The technology that is bringing us the ‘Internet of Things’ is bringing with it, those who would seek to use that technology against us and against itself… and, it stands to reason, for them.
Odds are, as you’re reading this, someone on this pale blue dot in space is getting hacked. If you’re the Pentagon, you’re deflecting upwards of 10 million hack attempts per day.
So you’re probably a little busier than most when it comes to cybersecurity.
If you’re not the Pentagon, then maybe the hack is directed at an entire computer network. Maybe it’s someone’s personal machine. Maybe it’s an entire industry or other government entity. Hopefully, it isn’t you (even though 73% of all Americans were victims of a cybercrime in 2016,) but with an estimated 30,000 plus Web Sites alone that get infected with Malware every single day, that stuff of personal, corporate, and government nightmares is certainly ‘out there’ in the wild. And those numbers are usually very low estimates because most businesses don’t like the messy work and less-than-positive attention garnered by reporting they’ve been hacked, often only doing so when Customer data has involved the breach.
With the recent advent of stolen NSA cyber-spying tools now surfacing on the Dark Web - something akin to a black market running in the underbelly of the Internet itself - the tools used to perpetuate the hacks have become much more sophisticated, and indeed, weaponized; intended to gather data, cripple systems, and undermine governments. These tools, plus those concocted ‘in-house’ by hacker groups and individuals, are taking aim at some of our most relied upon services and systems. Things like power grids, and public transit systems, are being hacked at a record pace – and the demands are nearly universally the same when one of the most popular types of hack, ‘Ransomware’, is being used–a payout to the hacker, in cryptocurrency.
Some of these threats can be stopped by properly updating security holes in software installed within these industries… Others may be stopped by more sophisticated cyber-intrusion/detection systems. But many hackers, armed with new powerful tools, make it through these barriers and land within the network of a business or industry, (commonly via a ‘Phishing’ expedition such as an email designed to look legitimate, but which starts the whole infection process once it is interacted with by an unsuspecting victim) and it’s where they begin to do their dirty work. If the hack involves Ransomware, that dirty work has an aim–lock the organization out of their key data and make them pay in Cryptocurrency.
Cryptocurrency is, much like it sounds, a currency that is handled only in the confines of the computer world. No one will ever mint a ‘Bitcoin’ as Fiat money. Nor will they conjure up or print out any ‘Ether’, the comparative newcomer in the Cryptocurrency space on the Ethereum network (Or ‘Block Chain’). But these currencies have purchasing power and are making millionaires and billionaires out of thin air with their growth. (One secret trader in the Ethereum cryptocurrency ‘Ether’, recently turned 55 million in paper wealth into over 285 million, in under 30 days.)
Cryptocurrency has tremendous power to process financial transactions using the currencies ‘Block Chain’ structure. So much so, that its basic backbone is being investigated for more mainstream use by many worldwide financial institutions. It is virtually bug proof, and hack proof, which, combined with its speed, represents a new way forward in financial processing. And while we know the old adage that the ones with the money make the rules, those who control the actual currency make the rules valid, so there is a huge desire to create a currency that becomes a global standard. However, there is one more huge win for the bitcoins and ethers of the world: one of Cryptocurrencies biggest attractions for hackers is that it is totally, completely, anonymous.
This means that not only did you just get hacked, and get your data encrypted by hackers, but the ransom they are asking for (in cryptocurrency) cannot be traced back to them once they receive it (If they receive it. There are many victims who do not negotiate with hackers and recover their businesses on their own.)
That ‘Secret Trader’ mentioned above is unknown to all, even though the ‘Virtual Wallets’ of all Ethereum traders are technically ‘open’ for all on the Block Chain to see—No one knows who it is that made all that cash, that fast. (There is only an identification code tied to the Virtual Wallet with no direct way of knowing who owns the code).
This makes for a perfect storm in the cyber world–Tools designed to penetrate even the best-guarded network systems, combined with a ransom mechanism that provides an untraceable means to obtain the payout for the release of the data held encrypted by the Ransomware.
If there is any good news on this front, it is that cryptocurrency has a very volatile pricing structure–rags to riches to rags story that plays out over hours or days. (Within the past 2 days of this writing, Bitcoin has just lost 15% of its value, for example). So playing with that fire can definitely cause burns. But that surely stops no one from hoping to land in the rags to riches cycle (as a trader), or for whom any ransom paid is a win, giving the hacker monies they did not have before, at your expense.
There is nothing inherently bad about cryptocurrency itself; as mentioned earlier, numerous financial institutions are exploring ways to ‘mainstream’ the currency. Most of these involve removing the shroud of anonymity that the concept of cryptocurrency was founded on, or involve altering the Block Chain to permit even more data traffic within the currency’s network. (something that is purposefully limited to ensure proper controls). These varied approaches are causing a ‘civil war’ within the Bitcoin world as some want to lean into a more mainstream approach, while others still see the cryptocurrency as an anonymous beacon of liberty. These two forces are beginning to split Bitcoin in two, leaving its future as a mainstream standard at loggerheads. But in the meantime, hackers gonna hack.
If you’re caught up in a Ransomware hack with your data encrypted, it’s important to note that the hackers rarely, if ever, decrypt the data even after being paid the ransom in bitcoin or ether, so your best defense is a good defense and an ability to restore/continue your business VS trying to negotiate the payout terms:
Stay on top of patching security holes–these are often exploited mechanisms for the eventual takeover of your systems, and encryption of your data.
Weigh the value of the data to your business, against the costs of cybersecurity tools—depending upon your business/industry/personal data’s value and import, ensure the front door isn’t left wide open, or do what many homeowners do when their houses contain oodles of valuables—install a security system to match.
Ensure your Disaster Recovery plans are well oiled and work to restore the key services your business relies on—The simple rule here is to ‘follow the money’ and ensure systems that keep you in business or that provide key services that keep others alive, etc… are part of your Disaster Recovery/Business Continuance plan. And don’t stage a “special day” or week for ‘DR Testing’ – because that only shows you’re able to recover if the disaster is planned (They’re not). Call a Disaster Recovery drill after any ordinary Fire Drill and don’t let anyone back in that (burning) building to get keys/purses/instructions/data/etc… That’s the true test of a working DR plan. If it fails there, it’ll fail for real, too…
Remember: You’ll likely need to evoke that plan if your data is held for ransom because even if you pay out the demanded cryptocurrency to the hackers, they’re just going to leave your data encrypted anyway and you’ll still need to recover it to restore your business.
About The Author
Gregory A Gielda is a Sales Engineer for Flycast Partners. Greg has many years of ITIL training and implementation under his belt, and is both ITIL V2 Manager/Practitioner Certified, as well as ITIL V3 Certified. Greg lives on a hobby farm in Wisconsin, and in addition to talking about tools and processes, provides Flycast Partners with a series of Webinars on tool agnostic Process (Our ‘Fool Series’) as well as on various ITIL topics.