Discussing the Ransomware FUD Wars - An Analysis

It's becoming increasingly evident that we live in a utopian world where rock starts from the industry are asked to or try to participate in emerging task forces like for instance the infamous Ransomware Task Force which has a already produced zero results in terms of tackling the so called ransomware epidemic which believe it or not is plain simple cryptoviral extortion which I originally elaborated on back in 2006 when I originally published my "Malware - Future Trends" white paper which got Slashdotted where the concept has been around far before me doing research or even bothering to discuss the topic.

In its current state the so called ransomware epidemic has to do with surreal concepts that basically confuse or wrongly position the actual threat from the perspective of motivating the bad guys in the wrong direction taking into consideration the big picture such as for instance the term "initial access" compromise which has to do with the bad guys attempting to acquire access to legitimate company's networks for the purpose of monetizing the access this time big time at least according to mainstream news articles where basically everyone appears to be paying and falling victim into the mainstream news media utopia regarding the threat where the big news appears to be not how to tackle to problem once and for all but who bothered to pay for not having their client and customer information leaked in the public domain instead of tracking down who are the guys behind these campaigns how come that we're currently witnessing an epidemic of ransomware infections and payments and what would be the most appropriate way to send a message back to the bad guys in the context of undermining their malicious activities in terms of earning millions of dollars on their way to extort amounts from legitimate companies.

Case in point is a recent interview which I watched where Rob Joyce, the NSA's director of cybersecurity, speaking at the CyberUK security event basically said the following:

"Sanctions related to Russia and their Ukraine problem have impacted the ransomware actors," Joyce said during a session titled "State of the Hacks: NSA's Perspective." "They are finding it difficult to extract funds out of the ecosystem, get them converted as well as use payments that are accepted to buy the infrastructure they need to operate."

Let's start from the basics. What ecosystem? In the context of monitoring and tracking down bad guys for over a decade I find it hard to believe that we're still using the term ecosystem which I originally attempted to coin in most of my research articles for the purpose of emphasizing on the fact on the existence of a currently active vibrant ecosystem of bad guys with some extremely sophisticated attack techniques and actual traffic acquisition tactics that are truly capable of making the news in terms of compromising yet another high-profile and prolific Web site including that of international embassy Web sites where the primary purpose would be to attempt to infect their visitors on their way to drop malicious software and client-side exploits on their hosts. Remember that in 2020 you don't need any sort of investment to join the cybercrime ecosystem. The only thing you would need is to buy a modest access to a small botnet and begin data mining for high-profile users and actually attempt to go through their accounting data in an automated way for the purpose of attempting to compromise as many legitimate Web properties as possible.

My initial response to the ongoing ransomware problem was a series of blog posts where the ultimate goal was to actually send a message back to the majority of ransomware-as-a-service affiliate-network based users where I did my best to come up with thousands of rogue and known to have been involved in ransomware campaigns personal email address accounts where Protonmail and Tutanota proliferated the actual statistics in the terms of having the highest percentage of usage among ransomware affiliate-network based users where I actually notified both Protonmail and Tutanota which took immediate action and blocked access to thousands of ransomware themed email address accounts potentially undermining the credibility of their users who would be left in a situation where they wouldn't be able to get hold of their personal messages which means that they wouldn't be able to continue extorting money from gullible and social engineering unware end users globally.

Consider going through my related ransomware research in case you want to find out the actual technical details behind some of today's modern and sophisticated ransomware attack campaigns.

Stay tuned!
  • Discussing the Ransomware FUD Wars - An Analysis
  • Dancho Danchev
  • No comments:
 

0 Comments:

Post a Comment