Ransomware: The Dark Digital Extortion

Prosecution: 

 

Ransomware is a growing concern for businesses and organizations around the world, especially as ransomware attackers become more inventive with their methods of infiltrating systems. In fact, ransomware attackers like to exploit businesses and organizations that use managed service providers (MSPs). MSPs are companies that deliver services, such as security, applications, network, and more, on either their own data hosting center or a third-party data center. This is because nearly all businesses and organizations use MSPs, and since they are generally poorly secured, it makes it easy to attack many servers at one time. Let's look at a case where ransomware was deployed on an IT company that provides MSPs. 

It was a holiday weekend when the IT company got a notification of a breach. They subsequently contacted their customers to inform them of the breach and how the company was handling it. A few days later, they contacted their customers again and notified them that the breach was worse than anticipated and that they were the victim of a large cyberattack. Their customers received a message from the ransomware attack, directing them to a webpage that, if they paid the disclosed amount, they could get their data back. If they did not, the attackers threatened to post the stolen information or sell it to a third party. 

Once the IT company realized the severity of the situation, they contacted the FBI to launch a digital forensic investigation. During the investigation, it was found that the attack was initiated by an authentication vulnerability in their system. Once the cybercriminal identified that vulnerability, they were able to access the system that had a high level of trust with customers' devices, allowing the attack to deploy changes without question from the system. This attack affected nearly 1,500 businesses and organizations that use the company’s software program. 

With a little more digging and tracing, investigators were able to identify the attacker as a foreign national. Once the foreign national was identified, a warrant was put out and he was subsequently arrested for his crimes that were tied to a foreign ransomware gang. Afterward, the IT company was able to restore services to their customers. Thanks to digital forensics, the IT company and its clients can continue operations and another criminal was brought to justice. 

 

 

Defense: 

 

Ransomware, like many other cybercrimes, is growing substantially alongside technology, making it harder for people to stay vigilant and easier for criminals to commit their crimes. In fact, one of the reasons that ransomware has grown is the production and sale of ransomware kits. Ransomware kits are kits that people can purchase off the dark web and requires little to no knowledge or experience to deploy. Let’s look at a ransomware case that involves a crumbling marriage. 

John Doe and Jane Doe have been married for about 15 years, but the last few years have been difficult and so they decided that a separation was needed. Their jobs allowed them to work from home often, but Jane Doe went into her workplace more frequently than he did.  He worked in a financial firm, and she worked as a marketing manager of a local theme park.  

A few weeks after they decided to separate, John Doe got a notification from his company that they had been the victim of a ransomware attack. An investigation launched by the company traced the ransomware attack back to an email that was sent from his wife’s email address. Not recalling sending an email to her husband’s company, she hired a digital forensic company to do a thorough investigation into how this could have happened.  

After the company completed its investigation, the evidence found was given to Jane Doe and her attorney. The investigation concluded that the person who deployed the ransomware was her husband, John Doe, and confirmed through cryptocurrency tracing. John Doe was angry about the separation and divorce and wanted to get back at his wife using a ransomware kit that he found on the dark web. Thanks to digital forensics, Jane Doe’s charges were dismissed, and charges were brought upon her now, ex-husband.