Are Targeted Million Dollar Attacks the Future of Ransomware?

 

In a week that saw WannaCry rear its ugly head again, causing Honda to shut down production at a major plant near Tokyo and hacking group “CyberTeam” claim responsibility for what looked to be a DDoS attack on Skype, one story demanded our attention more than any other.

South Korean web hosting company, Nayana was hit by ransomware on June 10th. Over the next two weeks, it emerged that 153 of the Linux servers hosted by Nayana were affected, locking up almost 3,500 client websites. Ouch!

Nayana ransomware

The hackers demanded a king’s ransom of 550 bitcoins ($1.62 million) but Nayana CEO Hwang Chil-hong later “negotiated” that figure down to a Prince’s ransom of around 400 BTC (one million dollars.)

At the time of writing, Chil-hong has paid up two thirds of a million dollars, much of it from his own personal funds, stating ““If this negotiation is signed, I think the probability of recovering the data will be higher.”

Higher probability, maybe – but for a million bucks, I’d want total certainty.

HOW DID THE HACKERS EXPLOIT NAYANA?

Named after the Greek Goddess of Darkness, Erebus can target up to 433 file types and seems likely to be a variant of earlier Windows ransomware.

Dutch cybersecurity firm Trend Micro detected the ransomware as RANSOM_ELFEREBUS.A and their open source analysis shows Nayana’s website ran on a Linux kernel from 2008 which used versions of Apache and PHP released in 2006. Needless to say, a plethora of exploits are known for these outdated systems.

So, again… how did hackers exploit Nayana? Three words: Pretty damned easily.

It is, to date, the largest payout for a single ransomware attack and this has alarming ramifications for the future of the world.

THE SHAPE OF THINGS TO COME

As well as sounding like it is straight out of a Neal Stephenson cyberpunk novel or The Matrix, what makes this story so terrifying is that, like all the best science fiction, it is a warning of what’s right around the corner. A digital harbinger of doom.

As we’re all too familiar, WannaCry malware recently affected hundreds of thousands of systems in 150 countries yet typically only demanded $300 to un-encrypt files. Since its inception WannaCry has only earned hackers worldwide  $127,142 in bitcoins since it surfaced.

Like the opposite of Republican tax reforms, it seems hackers no longer want to micro-manage the collection of many small dollar sums from the little guy but have instead realized that targeted, million dollar attacks on large corporations might be the way forward.

HEROES OR VILLAINS?

Of course, they’re villains. These cybercriminals are running a Mafia-style protection racket, exploiting our back doors and using our LANs like the streets and alleyways of New York and Sicily. Yet unlike the real Mafia, you can’t stand up to these bullies because they’re invisible, untraceable and most likely on the other side of the planet.

But imagine what these hackers could achieve if they grew a moral backbone… in the future, these same hackers could be seen as heroes; meting out social justice, redistributing wealth, robbing the rich and giving to the poor like modern-day, Linux-based Robin Hoods.

Or more likely Robin Hoodies.

WHERE DOES IT END?

Last year, hackers held a Californian hospital to ransom, demanding $3.6 million to reclaim control of its patients’ medical files. Earlier this year, reports stated an Austrian hotel paid $1,600 to hackers who remotely tampered with the door locks to hold guests hostage inside their rooms. It turned out to be a media exaggeration, but it’s not so many years away…

The pages of science fiction books and movies are coming to life before our very eyes. And being at the forefront of cybersecurity, we need to ask difficult questions…

What happens in five years when a vulnerable, British National Health Service is exploited again and people die in the middle of heart by-passes? Or when digitally untraceable hackers on the other side of the world threaten to drop elevators full of people forty floors?

What happens in ten years when the controls of your self-driving Google Bus mean it can’t slow below 55 miles per hour? Or your retirement cruise ship sets course for a Caribbean island town?

What happens tomorrow when Amazon’s book delivering drones are hijacked by a Bond villain from a volcano hideout? Because Keanu Reeves won’t always be around to save us.

Joking aside, we need to answer these cyber security questions before these hypothetical scenarios start becoming news headlines.

Leave a Reply

Your email address will not be published.