Present and future ransomware tactics model the past

Ransomware expert Andrew Hay, speaking at SOURCE Boston 2017, said the evolving tactics being used today have their roots in history

Ransomware expert Andrew Hay has some advice: If you want to know how to avoid it now and in the future, it helps to study the past.

In that spirit, Hay, cofounder and CTO at LEO Cyber Security, provided a detailed historical landscape of K&R (kidnap and ransom) in his talk titled “The Not-so-Probable Future of Ransomware” at SOURCE Boston 2017 on Wednesday.

While ransomware holds information rather than people hostage, Hay said the evolution of tactics in the online world, “parallel traditional extortion rackets.”

He noted that it dates at least back to biblical times – one version of it was the “kidnapping” of Hebrews to Babylon so they could be enslaved.

But, as is the case today, those who engaged in K&R balanced risk with reward. There was more risk, but much greater reward in kidnapping someone rich or famous, since their families would have plenty of money to pay ransoms.

It was done in some cases to finance wars and conquests. In others, it was done in the name of religion – if the victim converted, he or she would be set free. In others, an exchange of hostages was seen as a guarantee of treaties and agreements.

In more recent times, Hay said, it has been used by terrorists and criminal organizations to make political statements or to raise money for their causes.

And while, since the 1800s, governments have tried to discourage K&R by freezing the assets of victims and prescribing harsh punishments, including death, for those convicted of it, in many cases it had little effect.

In the 1980s there were as many as 4,000 kidnappings a year in Columbia. Hay said in 2004, Mexico was the “kidnap capital of the world – no one was immune and there was no trust in the authorities.”

In Brazil, it became popular to kidnap family members of soccer stars, since the criminals knew they had very deep pockets. “It still has one of the highest rates in the world,” he said.

And in Nigeria, Western oil executives were nicknamed “white gold,” since kidnapping them could yield such massive ransoms.

When it comes to ransomware, the tactics are similar. The cases most people hear about involve a notice on a computer that files have been encrypted and will be destroyed if a ransom is not paid within a certain time.

But there are variations that parallel those in the real world. In some cases, the criminals offer to decrypt the files if the victim assists them in infecting two other people. Or, a victim will be given some advance warning – threatened with encryption if he doesn’t pay.

“You can negotiate,” Hay said, comparing it to cutting a deal with a collection company. “If you ask, ‘What will it take to make this go away today?’ you can end up paying less.”

But, an outright refusal (which is recommended by many in law enforcement) increases the likelihood that your data won’t “survive.”

“It’s very hard to figure out decryption keys,” he said.

So, as is the case in the physical world, preparation is key.

“You need preventative tools, detection tools, restorative tools, crypto currency stockpile, a business risk assessment, cyber insurance, education and table-top exercises,” he said.

He added that he knows maintaining a supply of crypto currency is controversial, but said it is simply dealing with reality. “If you don’t have a Bitcoin supply, then you should at least know a broker,” he said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Taylor Armerding

Latest Videos

More videos

Blog Posts