A Threat Assessment on Police Ransomware has been published by the European Cybercrime Centre at Europol. The European Union’s policing body describes ransomware as a class of computer malware that has seen exponential growth in the European Union (EU) over the last two years.
The result of a joint initiative between the European Cybercrime Centre (EC3) and the Dutch National High Tech Crime Unit (NHTCU), the report aims to increase awareness of ransomware, and identify opportunities for international law enforcement intervention.
Police ransomware is a type of online fraud used by criminals to extort money by deploying malicious software, or malware. The malware disables the victims’ computers and displays a message demanding payment of a ransom to regain access to their machines. The ransomware messages purport to be from law enforcement agencies, and accuse the victim of carrying out online activities such as illegal file-sharing, accessing child abuse material, or visiting terrorist websites. The criminals use real law enforcement agency logos to lend authority to their messages and coerce victims into paying to unlock their computers.
Although the exact number of victims of police ransomware in the EU is difficult to assess, Europol estimate that millions of computers have been infected and tens of thousands of citizens have paid ransom demands. It is a multi-million euro business for the criminals the police body adds.
These cybercriminal activities are facilitated by underground online forums that provide the ransomware source-code, infrastructure for distribution of the malware and money laundering services for ‘cashing out’ the illicit proceeds gained through online prepaid solutions and virtual currencies. Ransomware ‘kits’ mean that attacks can be easily deployed and are no longer restricted to the technically savvy.
New forms of ransomware are emerging – such as cryptolocker – which may have even more impact on computer users and businesses as they risk permanent loss of data and files. Cybercriminals will expand their pool of victims by addressing new markets, targeting operating systems and devices.
The distribution of ransomware actors and infrastructure across many legal jurisdictions complicates police investigations and therefore improved cooperation and information exchange between law enforcement authorities and private partners is essential in the fight against this cybercrime phenomenon, police add.
Troels Oerting, Head of the European Cybercrime Centre said: “Malware attacks in the form of ransomware will unfortunately increase. It is a ‘cash cow’ for criminal enterprises, easy to use and difficult for victims to protect against. All kinds of innocent users are potential victims of this crime – not just mainstream users but also businesses and public services. EC3 will continue to assist EU member states law enforcement agencies in combating this crime and tracing the criminal proceeds. In the meantime we all need to increase awareness amongst all Internet users to avoid further impact. A number of guidelines need to be observed – one is to ensure that you’re always backed-up.”
Separately, Prolexic Technologies, the US-based company offering products against Distributed Denial of Service (DDoS) attacks reports that some DDoS attacks are an attempt to influence market values and interfere with exchange platforms. The Prolexic Security and Engineering Team (PLXsert) details the findings in a white paper, DDoS Attacks Against Global Markets, which can be downloaded at www.prolexic.com/ddos-markets.
Stuart Scholly, president of Prolexic, said: “Typically, DDoS attacks are launched to fuel public discourse, or for revenge, extortion and blackmail – but that is changing. During the past few years in particular, DDoS attack campaigns have posed a significant threat to the financial services industry, as well as other publicly traded businesses and trading platforms. As part of our DDoS attack forensics, we have uncovered a disturbing trend: Many of these malicious attacks appear to be intent on lowering the target’s stock price or currency values, or even temporarily preventing trades from taking place.”
The US firm adds that the public image of a global business or financial service is closely associated with its cyber presence. Taking a publicly traded firm or exchange platform offline – and spreading rumours that raise questions about its ability to conduct business online – can create false or misleading appearances; a hallmark of market manipulation. Overall, PLXsert found a direct relationship between DDoS cyber-attacks and a temporary change in the valuation of a company.
Scholly said: “A few specific cyber-terrorist groups are responsible for most of these attacks. So far they have not been successful in bringing down an entire major marketplace. But DDoS attacks keep getting bigger, stronger, longer and more sophisticated, so we cannot be complacent. What’s more, the risk goes beyond the actual outage – social media chatter and media coverage can amplify the perceived effect, disruption and damage caused by a cyber-attack campaign.”
The white paper reviews nearly a dozen DDoS attacks and the resulting market movements and provides insight into the malicious actor groups responsible for most of the attacks. The white paper is available at www.prolexic.com/ddos-markets.
