Criminal hackers demanding ransom from a leading Indian financial company once more highlighted vulnerability of an Internet-dependent economy against cybercriminals – and insufficient law-enforcement infrastructure and seriousness to tackle them.
Cyble Inc, based in Alpharetta, Georgia, said criminal hackers used Cl0p ransomware to breach the Indiabulls company’s security systems.
Ransomware denies access to a computer system or data until a ransom is paid.
Ransomware spreads through phishing (fraudulent) e-mails and browsing infected websites. It has become the world’s fastest-growing, most serious cybercrime. Google reports that phishing attacks have increased by 350% during the pandemic.
Ransomware “is a brutally simple idea, executed with increasing sophistication by criminal groups,” said technology journal ZDNet. “Their brilliant twist was to realize they don’t have to steal that data to make money: they just have to make it impossible for us to access it again – by encrypting it – unless we pay up.”
US-based Cybercrime Magazine estimates computer criminals causing a stunning US$6 trillion in damages by 2021. That is double the $3 trillion foreseen in 2015 – and that prediction was made four years ago.
The founder of Cybersecurity Ventures, Steve Morgan, called cybercrime “one of the biggest problems that humanity will face in the next two decades.”
Not just companies but individual Internet users face an increasing threat. Cybercriminals target mobile phones more than personal computers.
Morgan termed the trillions of dollars lost through computer crime “as representing the greatest transfer of economic wealth in history … more profitable than the global trade of all major illegal drugs combined.”
But fighting computer crime still gets little attention from governments, corporates, media and individuals like you and me.
No more kid gloves
Computer criminals and their online heists have long gone under the serious crime-fighting radar.
From infant Internet days, movies like Wargames (1983) romanticized hackers as clever teenage pranksters or anti-establishment heroes.
With humanity increasingly dependent on online life, computer criminals need to be seen as what they are: dangerous criminals who could empty your bank account and life savings.
Computer criminals need to be dealt with the same way as cowardly blackmailers, bank robbers and terrorists threatening to blow up economic systems.
Six billion Internet users will be online by 2022, 75% of the projected 8 billion world population – and by 2030, 90% of the 8.5 billion global population will have Internet connectivity.
The kid gloves need to come off in how governments, international organizations, crime fighters and judicial systems deal with cybercriminals.
In offline life, anyone threatening national security, breaking into homes, bank vaults, robbing folks and committing fraud will be staring at a judge mulling over charges of terrorism and serious crime – and facing decades in prison.
But in online life, computerized heists, fraud, and blackmail et al invariably conjure up mere thoughts of stronger anti-virus and malware protection.
Not any more. The fight against computer criminals – including psychotic virus creators – must be as serious as it is against terrorist organizations, drug cartels and mafia crime syndicates.
Bring computer criminals down with stronger laws, special courts, and similar law-enforcement power as used against crime syndicates and terrorists.
The Budapest Convention (2001), touted as the world’s most inclusive agreement dedicated to fighting cybercrime, has only 55 signatory countries.
Ignored or flying under the radar for long, computer criminals have become the most serious threat to a deepening Internet-dependent global economy.
Governments worldwide need to wake up and proactively target computer criminals, including crooks e-mailing announcements that we have won prizes and inheritances.
The threat becomes worse with some nation-states becoming computer criminals, as Asia Times has reported.
Internet blackmailers
In late June, criminals using Maze ransomware said they had breached the Xerox company’s systems and threatened to leak sensitive data unless they were paid a ransom.
The University of California at San Francisco (UCSF) succumbed to the blackmail and paid $1.14 million to regain access to its files after a ransomware attack.
More victims fell. Cyble Inc reported Maze ransomware breaching South Korean multinational giant LG Electronics. Online security groups call Maze “a particularly notorious and well-organized cybercriminal group.”
If the victim fails to pay, criminals leak/publish their data on their sites usually hosted in the Dark Web – a hidden part of the Internet many times as large as the World Wide Web we access through normal browsers.
Ransomware groups such as Cl0p, Maze and Revil infiltrate through security vulnerabilities, including getting information from other cybercriminal groups.
Criminals blackmail individuals too, threatening to expose embarrassing interactions such as in pornographic websites.
Protect yourself from cybercriminals
Cyble Inc recommends individual protection against cybercriminals:
- Never share personal information, particularly financial information over the phone, e-mail or mobile-phone text messages.
- Use strong passwords and multi-factor authentication.
- Regularly monitor your financial transactions. Contact your bank the instant you notice a suspicious transaction.
- Turn on the automatic software update feature on your computer, mobile and other connected devices such as webcams, as much as possible.
- Use a reputed anti-virus and Internet security software package on your connected devices including personal computers, laptops, and mobile phones.
More than vulnerable computer systems, cybercriminals exploit an individual human weakness: greed. An e-mail offer sounding too good to be true may not be true. Greed remains a lethal inner enemy and the cyber crook’s favorite weapon.
Raja Murthy has been a Mumbai-based contributor to Asia Times since 2003, The Statesman since 1990, and earlier for the Times of India, Economic Times, Elle, Wisden.com, The Hindu and others.