Opinion: Ransomware updates
27 November, 2021, 1:16 pm
According to a recent TheHackerNews. com article by Lakshmanan, the darknet payment portals operated by the infamous Conti ransomware group have gone down in what appears to be an attempt to shift to new infrastructure after details about the gang’s inner workings and its members were made public in recent weeks.
According to MalwareHunterTeam, “while both the clearweb and Tor domains of the leak site of the Conti ransomware gang is online and working, both their clearweb and Tor domains for the payment site (which is obviously more important than the leak) is down”.
While ransomware cyberattacks work by encrypting the victims’ sensitive information and rendering it inaccessible, hackers have increasingly latched on to a two-pronged strategy called double extortion to demand a ransom payment for decrypting the data and threaten to publicly publish the stolen information if the payment is not received within a specific deadline.
Emerging on the cybercrime landscape in October 2019, Conti is believed to be the work of a Russia-based threat group called Wizard Spider, which is also the operator of the infamous TrickBot banking malware. Since then, at least 500 companies have had their business-critical data exposed on the victim shaming site, with the ransomware cartel receiving over 500 Bitcoin (US$25.5 million) ($F54.15m) in payments since July 2021. I spend most of my time these days looking into the uglier side of cyberspace – examining the techniques, tools, and practices of cyber criminals to help people better defend against them. It’s defi nitely given me a greater appreciation for just how hard it is for normal folks, especially children, to stay “safe” online.
Even those who consider themselves well educated about cyber crime and security threats – and who do everything they’ve been taught to do – can (and do!) still end up as victims. The truth is that, with enough time, resources, and skill, any digital device can be hacked.
The key to protecting your digital life is to make it as difficult (and expensive) as possible for someone to steal the things most important to your safety, fi nancial security and privacy. It’s important to assess the ways that vital information can be stolen or leaked – and understand the limits to protecting that data. In cybersecurity frameworks these are defi ned as information assets and surprisingly most are not technology-related at all. One of the most important aspects of cyber vulnerability assessment is defi ning your acceptable level of risk.
This is part and parcel of any organisations’ risk assessment matrix and is not all that different from doing this for any other part of the business.
For those who want to lock things down without going offline and moving to a bunker like some did in the cold war era, the fi rst step is to assess the following things:
What in my digital life can give away critical information tied to my finances, privacy, and safety? Include your spouse and children’s devices in this assessment;
What can I do to minimise those risks?;
How much risk reduction effort is proportional to the risks I face?; and,
How much risk management can I actually afford? Simple cost benefit analysis works.
The first question above is all about taking inventory of the bits of your digital life that could be exploited by a cybercriminal or hacker group for gain Each of these items offers an “attack surface”– an opportunity for someone to exploit that component to get to your personal data.
Just how much of an attack surface you present depends on many factors, but you can signifi cantly reduce opportunities for malicious exploitation of these things with some sensible actions. Smart phones and tablets carry a significant portion of our digital identities – think about it. Especially if you’re still logged into your email accounts or Apps because you haven’t explicitly logged out.
The nasty thing about these pesky Smartphones is that they have a habit of falling out of our direct physical control by being mislaid, stolen, or idly picked up by others while we’re not looking! Defending against casual attempts to get at personal data on a smart phone (as opposed to attempts by law enforcement, sophisticated criminals, or state actors) is incredibly straightforward. Firstly, you should always lock your device (or have automated screenlock after x amount of minutes) before you put it down, no exceptions. Your phone should be locked with the most secure method you’re comfortable with – as long as it’s not a 4-digit PIN, which isn’t exactly useless but is defi – nitely adjacent to uselessness.
If you’re using facial recognition or a fi ngerprint unlock on your phone, this is even better. Also, regularly back up your phone. The safest way to back up data if you’re concerned about privacy is an encrypted backup to your personal computer or the cloud; however, most iOS device owners can back up their data to iCloud with confi dence that it is end-to-end encrypted. That covers most of the physical security threats that about 90 per cent of mobile-device users will face – but physical security is only one aspect of security.
There are other areas to address, including software and network threats.
While Apple and Google have done many things to make their mobile devices more secure, there are still plenty of ways for rogue apps and even not-so-rogue apps to do things that they should not. Side-loaded apps can lead to security issues. Never side-load an app from an untrusted source or allow an iOS app that requires a “profi le” to be installed on your device if the app isn’t one you’ve created or one provided to you by your employer’s mobile device management (MDM) platform. Besides issues that arise from questionable app behaviour, mobile devices can be vulnerable through wireless functions like Wi-Fi or Bluetooth.
By default you should always have these turned off. I actually turn on Bluetooth just before going into a supermarket, shops etc with my careFIJI App. If your device has Bluetooth turned on, it’s broadcasting information that could identify it – and you. It also works in the ISM spectrum (2.4GHz) which is broadly advertised and very easily accessible for hacking toolkits.
For laptops and PCs, if you have nothing else (and assuming you’re running Windows 8 or later) at least let Windows Defender run in the background which provides a significant bump in protection over nothing, and disabling it without good reason is very bad idea.
The easiest way to minimise threats your laptop or PC, first and foremost, is running the most updated version of the operating system. Turn on automatic updates and leave them on. When an update is pending, stop what you’re doing and install it immediately.
Yes, this can often be inconvenient. Welcome to the modern world of malware. Suck it up and install your updates or risk compromise. This applies to your web browser and other frequently used Apps on all your devices. Your IoT devices – good luck with that one! In the event that your physical device is compromised, you can minimise damage by prioritising your data. prevent all types of data loss, back your data – in encrypted form and offl ine (either locally or in the cloud) that ransomware doesn’t get the backups, too. Keep multiple backups just in case, because if your latest backup contains the compromised or encrypted fi les, it’s useless. And don’t just back up your data, use fulldisk encryption. Period.
It’s a one-time setting to activate and there are no excuses for not using it. Full-disk encryption transparently encrypts your hard drive so data can’t be read off of it without your credentials.
This is accomplished with Bitlocker on Windows and FileVault on macOS so you have no excuse. This can be done regularly but less frequently – you can gauge when you’ve accumulated enough data to warrant a full encrypted backup. Just as a phone’s solid unlock password prevents data theft, the same is true of enabling password or PIN protection on your notebook computer for sleep mode.
When travelling in high-risk areas like airports, power-down your computer when it’s not in use. Another helpful trick for keeping laptops safe is using a privacy browser plugin such as the EFF’s Privacy Badger and being very selective about which sites are allowed to use tracking cookies.
This will reduce the threat of malicious ads – as per a previous article. Use endpoint protection software that blocks known malicious websites, especially if you share the computer with other family members who might visit unknown websites. As ancient Chinese general, military strategist and philosopher Sun Tzu would say –
“The greatest victory is that which requires no battle.” Acknowledging that some tips are gleaned from Ars Technica and other cybersecurity guidelines and best practices. As always, God bless and stay safe in both digital and physical worlds.
ILAITIA B. TUISAWAU is a private cybersecurity consultant. The views expressed in this article are his and not necessarily shared by this newspaper. Mr Tuisawau can be contacted on firstname.lastname@example.org