Behind a ransomware attack there is a black business, where cybercriminals are the first actors, but not the only ones.
"...If the donation is not made, the leak will include data from other parts of the company and a detailed description of how easy it was for us to break into your network and possibly even carry out a supply chain attack on this little project you are implementing for NATO and EU-LISA..."
The FBI has placed the #ransomware on a par with the international terrorism responsible for the 9/11 attacks on the Twin Towers, given its severity.
The #ransomware has evolved so fast in recent years and has become so sophisticated that it has created a sub-economy of its own in which different groups of cybercriminals buy, sell and cooperate with each other. Who is involved and from where? What motivates them and how do they work?
In the last two weeks, the victims of cybercriminals have included public bodies such as the Ministry of Labourmajor companies such as Fujifilm, Mapfre, University of Bosque and even large infrastructures such as Colonial Pipelinethe largest oil pipeline in the United States, and the NATOThe attack on Everis in May of this year was the result of an attack by Everis.
Instead of being close to a solution, it seems to be a growing problem., given that we are not only dealing with specific groups of cybercriminals, but with a whole parallel economy, a real "labour market" in which different actors are involved.RO3] [M4]
To each his own
The cybercriminals are the first actors in this chain and then there is this whole criminal organisation behind it: people who are in the business of getting card data and selling that information, people who are in the business of making certain toolkits and selling them for others to do attacks. People who buy data, others who look for it and sell it.
A whole sub-economy that makes it viable, in this black market, to find what is necessary to carry out an attack and/or to make one's own profit and that, in this individual search, everything is available and organised so that, at the moment of perpetuating a massive or fortuitous attack, no one is safe.
Cyber criminals, cyber criminals, lawyers, insurers, money launderers, are all part of this business, and whether or not you pay a ransom or whether or not the key works, getting back up and running can be complicated. Many files may have been moved or applications may not work as they should, which has led to the emergence of companies that are precisely in charge of putting things in order to return to "normal" after an attack.
Connect