Internet ransom a booming business for hackers
By
Shawn Logan, Postmedia
First posted: Wednesday, June 08, 2016 06:33 PM EDT | Updated: Wednesday, June 08, 2016 08:33 PM EDT
The hack attack that scored a $20,000 ransom from the University of Calgary won’t be the last salvo in the growing information war, says an Internet security expert.
And the reason behind the rise of the insidious scam is simple, said Mark Nunnikhoven, vice-president of cloud research at global security firm Trend Micro: low risk and high profits have hackers bombarding the web in hopes of scoring lucrative payday.
“They’ve found this untapped market of selling people their own data back to them,” said Nunnikhoven, a day after the U of C announced it had paid a ransom demanded by hackers that had devastated its systems for over a week.
“The economics of the attack are so stacked in the favour of the bad guys it’s an easy choice.”
While it’s not known exactly what virus impacted the university’s systems (hackers are constantly creating new programs in hopes of foiling antivirus software), it managed to impact email, Skype, wireless networks and other services campus-wide.
School officials Tuesday acknowledged they paid the ransom in Bitcoins to receive decryption keys that would purportedly unlock the frozen data and systems.
While it’s impossible to know how much illicit money has been scammed worldwide, by watching the flow of Bitcoins — while anonymous and untraceable, all transactions are registered — it’s possible to pin down an estimate of the staggering toll.
“Looking at the flow of Bitcoins over the last two years, we believe $300 million Canadian has changed hands (globally) associated with ransomware,” Nunnikhoven said.
According the Federal Bureau of Investigation’s 2015 Internet Crime Complaint Centre report, there were 2,453 complaints of ransomware lodged with the agency with a total loss of $1.6 million. In 2014, the RCMP estimated one of the most widespread ransomware viruses, Cryptolocker, bilked some 5,000 victims out of an estimated $1.5 million.
That the reported numbers of ransomware crimes don’t align with the impact suggested by security experts is not surprising to Insp. Ryan Jepson, who heads the Calgary police Technical Operations Section.
The majority of those targeted never report the crime, whether they pay the ransom or not, leaving investigators at a distinct disadvantage.
“One of the main problems we have with cyber crime specifically is victim reporting — in many of these cases they don’t contact us,” Jepson said.
“Right now we’re looking at way to make it easier for businesses and individuals to report incidents to us.”
RCMP tips on how to prevent ransomware attacks
• Never click on a pop-up that claims your computer has a virus
• Update your anti-virus software often and scan your computer for viruses regularly
• Don’t click on links or attachments in e-mails sent to you by someone you don’t know
• Turn on your browser’s pop-up blocking feature
• Never download anti-virus software from a pop-up or link sent to you in an e-mail
• Backup data regularly and secure your backups
• Businesses should make sure to have a strong security package which encompasses the totality of their operations
• If you’ve received a ransomware / scareware message, please contact the Canadian Anti-Fraud Centre (1-888-495-8501) to report it. If you have been a victim of a fraud, please contact your local RCMP Detachment or police force of jurisdiction.
slogan@postmedia.com
On Twitter: @ShawnLogan403
Internet ransom a booming business for hackers | Canada | News | Toronto Sun
