Jonni Bidwell wants to turn the tide on ransomware in 2022. It appears he has his work cut out for him…

T hese days we’re never far from cybercrime-themed headlines. What was very much in the realms of sci-fi a couple of decades ago has become almost commonplace today.

In the past few years we’ve seen largescale attacks against Ukraine’s power grid, Sony Pictures, the Colonial Oil Pipeline, JBL-SA( the world’s largest meat supplier) and South African shipping firm Transnet. Such attacks often aim to cause damage and disruption (the power grid attack left hundreds of thousands without power for hours). And sometimes the aim is political. For example, the Sony Pictures hack is widely believed to have originated from North Korea, with hackers demanding The Interview (a Kim Jong Un-themed comedy) be withdrawn.

Which it was, although not before gigabytes of embarrassing emails and personal information on Sony Pictures staff was shared.

Latterly though, hackers are financially motivated. They want their targets to pay (usually in cryptocurrency), either to restore access to their systems, or to avoid sensitive information being publicised. The last three attacks mentioned above all occurred in 2021, and are examples of such ransomware attacks. Ransom demands can be high too: the Colonial Pipeline hackers received $10 million (most of which was recovered), and prolific (but now defunct) ransomware outfit REvil requested $70 million following a supply chain attack on managed software company Kaseya.

Thanks to the ease with which fiat currency could be exchanged for Bitcoin, ransomware attacks launched against home users have proven profitable, too.

The tired old line “Linux doesn’t get viruses” (or ransomware, or whatever other kind of badware you might care to name) was never really true. Internetfacing Linux servers have long been a target for all kinds of mischief, and with so many Linux-powered Internet of Things devices joining the party, such intrusions are only going to increase.

Directed attacks against home users are waning, primarily because there are much more lucrative targets out there, but that’s no excuse for complacency.

We’ll show you the modern threatscape, refresh some best practices and hopefully get your 2022 off to the safest start possible. So let’s get to it!

Ransomware’s evolving

It’s bad and it’s getting worse. But running outdated versions of Windows doesn’t help anyone.

A few years back guilt-ware attacks were common. Unsuspecting users would log into their machines and be greeted with a banner stating they were under investigation for nebulous crimes. Anything from to piracy, to pornography or promulgation of terror materials. But don’t worry, says the warning – all of this will go away if you just wire some cryptocoins to this address.

The message goes on to explain how to acquire said coins, and warns that if you don’t pay, you’ll be arrested. That these kinds of attacks were ever successful (and sometimes still are) speaks volumes about people’s gullibility. It also shows some people have some quite funky ideas about how justice works. Yet we shouldn’t be so dismissive – there’s some psychology behind this.

The UK’s National Cyber Security Centre (NCSC) has some good high-level advice for home users seeking to avoid ransomware.

There’s a widely held theory that everyone has some latent guilt about something they’ve done in the past and not ‘fessed up to. And tapping into this with a scary message can make the subject feel rumbled. Detectives take advantage of this (and all kinds of other techniques) when questioning suspects.

Still, it’s the kind of message that lots of people (especially anyone used to browsing the internet without a pop-up blocker), will just close and ignore. So later evolutions of this attack would go a stage further, either locking the victim out of the machine entirely (forcing the user to choose between a complete reinstall or a quick ransom payment) or encrypting any user documents it finds. This is what ransomware typically refers to today. Thanks to networking (and a rich underground scene in the trade of network exploits) damage may quickly spread to other machines too, and before you know it a stray click on a single machine might bring about a network-wide incident.

Naturally, businesses are a much more lucrative target with (according to Coveware) the average payout in 2020 being $233,817. Attacks on home users might ask for anywhere between the equivalent of $200 to $2,000, which is why they don’t tend to grab the headlines anymore. Home users may also feel uncomfortable about reporting a ransomware attack, but they shouldn’t. Even if the authorities can’t help, reporting the incident (to the likes of CISA in the US or the NCA in the UK) will at least help them measure the scale of the threat. For businesses, the projected cost of recovery might well exceed the ransom, at which point it makes business sense to cough up. Insurers are starting to recognise this now and some (controversially) even include ransomware payments in their policies.