by Rachel Monroe published in The New Yorker
Read original on The New Yorker's website
Monroe looks at the rise of ransomware cyber attac...Show description
Posted 1263 days ago
This seems to be the current trend in the New Yorker's reporting: focus on a single individual, write a mild biography, but look at a social problem more broadly. I'm not complaining about this style, I enjoy it, I am just noticing it more and more in the most recent issues.
Monroe's writing is intriguing here, and I really appreciated the history of cyberattacks and how ransomware came to become a major force in the "industry." She writes that before Bitcoin was released in 2009, hackers largely used "scareware, in which they infected a computer with a virus that manifested as multiplying pop-ups with ominous messages: "SECURITY WARNING!" I was curious why these were such a thing of the past: she writes that "Hackers posing as software companies could then receive credit-card payments, which were unavailable to those deploying ransomware" because they would have been traceable.
The "scareware" was just used as a way for seemingly legitimate companies to "protect" the infected user's computer, without them really knowing that it was that company, or related people, who infected the computer in the first place. Ransomware is very different; the hackers lock data behind encryption and demand money in exchange for the decryption keys.
Curiously, Monroe has found that these new ransom-focused hackers act in bizarrely professional ways. They might even "promise discounts to those who pay up in a timely fashion." And sometimes there control of systems is frightening. Monroe writes that "Last year, printers at a South American home-goods chain began spitting out ransom notes instead of receipts." If that's not terrifying, I'm not sure what is.
Targeting low-tech sectors, where investment in technology and updates of outdated and vunerable systems is infrequent to nil, means that they have a better chance in collecting payments. These sectors don't really know how to securely store their data, or what to do in case of a breach. They often then, look towards consultands like Minder, the main person that Monroe profiles in this article.
Although Minder helps out considerably, there are companies and consultants that clearly profit from the hackers themselves. Monroe writes:
Minder soon learned that, shortly after the REvil hacker demanded sixty-five thousand dollars, a MonsterCloud representative told the engineering firm that it could recover the files for a hundred and forty-five thousand dollars. (MonsterCloud declined to comment.)
That is pretty insane, but kind of makes sense when you think of public companies who believe that "ransomeware can be addressed without sending funds to criminal syndicates" and instead to companies saying that they can handle it on their own (whether or not that is even true, however).