— Internet News

EXPLAINER: Why ransomware is so dangerous and hard to stop

Recent “ransomware” attacks on the world’s largest meat-packing company and the most extensive U.S. fuel pipeline have underscored how gang extortionist hackers can disrupt the economy and put lives and livelihoods at risk. Last year alone in the U.S., ransomware gangs hit more than 100 federal, state, and municipal agencies, upwards of 500 healthcare centers, 1,680 educational institutions, and untold thousands of businesses, according to Emsisoft. Dollar losses are in the tens of billions. Accurate numbers are elusive. Many victims shun reporting, fearing the reputational blight.

More recent known targets include a Massachusetts ferry operator, the Irish health system, and the Washington, D.C., police department. But the broadly disruptive hacks on Colonial Pipeline in the U.S. in May and Brazilian meat processor JBS SA this week have drawn close attention from the White House and other world leaders and heightened scrutiny of the foreign safe havens where cybercriminal mafias operate.



Ransomware scrambles the target organization’s data with encryption. The criminals leave instructions on infected computers for negotiating ransom payments. Once paid, they provide decryption keys for unlocking those files. Ransomware crooks have also expanded into data-theft blackmail. Before triggering encryption, they quietly copy sensitive files and threaten to post them publicly unless they get their ransom payments. That can present problems even for companies that diligently back up their networks as a hedge against ransomware since refusing to pay can incur costs far greater than the ransoms they might have negotiated.


And they tend to keep their word. They have brands to protect, after all. The business is now highly specialized. An affiliate will identify, map out and infect targets using ransomware typically “rented” from a ransomware-as-a-service provider. The provider gets a payout cut; the companion generally takes over three-quarters. Other subcontractors may also get a slice. Those include the malware’s authors used to break into victim networks and the people running so-called “bulletproof domains” behind which the ransomware gangs hide their “command-and-control” servers. Those servers manage the remote sowing of malware and data extraction before activation, a stealthy process that can take weeks.

Katie Axon

After leaving the corporate world to pursue my dreams, I started writing because it helped me organize and express myself. It also allowed me to connect with people who share my passion for art, travel, fashion, technology, health, and food. I currently write on vexsh, a site focused on sharing and discovering what it means to be a creative, passionate person living in today's digital age.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button