Cyber criminals launching more professional attacks
By Gracie Awalt, Marketing Associate
In 2019, health care experienced more ransomware attacks than other industries, according to research conducted by the Beazley Group. Cybercrime is now so prevalent, that the Federal Bureau of Investigation (FBI) recently declared the payment of ransom to be a personal business decision. (The FBI had previously advised against making ransom payments.)
“Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals. However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers,” according to an FBI statement released in October 2019.
Attack systems evolve
As cybercrime becomes more common, cybercriminals are launching increasingly professional attacks. Like an ecosystem, cybercrime is being conducted by a network of individuals – someone writes the code; someone provides the customer service; and a graphic designer creates more aesthetic ransomware.
There are even been reports of “entrepreneurial coders” who create easy-to-use ransomware-as-a-service platforms, allowing inexperienced hackers to gain access to coding services and the tools necessary to become cybercriminals.
And as more victims choose to pay ransom, cybercriminals are employing customer service tactics to engage with victims in chat rooms, providing cryptocurrency payment advice and guidance on restoring stolen data.
F-Secure, a Finnish cyber security company, studied the customer service practices of several ransomware groups – Cryptomix, Shade, Jigsaw, TorrentLocker and Cerber.
For the study, they created a fake Hotmail account for “Christine,” a fictitious woman who was not tech-savvy. The company used an actual non-technically oriented person to pose as “Christine” and contact the criminals behind each ransomware attack through chat rooms.
The study found that these customer service departments often agreed to lower ransom prices. F-Secure was able to negotiate a 29% average discount. Customer service also agreed to extend payment deadlines.
The ransomware group Cerber was found to have the “most professional-looking webpages.” Each page could be translated into 12 different languages, and the homepage displayed the current ransom price and a deadline countdown. Other pages included FAQs, a chat support page, and a free trial decryption page.
Jigsaw was identified as the ransomware group with the best customer service. The customer service employee, communicating via email, was flexible with the ransom price and payment deadline, and helpfully described how to pay with cryptocurrency.
“The customer care that the criminals provide appears to be effective . . . I hate to say it. It’s mass crime, conducted in business as usual fashion,” said Erka Koivunen, a cyber security advisor for F-Secure.
To learn more about protecting yourself from cybercriminals, please visit our Cyber Resource site.
Sources
- https://www.us-cert.gov/Ransomware
- https://www.beazley.com/documents/2019/Beazley-Breach-Briefing-2019-Press-release.pdf
- https://www.ic3.gov/media/2019/191002.aspx
- https://www.theneweconomy.com/technology/raas-satans-business-model
- https://www.cnet.com/news/ransomware-goes-pro-customer-service-google-25-million-black-hat/
- https://f-secure.bg/wp-content/uploads/2016/08/customer_journey_of_crypto-ransomware_f-secure.pdf
Gracie Awalt can be reached at gracie-awalt@tmlt.org.