring, closing, or leaving a practice? You can now notify patients electronically and on your website.

Next Article
TMLT gives back
TMLT gives back

TMLT gives back by supporting organized medicine, providing medical school scholarships, and donating to ch...