Young, business-savvy hackers corner ransom market

30 October 2016 - 02:00 By ARTHUR GOLDSTUCK

We tend to think of criminals as hardened men in masks climbing through windows to burgle homes and offices. In the world of cybercrime, they are more likely to be young hackers keeping to their own bedrooms, testing the limits of their computer skills. These stereotypes are seldom associated with a more sophisticated skill: business expertise. Yet that is what sets apart the new breed of digital delinquent.And there is one field of cybercrime in which the business model is at the very heart of the heist: ransomware.Global IT security company Kaspersky Lab defines it as "a type of malware that severely restricts access to a computer, device or file until a ransom is paid by the user".story_article_left1It can be installed through deceptive links in an e-mail message, instant message or website, and can encrypt important files with a password.That's just the start. Lurking behind the scam - which has caught many South African consumers and businesses with their security pants down - is a sophistication that belies the age of some of the perpetrators."People in ransomware are thinking like business people," said Ton Maas, digital co-ordinator of the Dutch National Police, in an interview with Business Times at Kaspersky Lab's annual Cyber Security Weekend in Malta last week.Last year, he arrested two young ransomware creators, brothers who were conducting the business in the home of their oblivious parents."In this case, they were the coders and the distributors," Maas said. "Usually, you start with the coder, who offers code to distributors, who then target end users. You even get code specifically written for the distributor, on request."The distributors buy the codes and earn their own money, but sometimes have to pay a percentage back to the coder. It is also possible to have a service contract, paying a fixed monthly amount, so if you want to change something in the code, the coder will do it for you. You can call this ransomware-as-a-service."Kasperksy Lab's 2016 Corporate IT Security Risks Survey, presented in Malta, revealed that 20% of businesses across the world experienced a ransomware attack in the past 12 months.South Africa is not immune, with 19% of businesses coming under attack. In the past year, ransomware has migrated from PC to mobile, with Kaspersky detecting more than 80,000 malicious installation packages.story_article_right2The company helped the Dutch police track down the hackers responsible for a ransomware program called CoinVault, which added a new element to the business model: if victims did not pay immediately, the ransom "fee" steadily increased. Victims had to pay in bitcoins, the cybercurrency choice of hipsters and hackers.Once the criminals were bust, the Dutch provided Kaspersky with the encryption keys used by the coders, as well as the IDs for their bitcoin wallets.This allowed it to release a decryption package called Anti-Ransomware Tool for Business. It also prompted the creation of the No More Ransom project, initially a collaboration between Kaspersky Lab, Europol, the Dutch National Police and Intel Security Group.Its online portal aims to educate the public about ransomware and helps victims recover their data without having to pay up.Its membership now includes law enforcement agencies from 14 countries. South Africa has shown no interest in joining.Goldstuck is the founder of World Wide Worx and editor-in-chief of Follow him on Twitter and Instagram @art2gee

This article is reserved for Sunday Times subscribers.

A subscription gives you full digital access to all Sunday Times content.

Already subscribed? Simply sign in below.

Registered on the BusinessLIVE, Business Day, Financial Mail or Rand Daily Mail websites? Sign in with the same details.

Questions or problems? Email or call 0860 52 52 00.