The big story making news over the last week has to be the colossal ransomware attacks that have affected hundreds of U.S. companies. In a blog post, the Russian-based REvil cybercrime gang all but admitted responsibility—and did so with impunity. This has to be a huge embarrassment for the U.S., coming just weeks after Joe Biden boasted about taking Vladimir Putin to task for failing to crack down on cybergangs known to be operating in his country.
Rather than attempting to cover this fast-breaking story, perhaps it will be more useful to explain some of the facts that are the most important to understand about ransomware. The first, of course, is “What is ransomware?” It is malicious software that infects computer systems, then encrypts the files so they cannot be used. The ransomware gang then demands payment to decrypt the files, making them readable again. Ransomware is the melding of two mature technologies: encryption that simply cannot be decrypted without the key, and cryptocurrency that makes it easy to transfer funds internationally.
Any files that are “protected” by 256-bit AES encryption are impossible to decrypt without the key. While “impossible” is a strong word, it is absolutely applicable to current forms of encryption. Unless the cybercrooks make some mistake in implementing the encryption they use, it simply cannot be broken.
Some people are saying that cryptocurrency, specifically Bitcoin, is in part responsible for the epidemic of ransomware, and that is absolutely a red herring. Bitcoin’s public blockchain makes it easy to track exactly where every ransom payment goes, and that is how the authorities know a lot of ransom payments are going to former Soviet-bloc countries where local law enforcement officials turn a blind eye to this criminal activity.
There is evidence that the ransomware crooks have taken steps to avoid causing any trouble at home that might prompt local authorities to respond. Witness that many malware infections are programmed not to execute on any infected computer having a Russian keyboard. This is likewise the case if an infected computer uses a keyboard that is Belarusian, Romanian, Armenian, Azerbaijani, Georgian, or Kazakh—all jurisdictions where one would never want to end up in jail.
The best defense against ransomware is to have good backups of your data. Business and industry obviously need to take more precautions, but individuals can simply make sure they have the ability to restore their data from backups and avoid paying the ransom.
Because more ransomware victims now have better backups, the crooks sometimes exfiltrate data seeking to discover confidential information they can threaten to reveal if a ransom is not paid. To end on a somewhat lighter note, not all victims are vulnerable to this. One company that was a victim of ransomware refused to pay the ransom and famously taunted the crooks by asking “please leak our data in full because we are having trouble restoring some files from our backups.”
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981, and now practically a full-time resident. He may be contacted at 415 101 8528 or email FAQ8@SMAguru.com.