Published with Permission by:
Lint, James R. & Kim, Dr. Yoohwan, “Ransomware: Its Aftermath and Payment Process”, In Cyber Defense, 31 Mar. 2017, Web, http://incyberdefense.com/james-lint/ransomware-aftermath-payment-process/
Co-Authored by Yoohwan Kim, Ph.D.
CISSP, CISA, CEH, CPT Associate Professor Computer Science Department University of Nevada Las Vegas
This is the fourth article in a series on ransomware.
After a ransomware attack, you must assess the damage to your system. You also need to explore payment methods.
If your antivirus software has stopped working or has been deleted by the attacker, it is too late to protect your computer system. Often, a hacker is quick to take control of your antivirus protection in hopes of using your computer as a spam bot or to spread viruses to new victims. Both of these actions may add to the income of hostile actors, but they may also use your machine or contact list to spread ransomware.
Operating System Programs Often Stop Working after Ransomware Attack
When a computer has been taken over by ransomware, some operating system programs often become inoperable. The Ctrl-Alt-Delete keyboard sequence for rebooting your computer will not work, which prevents you from bypassing the ransomware.
In addition, you may not even be able to access your computer’s control panel. There are many different types of ransomware, but these examples are some of the activities you will lose when a hacker takes control of your computer system.
The machine will no longer allow you to boot up from safe mode to degrade the ransomware or to bring in tools to negate the ransomware’s effects.
Ransomware blocks operating system updates. As a result, a software manufacturer cannot install updates with improvements to render the ransomware ineffective.
Ransomware also removes Windows rollback points, preventing you from resetting the computer to a time before the ransomware attack.
How Victims Pay Ransomware Attackers
Ransomware attackers are commonly paid through digital cryptocurrencies; Bitcoin is the best-known and most widely used method for a ransom payment. The system is allegedly secure without an intermediary.
Hackers favor Bitcoin because its payments are believed to be hidden from police or Treasury officials. This is how Bitcoin became so popular in the ransomware community.
Alternative Payment Venues
Ransomware attackers have also tried to get funds via Amazon gift cards, Apple iTunes gift cards and many other cards. But most hostile actors return to Bitcoin because criminals find it reliable and secure.
A few ransomware operations require a SMS (text) or a call to a premium mobile phone number. This could quickly result in a phone bill of $200 to $1,000. Some of those incoming phone numbers are then sold to phone scammers.
Ransomware Attacks Cause Time-Consuming Disruptions that Victims Want to Quickly Stop
Hostile actors depend on creating havoc. When your computer gets hit by ransomware, your day and schedule are destroyed. You quickly learn how much of your computer system you no longer control.
A ransomware attack can affect a system as large as a hospital, which might pay as much as $17,000 to unlock the system. It can also affect a single computer whose owner gets a bill for $50. Even police stations have been among ransomware’s victims.
The ransomware attackers normally set a ransom price that is cheaper and easier than hiring computer security experts to fight the ransomware. The cost benefit analysis for businesses often relies on paying the ransom promptly and getting back into operation.
Time is money, and cyber hostile actors understand this principle. It is no wonder that most targets have chosen to pay a ransom to regain control of their systems.
About the Authors
James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.
Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017, “Secrets to Getting a Federal Government Job.”
Dr. Yoohwan Kim is an Associate Professor in the Department of Computer Science at the University of Nevada Las Vegas (UNLV). He received his Ph.D. degree from Case Western Reserve University in 2003 in the area of network security (DDoS attack mitigation). His research expertise includes secure network protocols, unmanned aircraft systems (UAS) communications and cyber-physical system (CPS) security. He has published over 90 papers in peer-reviewed journals and conferences, and has six patents granted or pending. His research has been sponsored by Microsoft Research, the U.S. Air Force, Naval Air Warfare Center, Oak Ridge National Laboratory, National Security Technologies and the National Science Foundation. Before joining UNLV, he had broad experience in the IT industry as a management information system consultant at Andersen Consulting (now Accenture), a database programmer at Cleveland Clinic Foundation, a software engineer at Lucent Technologies and his own start-up company.