Don’t pay your ransom via SMS
Dancho Danchev is one of my favorite cybersecurity bloggers. I am particularly impressed by his uncanny ability to dig up and thoroughly report on so many emerging cyber-threats; his is definitely one of the blogs I follow religiously. Danchev’s latest find is an easily accessible retail version of “ransomware” – a particular type of malware ...
Dancho Danchev is one of my favorite cybersecurity bloggers. I am particularly impressed by his uncanny ability to dig up and thoroughly report on so many emerging cyber-threats; his is definitely one of the blogs I follow religiously.
Danchev’s latest find is an easily accessible retail version of “ransomware” – a particular type of malware that holds an infected computer hostage until a ransom is paid – that demands its victims to send an SMS to a premium number and obtain a code to unlock their computer. What’s most disturbing is that anyone could buy a do-it-yourself version of this randsomware for the mere $15 and then use it in any manner they’d like.
In this particular case it may be relatively easy to track the attackers as they have to rely on a mobile operator to receive the text messages; however, there slowly appear more sophisticated approaches that bypass the mobile operators and rely on virtual money instead, which makes it almost impossible to trace the criminals. As this and many other examples reveal ,the market in cyberextortion is getting more liquid by the day; the real question is whether anyone would be smart enough to package the idle capacity created by this liquidity and sell it openly to anyone with a grudge and a credit card to pay for the service.
Curiously, the plurality of innovative ransomware campaigns seem to target exlusively Russian-speaking Internet users. While most documented attempts to use ransomware appear driven by purely commercial interests, I can easily see how they could be used for political purposes, especially in war time- not necessarily to demand money, but simply to exert pressure through psychological operations.
The question that lingers on the minds of many cybersecurity analysts is whether Russian cybergangs be eager to export these tricks abroad, once they have honed them on their own citizens. I guess we’ll know the answer when Russia gets into yet another squabble with its smaller neighbors.
photo by gcbb/flickr
More from Foreign Policy
No, the World Is Not Multipolar
The idea of emerging power centers is popular but wrong—and could lead to serious policy mistakes.
America Prepares for a Pacific War With China It Doesn’t Want
Embedded with U.S. forces in the Pacific, I saw the dilemmas of deterrence firsthand.
America Can’t Stop China’s Rise
And it should stop trying.
The Morality of Ukraine’s War Is Very Murky
The ethical calculations are less clear than you might think.