Ransomware attacks: the man who hacks the hackers

 Ransomware attacks: the man who hacks the hackers

Handelsblatt conference cybersecurity attack on ransomware: the man who hacks the hackers

Christof Kerkmann is an editor in the Corporate & Markets department with a focus on technology

 Ransomware attacks: the man who hacks the hackers

Not only are malware attacks increasing rapidly, they are also becoming more professional. Source: imago/ITAR-TASS

Not only the number of attacks with malware is increasing rapidly, they are also becoming more and more professional.

Berlin The crude insults did not worry him so much. Fabian Wosar was used to criminal programmers leaving him messages, hidden in the source code of the software they used to illegally break into other people’s computers.

But when someone snooped on him via the Internet to find out where he lived in Germany, he realized that he had been messing with dangerous adversaries. Not very subtly, they soon let him know they had a picture of him, too: "Fabian, lay off the cheeseburgers, you’re fat."

"The aggressiveness of these people I can understand," Wosar says. "Because I cause serious financial damage to criminals." The 35-year-old German is a specialist in combating digital protection racketeering – experts talk about ransomware attacks.

It looks for vulnerabilities in the malicious code so that affected companies can get the data the criminals encrypt free again without paying. For protection he moved to London, he does not give his address. "The job has a price."

Find the best jobs now and
Be notified by email.

Wosar, who is technical director of New Zealand IT security company Emsisoft, is in demand as ransomware has become the most popular attack tool used by international cybercriminals. Also at the annual conference Cybersecurity 2019 of the Handelsblatt in Berlin, hardly a speaker got along without reference to the wave of digital extortions.

"Cyber attacks are increasingly targeted and of a new quality," warned Andreas Konen, Ministerial Director at the Ministry of the Interior, for example. "We are seeing methods that have previously been used by state or professional attack groups."

Attacks increasingly tricky

Fabian Wosar also has a disturbing message: "We currently see that around 60 percent of all global ransomware attacks are concentrated on companies and public institutions in the US."Despite all the spectacular cases, Germany has so far been little in the focus of the criminals: "They haven’t really started with us yet."

Probably the biggest danger spreads Emotet. The program is able to read e-mails in the mailbox and reply in the name of known persons – often deceptively real. If a user clicks on the prepared attachment, the criminals can use further modules to spy on the network and encrypt files. The methods are becoming so refined "that everyone will fall for it at some point," said Gerhard Schabhuser, vice president of the German Federal Office for Information Security (BSI).

Whether at the Hamburg luxury jeweler Wempe, the Heise publishing group in Hanover or the automation specialist Pilz from Ostfildern near Stuttgart – new attacks according to this pattern become known almost every week. In most cases, these are targeted attacks, said Michael Sauermann, a partner at the consultancy KPMG: the ransomware sometimes even contains the name of the company in which it becomes active. In addition, he said, the software is now capable of encrypting "entire infrastructures".

Fabian Wosar has been dealing with problems like this for a long time. At the age of eleven, he bought his first computer – to pay for it, he had to collect bottles and waste paper for a long time. He unintentionally infected the device with a virus.

Wosar borrowed books on the subject from the library and wrote his own anti-virus program. He started at Emsisoft when he was 18 – without any formal training. Today, the self-taught author is a sought-after expert on ransomware, after whom a criminal group once even named its program: Fabiansomware.

For the IT expert, the fight against ransomware is more than just a job. He spends a considerable part of his waking time in front of the computer. He once worked 35 hours straight before falling asleep on the keyboard. When he woke up, he had the keystrokes on his face.

And even when he is lying in bed, the device is switched on: "The computer is running 24/7" – for example to do complicated decryption tasks. He shares the apartment with two cats. For safety’s sake, he doesn’t want to tell much more about his private life.

Police and authorities like the BSI strongly advise against paying the ransom – so as not to further encourage crime. But the reality is obviously different. "The sums demanded hurt, but they don’t kill the company. Most bosses choose the option to pay," Wosar says. When it comes to existence, principles are no longer so important. The cases handled by Emsisoft’s chief technology officer in 2019 alone would come to a ransom volume of about $350 million.

Most companies pay

Those who comply with the demand get decryption tools from the criminals in 90 percent of cases, says Wosar. This is where the IT specialist comes in again: the criminals’ decryption programs, called decrypters, are "sometimes so bad that they don’t work properly". Companies then turn to Emsisoft for decryption help.

This summer, for example, a large medium-sized company came to Wosar, where attackers had encrypted 64 servers. "Decrypter" was available but only for 61 devices. "We were able to solve the problem in four hours. The malicious software‧ware had a vulnerability, we didn’t need the decryption software at all." Tragic for the company: the ransom was already gone.

"Often the ransomware is completely insecure," says Wosar. "This makes it possible to leverage encryption without having to pay for it."The IT security specialist is appealing to companies and private customers alike to check first when infections occur, such as with projects like "No More Ransom". There, companies and authorities offer decryption tools for many ransomware programs – free of charge. Emsisoft is also involved.

Wosar observes two trends: The extortion of private individuals is declining because the low returns are not worth the effort for the criminals. IT service providers, known as managed service providers (MSPs), are particularly at risk: They take care of e-mail systems or data centers on behalf of companies, for example.

Some criminal groups hack them specifically – in the U.S., the attack on a software supplier crippled the IT systems of hundreds of dental practices. Seven-figure ransoms are the norm for IT service providers, Wosar says – usually without the public noticing. The German will be able to make himself unpopular for a long time to come.

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: