Ransomware is malicious computer code that encrypts the content of attacked computers. It is created and inoculated by cyber criminals in order to obtain a ransom. Generally this is paid in cryptocurrencies which makes it more difficult to track.
The threat of ransomware
This type of attack is being repeated so often that the FBI, (the organization in charge of combating threats within the United States) gives the same priority when combating it that it gave to terrorism after September 11, 2001.
A few days ago, cybercriminals targeted the world's largest meat processor, just weeks after the same thing happened to the operator of a pipeline that carried gasoline to parts of the East Coast. In this case, the victim had to pay around $ 4,4 million to regain control of their operations and restore service.
Christopher Wray, director of the FBI, hopes that these latest attacks will make officials and citizens aware of the seriousness of the problem.
Now that they realize that it can affect them when they buy gas at the pump or buy a hamburger, I think there will be a growing awareness of how much we are all in this fight together.
The FBI is of the opinion that there are 100 types of ransomware, each targeting between 12 and 100 targets. There is no unanimous estimate of the cost to the US economy, the most conservative estimates speak of hundreds of millions while others think of thousands.
From Russia with love
The US authorities assign responsibility for this week's attack on JBS SA, the world's largest meat sales company, to a criminal ransomware gang in Russia, and White House sources have confirmed that President Biden plans to bring up the problem during the summit with Russian President Vladimir Putin in Switzerland scheduled for the middle of this month. The executive branch does not rule out even retaliating against the Russian Federation for the attacks.
On the subject, Director Wray said:
If the Russian government wants to show that it takes this issue seriously, there is plenty of room for them to show real progress that we are not seeing right now.
Ransomware and Linux
Contrary to popular belief, Linux-based computers are not immune to ransomware. According to what reported Kasperly security company:
We recently discovered a new file encryption Trojan built as an ELF executable and intended to encrypt data on machines controlled by Linux-based operating systems.
After initial analysis, we noticed similarities in the Trojan's code, the text of the ransom notes, and the general approach to extortion, suggesting that we had, in fact, found a Linux build of the previously known RansomEXX family of ransomware. . This malware is known to attack large organizations and was most active earlier this year.
RansomEXX is a very specific Trojan. Each malware sample contains a hardcoded name of the victim organization. In addition, both the extension of the encrypted file and the email address to contact the extortionists use the name of the victim.
Several companies have fallen victim to this malware in recent months, including the Texas Department of Transportation (TxDOT) and Konica Minolta.
Another known case was that of Lilu, a ransomware that, if it gets root access, modifies the files and blocks them by changing their extension to .lilocked. Although it does not modify system files, it does block others at the user level, preventing, for example, access to web pages.
I do not know to what extent the governments of Ibero-America are aware of this danger. In my country there have been some cases, including the main Internet operator and some public bodies. The Internet operator thing was because someone opened a file on the work computer that he did not have to open.
My partner Isaac compiled some security measures that we can adopt to reduce the risk of being victims of this type of attack.