This past week has been instructive with regards to tech companies and ransomware. As we have written about previously, ransomware has become extortionware.
Ransomware has been a threat to computer users since the late 1980s. It first emerged as a relatively simple form of malware that would encrypt the victim's files and demand a ransom in exchange for the decryption key. Over time, ransomware attacks became more sophisticated, and attackers began to target not only individuals but also businesses and government organizations.
One of the key turning points in the evolution of ransomware into extortionware was the emergence of the CryptoLocker ransomware in 2013. CryptoLocker used advanced encryption algorithms to lock victims out of their files and demanded payment in exchange for the decryption key. What set CryptoLocker apart from earlier forms of ransomware was that it was designed to be extremely difficult to decrypt without paying the ransom.
After the success of CryptoLocker, other ransomware developers began to adopt similar tactics. They began to target larger organizations and demand larger ransoms, sometimes in the millions of dollars. In some cases, attackers would threaten to publish sensitive data stolen from the victim's systems if the ransom was not paid, effectively turning the ransomware into extortionware.
Another key development was the emergence of Ransomware-as-a-Service (RaaS) platforms, which made it easier for criminals with little technical expertise to launch ransomware attacks. RaaS platforms provide a user-friendly interface that allows criminals to create and distribute ransomware without having to write any code themselves.
What could happen when a ransom is not paid?
Recently, hackers have released a large cache of data belonging to US network infrastructure giant CommScope, including Social Security numbers and bank account details of thousands of its employees. The North Carolina-based company designs and manufactures network infrastructure products for a variety of customers, including hospitals, schools, and US federal agencies. The data was published on the dark web leak site of the Vice Society ransomware gang, which typically releases stolen data when efforts to secure a ransom payment fail – thus the term extortionware. TechCrunch reviewed parts of the data, which include internal documents, invoices, and technical drawings, along with personal data of thousands of CommScope employees, including full names, postal addresses, email addresses, personal numbers, Social Security numbers, and bank account information. The hackers appear to have gained deep access to the company’s network, exfiltrating backups of data related to its MyCommScope customer portal and internal intranet.
It is unclear how many employees have been affected as CommScope employs more than 30,000 people globally. CommScope confirmed that it had detected “unauthorized access to a portion of our IT infrastructure that we determined was the result of a ransomware incident” on March 27. The company launched a forensic investigation with the help of a cybersecurity firm and notified law enforcement. A CommScope spokesperson stated that the company is working with third-party experts to validate the hackers’ claims and understand the nature of the information that has been published. The company declined to answer questions regarding the leaked employee data, and it is uncertain if affected employees have been informed.
CommScope confirmed that it has not found any evidence that customer information was accessed during the breach. The company, however, declined to say whether it has the means to determine what data was stolen from its systems. It is also unclear how the company’s systems were compromised or whether it has received any communication from the Vice Society hackers.
The Vice Society ransomware gang first made headlines in 2022 during a spate of cyberattacks targeting the healthcare and education sectors. The gang recently turned its attention to the manufacturing sector, according to cybersecurity firm Trend Micro, which predicts that Vice Society will remain a “significant player” in the ransomware landscape.
Sometimes we get to witness the drama of hackers extorting companies in near real time as is the case with Western Digital.
The data storage giant, was hacked by a group of extortionists who claimed to have stolen around 10 terabytes of data, including customer information, from the company. The hackers are demanding a ransom of “minimum 8 figures” to prevent them from publishing the stolen data. Western Digital had disclosed “a network security incident” on April 3, reporting that hackers had accessed “a number of the Company’s systems.” Although the company provided few details about the stolen data, one of the hackers spoke with TechCrunch and provided more information about the breach, including a file that was digitally signed with Western Digital’s code-signing certificate. The hacker also shared phone numbers allegedly belonging to several company executives, who did not answer the calls or only went to automated voicemail messages.
The hackers also shared screenshots showing a folder from a Box account apparently belonging to Western Digital, an internal email, files stored in a PrivateArk instance, and a screenshot of a group call where one of the participants is identified as Western Digital’s chief information security officer. They said they were able to steal data from the company’s SAP Backoffice, a back-end interface that helps companies manage e-commerce data. The hacker claimed that their goal when they hacked Western Digital was to make money, but they decided against using ransomware to encrypt the company’s files.
The hackers emailed several executives, using their personal email addresses because the corporate email system was down, demanding a “one-time payment.” The email threatened retaliation if they continued down their current path. The hackers also warned that they were still in the company’s network and would keep digging until they received payment. Western Digital declined to comment or answer any questions about the hacker’s claims.
If Western Digital fails to respond to the hackers, they are ready to start publishing the stolen data on the website of the ransomware gang Alphv. The hacker said that they are not directly affiliated with Alphv but know them to be professional. The hackers said they chose Western Digital randomly, and they did not go by any name or provide any information about themselves or the group.
What has the US government done to address the threats of ransomware, extortionware and cybersecurity in general?
Creation of cybersecurity agencies and task forces: The U.S. government has established various agencies and organizations dedicated to addressing cybersecurity issues, such as the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency's (NSA) Cybersecurity Directorate, and the FBI's Cyber Division.
Executive Orders and National Cyber Strategy: The government has issued several executive orders and strategies to improve cybersecurity, such as the 2018 National Cyber Strategy and the 2021 Executive Order on Improving the Nation's Cybersecurity. These documents outline strategic objectives and actions for enhancing cybersecurity across the public and private sectors.
Information sharing and collaboration: The U.S. government has encouraged public-private partnerships, such as the Cybersecurity Information Sharing Act (CISA), which aims to facilitate the sharing of threat intelligence and best practices among government agencies and private sector organizations.
Strengthening cyber defense capabilities: The U.S. has invested in developing advanced cyber defense tools, training, and workforce development programs to improve the skills and expertise of cybersecurity professionals. Initiatives like the Cybersecurity Workforce Framework and the Federal Cybersecurity Workforce Assessment Act aim to build a more robust cyber workforce.
International cooperation: The U.S. has participated in international efforts to combat cyber threats, working with allies and partners to share information, establish norms and rules of behavior in cyberspace, and build capacity to deter and respond to cyber attacks.
Regulatory efforts: The U.S. government has implemented various regulatory measures to improve cybersecurity across critical infrastructure sectors, such as the Federal Information Security Management Act (FISMA) and the NIST Cybersecurity Framework, which provide guidelines for organizations to manage and reduce cybersecurity risks.
Research and development: The U.S. government has invested in cybersecurity research and development through programs such as the Cybersecurity National Action Plan (CNAP) and the National Initiative for Cybersecurity Education (NICE), which aim to develop new technologies and strategies for addressing cybersecurity challenges.
Protect Yourself from Cyber Threats with These Essential Tips:
Cybercriminals use various techniques to gain unauthorized access to our personal information, such as passwords, credit card details, and other sensitive data, and use it for their malicious purposes. Therefore, it's essential to stay cyber-secure and protect ourselves from cyber threats. Here are some quick tips:
Use Strong Passwords:
The first and foremost step to stay cyber-secure is to use strong passwords for all your online accounts. Strong passwords are a combination of uppercase and lowercase letters, numbers, and special characters. Also, avoid using the same password for multiple accounts. Use a password manager to generate and store complex passwords for all your online accounts.
Keep Your Software Updated:
Keeping your software updated is an essential step in staying cyber-secure. Cybercriminals often exploit vulnerabilities in outdated software to gain unauthorized access to your system. Therefore, keep your operating system, web browser, and other software up to date with the latest security patches.
Use Endpoint-Protection Software:
Antivirus software is designed to detect and remove viruses, malware, and other malicious software from your system. It's essential to install antivirus software and keep it updated to protect your system from cyber threats.
Use Two-Factor Authentication:
Two-factor authentication is an additional layer of security that requires you to provide two forms of identification before accessing your account. It can be a combination of something you know (password) and something you have (a physical token, such as a smartphone). Two-factor authentication adds an extra layer of security to your account and makes it harder for cybercriminals to gain unauthorized access to your personal information.
Be Cautious of Phishing Emails:
Phishing emails are fraudulent emails that appear to be from a legitimate source, such as a bank or a company, to trick you into providing your personal information. Be cautious of emails asking for your personal information, and always verify the source before providing any information. Do not click on links or download attachments from unknown sources.
Secure Your Wi-Fi Network:
Securing your Wi-Fi network is essential to stay cyber-secure. Change the default password of your Wi-Fi router and use strong encryption, such as WPA2, to secure your network. Also, disable the WPS feature as it can be exploited by cybercriminals to gain unauthorized access to your Wi-Fi network.
Back Up Your Data:
Backing up your data regularly is essential to protect your data from cyber threats. In case your system is compromised, you can restore your data from the backup. Use cloud-based backup services or external hard drives/devices to backup your data regularly.
Staying cyber-secure is essential in today's digital world. Cybercriminals use various techniques to gain unauthorized access to your personal information and use it for their malicious purposes. Therefore, use strong passwords, keep your software updated, use antivirus software, use two-factor authentication, be cautious of phishing emails, secure your Wi-Fi network, and back up your data regularly to stay cyber-secure. By following these best practices, you can help protect yourself from cyber threats and enjoy the benefits of digital technology without any worries.