Call: 806-350-8324

Inside A Russian Ransomware Hacking Ring

Tue, 06/07/2016 - 11:04 -- Kayla Smith

Hackers have been able to make nearly six-figure salaries by encrypting the data of individuals and businesses and keeping it until a sum of money is paid by the victim, a process known as ransomware. According to a new report by internet security firm Flashpoint, hackers can make up to $7,500 per month and $90,000 per year through ransomware.

The report studied a set of Russian hackers since December 2015. By monitoring the group, they were able to gain significant insight into the group’s hacking techniques. Within the group, one “boss” will, on average, receive about 30 payments of $300. Out of that, he would pay his crew a percentage and then take home $7500 himself. According to Tech Insider, the average monthly salary of Russia is about $500 so it’s easy to see why ransomware is so tempting to Russians.

Flashpoint was able to determine the inner workings of this ransomware hacking ring. The scam works when a boss recruits people (no hacking skills required). He will then distribute the ransomware to his crew and they will work to infect computers through spam and phishing, through dating, torrent, and other file-sharing sites, and through brute force attacks on servers.

In his hiring advertisement the boss said, “This offer is for those who want to earn a lot of money via, shall we say, not a very righteous path. No fees or advance payments from you are required, only a large and pure desire to make money in your free time. I propose mutually beneficial cooperation in the sphere of distribution of my software.”

He added, “you will receive detailed instructions on how and what to do - even a schoolboy could do it; you need only time and desire. The scheme is simple, and tested and working 100%, revenue yields are decent.”

Once infected, a text file will arise on the victim’s computer instructing them to contact the boss and purchase the decryption key with Bitcoin. Because most people don’t backup their files, they have no choice but to pay the ransom, creating a constant flow of cash for the boss and his crew.

For the boss, there is very little risk and a whole lot of reward. By having victims pay with Bitcoin, he is virtually untraceable. There is also little overhead cost.

The worst part about ransomware is that hackers have no obligation to actually give victims the decryption key after they have paid. Some do, but some don’t. They are criminals after all. In the case of the example group that Flashpoint monitored, they very rarely follow through with their promise to give back a victim’s files.

Most cybersecurity professionals recommend not paying the ransom because it allows hackers to keep doing their bad deeds. Instead, you should take a proactive approach to security by having a redundant backup system in place. All individuals and businesses should back files up to an on-site external backup and a cloud backup such as Carbonite.

One of the prime targets of ransomware is the healthcare industry. The report said that efforts are “specifically aimed at the healthcare industry. Cybercriminals consider this industry in
particular to be a valuable target due to the treasure trove of personally identifiable information their systems house.”

Flashpoint’s report ended, “As these campaigns become more wide-spread and accessible to low level Russian cybercriminals, such attacks may result in dire consequences for individuals and corporations not ready to deal with new waves of ransomware attacks.”

Call Today: