News

This site uses cookies and similar technologies.

If you do not change browser settings, you agree to it. Learn more

I understand
You are here: Fraud and Cybercrime

Fraud and Cybercrime

Rate this item
(1 Vote)

 Fraud and Cybercrime

Article 4 – Current Cybercrimes - Ransomware

Introduction

Fortunately, for most of us that live in Western liberal democracies, the threat of being kidnapped by a gang of bandits and money being demanded for our release, is very low. This type of crime is a real threat in Mexico and other South American countries. However, Ransomware, which works on the same principal as kidnapping, only in this case it is data that is kidnapped, is a current and growing problem for SMEs, in the UK.

In simple terms malware is introduced onto a company’s network, via a rogue email that contains the code when opened, or via a bogus website link that downloads malicious code, when it is visited. The code then runs around the network, encrypting everything that it can get access to. Some of this code has been very cleverly written and if a network, servers etc. have not been configured with security in mind, it can encrypt all shared and personal folders, regardless of location. Other versions prevent access to screens, computers or servers. Recent variations of Ransomware have included the displaying of pornographic images on screens, that cannot be removed without rebuilding the infected machines.

A ransom message is then received from the criminals, asking for a sum of money to provide the decryption code, which will then allow access to the data, once more. It is possible for criminals to purchase Ransomware, for as little as $39, on the “Dark Net”. This particular version, called “Stampido”, encrypts any files that it can find and gives victims 96 hours to pay a ransom. During that 96 hours and until the ransom is paid Stampido randomly deletes a file, every 6 hours. Very clever, as you can see.

Imagine arriving at work on a Monday morning, to find that no one in the company can access any data or that all screens are displaying pornographic images. The cost to a business, depending upon its size and the sphere that it operates in, can be incalculable. It is easy to find examples of businesses that have suffered Ransomware attacks and the spread of sectors, from hairdressers, hospitals, schools, solicitors to multi national corporations, shows how widespread the problem is.

The good old BBC has numerous examples, including several in this one where in one incident a university paid $20,000 to get their data back. There is a simple video in this report which graphically explains what Ransomware is.

http://www.bbc.com/news/technology-36478650

See Page 24 of Mcafee Labs, 2016 Threats Predictions Report, to see their view on the increasing threat of Ransomware.

http://www.mcafee.com/us/resources/reports/rp-threats-predictions-2016.pdf

Incident 1

RedDrum had advised their client of the need to introduce new security measures, namely to replace all XP machines, to install a new Meraki firewall and managed switches. The client didn’t take RedDrum’s advice.

One of the staff opened a suspect email that downloaded malicious code onto the network, in the form of Ransomware. The effectiveness of the Ransomware was limited as the server had been correctly configured. It could only encrypt data that was actually owned by the member of staff responsible for downloading it. A ransom demand was received, via the Ransomware.

The demand was ignored, data was recovered from off site backups and the offending machine was rebuilt. Unsurprisingly, RedDrum were then given the go-ahead to implement the system changes, that had been previously requested. The client was extremely fortunate to escape with no data loss.

Incident 2

In this instance RedDrum were called in to look at the IT systems of a company that had suffered a Ransomware attack. Again, someone on the network had opened a malicious email that had facilitated Ransomware being loaded onto the network. Backups were in place but data was lost. The demand was not paid.

It was almost inevitable that this particular company were going to suffer from some of criminal attack. Two completed unrelated organisations were sharing the same network and server. There were no controls in place, no policies and some users were using their own laptops, with outdated operating systems on them. The server wasn’t maintained and was three service packs and multiple updates behind where it should have been. There was no firewall.

Incident 3

RedDrum were not involved in this incident but it is worth mentioning as it should convince any business that everyone is under threat of an attack. It concerns a chain of hairdressing salons, based in Scotland. The owner arrived at work, one Monday morning, to discover that their network had been infected with Ransomware and that they couldn’t access the database that contained all of their appointments.

Without access to any backups the hairdressers paid up the ransom demand, which escalated from $350 to €1,000, when he contacted the criminals. Some data was then able to be decrypted, with the key provided by the criminals, but much was still lost. In all, the episode cost the hairdressers around £20,000.

If a hairdressers are vulnerable, who are probably in the lowest risk category of businesses, then it should be clear that business that operate in a business to business market, or that trade internationally, are at extreme risk.
The BBC reported this story and it can be found at the link below. Interestingly, the article also details how a Massachusetts Police Department paid #500 (I told you that the Police were useless!) to criminals, to try and get data back from a Ransomware attack. It further details an attack on a phone.

http://www.bbc.com/news/technology-35720073

View Fraud and Cybercrime Part 1
View Fraud and Cybercrime Part 2
View Fraud and Cybercrime Part 3
View Fraud and Cybercrime Part 5

Fraud and Cybercrime - 5.0 out of 5 based on 1 vote
Dragons Rugby

Dragons Rugby

Although we have no favourite clients, The Dragons are definitely a great organisation to work with. Their belief in what we do, and their…
Fraud and Cybercrime

Fraud and Cybercrime

Article 4 – Current Cybercrimes - RansomwareIntroduction Fortunately, for most of us that live in Western liberal democracies, the threat of being…
Alun Griffiths

Alun Griffiths Contractors

When we started working with Alun Griffiths, one of the largest privately owned civil engineering contractors in the country, we were keen to find…
Cardiff City Football Club

Cardiff City Football Club

Cardiff City FC is perhaps one of RedDrum’s most well known clients. Certainly, Cardiff City FC is one of the most famous clubs in Wales, but they…
Fraud and Cybercrime

Fraud and Cybercrime

Article 5 - Manage the Threats to your Business Introduction Having worked with and advised many, many clients, across a wide range of Public and…
Gwyn George Partnership

Gwyn George Partnership

Gwyn George Partnership (GGP) are a well-known Welsh law firm who offer their services throughout Wales, across their four different locations. One…
Fraud and Cybercrime

Fraud and Cybercrime

Article 1 - Required TerminologyIntroductionAccording to Symantec, there were over 1 million web based attacks, against people, per day, in 2015.…
Ikaros Solar

WElink

Founded in 2007, the WElink Group is a specialised renewable energy company with extensive experience of solar project development and the design…
Fraud and Cybercrime

Fraud and Cybercrime

Article 3 - Current Cybercrimes - SpearPhishingIntroduction In the 1960’s criminals were much more visible. They would dress up in balaclavas, carry…
Caradog Hotel Group

Caradog Hotel Group

Another area of expertise that RedDrum IT has is creating IT business management solutions for hotel groups. Since we began working with Caradog…
Fraud and Cybercrime

Fraud and Cybercrime

Article 2 - Technical Requirements of a Computer NetworkIntroduction The problem that most businesses face is that they do not have access to…