Ransomware hackers know businesses are really where the money is
Sutton’s Law: It isn’t too often that bank robbers make it into history for activities beyond being a criminal but for Willie Sutton, who died in 1980 and robbed $2 million dollars in his lifetime, he not only has a famous phrase but a law which came about because of it.
How it started: In a famous apocryphal story, Sutton was asked by reporter Mitch Ohnstad why he robbed banks. According to Ohnstad, he replied, "Because that's where the money is." The quote evolved into Sutton's law, which is often invoked to medical students as a metaphor for focusing a workup on the most likely diagnosis, rather than wasting time and money investigating every conceivable possibility.
An icon: Most of us will live and die, never having a law named after us or becoming instrumental in how doctors are taught to diagnose health issues. Sutton truly has become a cultural icon. Sadly, for this story, he later denied ever making this statement but we indulge you to ignore this fact for the remainder of this piece.
Banks always a target: Since the beginning of hacking, banks were the target because, well, that’s where the money is. The first reported case of cybercrime was an internal job. Employees siphoned the accumulated interest which wasn’t earmarked for a customer into their own account. In other words, if the bank made daily interest calculations, every time the interest amount was less than the amount that was rounded up, this fraction of a cent was diverted to the hacker account. The bank never saw a problem because the interest amount was accurate when taken in total. Only when the computer system went down and the bank had to manually calculate interest did the scheme get exposed.
Bank cybertheft evolved: Fast forward to today and one of the first areas hackers have gone after when trying to make money is banks. Specifically by launching individual bank Trojans and targeting bank users to steal credentials.
Not a perfect crime: Cybertheives still have to get the money out of the bank without getting caught. This involves money transfers and they can never be certain if law enforcement isn’t following the trail of money to them. In other words, banks are still where the money is but the crime could get you thrown into jail.
Enter ransomware: This epidemic is the dotcom bubble of the cybercriminal world. Infecting the computers of businesses and consumers with Cryptolocker, Cryptowall and other variants has become the perfect crime. Sure, banks are where the money is but businesses will withdraw the money legally from the banks and transfer them to hackers virtually risk-free via bitcoins.
Businesses are the new target: John P. Mello Jr. gives great insight on this paradigm shift in hacking. The banks can rest easy as consumers and businesses are the new targets of cybercriminals around the world. Even worse, there are few if any cases of people being caught, let alone prosecuted for infecting your computers and holding you hostage until you pay.
There is no business safe and no perfectly secure system. The odds of getting infected eventually with some variant of this malware which will lock up all your computers is far closer to 100% than zero.
Knowledge however is your best asset as well as hiring professionals – whether internal or outsourced whose main focus is on protecting your company.
In conclusion, Willie Sutton – if he were alive today would likely be sitting behind a computer in Russia or China hacking away at businesses like yours instead of robbing banks.
If you want to learn more, we invite you to read the following:
A new breed of Hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether its located in New York City, White Plains,Connecticut, Australia, Europe or anywhere else. Our full suite of cybersecurity and IT support servicesis at your disposal so you can spend less time worrying and more on growing your business.
In addition, our new Cybersecurity Compliance Certification for law firms will help keep your firm from becoming the next Panama Papers victim. This baseline cybersecurity audit for the legal industry should be considered seriously by all firms.