Mid 2016: the FBI revealed that cybercriminals had extorted $209m from organisations in the first three months of the year with an estimated annual total of around $1bn. Later it emerged that the impact of ransomware went even deeper as many incidents remained unreported to authorities — as it hit uptime and productivity, the financial effect of ransomware was more in the region of $75bn.
For our fictional antihero, Alex, these figures look very good in his bank account, especially since his aptitude with computers and code has lifted him from a poor rural lifestyle into one where money is no longer an object.
Alex began life in a small rural village. To access a computer, he’d have to first walk some way to the local library, where he spent time teaching himself to code. It wasn’t long before he became the resident expert. He used tutorials on the internet to learn different coding languages and expand his knowledge.
As a teenager, fixing computers in his neighbourhood and village provided Alex with additional income and experience. Then he met Anna, they married and he ended up working in IT for a small company.
Life was actually rather good until 2014. The financial crisis ripped the bottom out from the market and Alex’s life. When his company closed and he lost his job, Anna was pregnant with their second child. Times were beyond tough, making hard decisions necessary.
Alex went into ransomware, and it isn’t difficult to see why. Globally, ransomware attacks were making the news as the financial numbers were more than impressive. People paid in dollars and the code was scalable. Alex was good at setting up servers and knew how to code programs exceptionally, with the help of technical resources like StackOverflow. He could write small programs that could be e-mailed to unwitting victims that encrypted their files and revealed the ransom note when the time was right.
Within 10 minutes of his first ransomware attempt, Alex snagged a victim; he was paid $150 in Amazon gift vouchers. But this early success was almost instantly thwarted. Nobody else paid, his e-mail account was suspended, his domain was taken down, the voucher was revoked and security researchers created an unlocker for his ransomware.
His move to cybercrime had failed faster than it had started.
Until he engaged with the Dark Web.
Here he discovered ransomware that he could buy. Although they were expensive, they were elegantly coded and complex to crack. Alex opted to use a ransomware kit called Tox and earned $8,000 in a week. He made his money in bitcoin, which he cashed out using a dark web contact. He then invested in more sophisticated ransomware kits. Stampado, Satan, Cryptolocker, Petya – they were all available for Alex to use, each with different payment and licensing plans.
Through regular interactions on the Dark Web, Alex formed a network. He expanded his capabilities and toolsets, investing in paid distribution services that used botnets to deliver mass e-mails, drive-by downloads, malvertising, exploit kits and more.
He formed a partnership with a malware developer and soon the two were creating their own kits, focusing on new ransomware ideas that were increasingly complex.
For every defensive strategy implemented by security companies, a new and more efficient counterattack was created by this formidable team. From domain generation algorithms to bitcoin payment terms to changing the files used to initiate the attacks, their methodology changed to outwit common defences.
Today Alex has the kind of financial security he could only have dreamed of when he was a child. His wife and children want for nothing and his children are getting the best education money can buy. Their happiness and his bank account are the drivers behind his relentless efforts to outwit complex security systems. He probably won’t stop as he has no reason to.
This story is fictional, but it illustrates how most attackers enter the profession of ransomware. Circumstance and skill provide them with the tools they need to make money. Ethical considerations are not going to persuade them to quit. The only way a company can fight the ransomware threat is to become a difficult target: get to know the techniques, implement preventative measures, and investing in layered security.
• Erasmus is a director at MWR Infosecurity.
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.