• Thursday, Jan 30, 2020
  • Last Update : 01:30 am

Ransomware

  • Published at 07:22 pm May 18th, 2017
Ransomware
It is the year 2053. Mujahidul Huq Shahin is sitting on a sofa in his drawing room. He doesn't know how to break the news to his wife. 27 Petabyte (27 thousand Terabyte) of their family data has been taken hostage by data pirates. This means he will lose all of his family memorabilia – all the photos, videos, 3Deos (3D videos) – if he does not pay them 0.80 satoshi (digital currency prevalent in 2053, equivalent to 3000 US dollars). The pirates have also threatened to encrypt the data in his home appliances within the next five hours. Shahin knows that the pirates can do it because he has just moved from commercial servers to independent servers. His wife warned him not to do so. Shahin's desire to stick it to the big corporations has now blown up in his face. In 2053, most things are automated. If the data for your home appliances get scrambled you cannot turn on air-conditioning or wash your clothes. Shahin remembers a simpler time when all of these machines weren't connected to a network. The idea that a washing machine or a table fan can be hacked would induce laughter when he was growing up. But they all need to be connected to a network now, because otherwise the stove cannot auto-order refills when it runs out of battery. The network connection, though, comes at a price. It creates the opportunity for pirates to invade and hack your data. Shahin could not help but think that it was all a bit pointless. “Yes, it was a bit of a chore to order everything manually, but we survived,” Shahin thought affectionately of the past. But there isn't much time to dwell on his thoughts. He slowly gets up from the sofa and heads to the kitchen to tell his wife.

Holding your information hostage

Back in good ol' 2017, we are actually not very far from the technological reality Shahin lives in. The recent global ransomware attack provided a glimpse into the kind of security problems we are going to experience as societies become completely immersed in and dependent on technology. People at different institutions across 150 countries turning on their workplace computers last Friday were greeted with an unfamiliar red screen with the taunting message: "Oops, your files have been encrypted!" The message also demanded money through online bitcoin payment; $300 at first, but the amount would be doubled if not paid within three days. The message, delivered in 28 languages, also snidely declared: “We will have free events for users who are so poor that they couldn't pay in 6 months.” The attack, which came to be known as "WannaCry," crippled healthcare services and government agencies, among all sorts of other institutions, through a vulnerability in the Microsoft operating system. It is believed to be the biggest online extortion scheme ever.

Glaring security flaws

Microsoft bluntly blamed the US government for "stockpiling" software code which was used in the attacks. The hackers exploited software code from the National Security Agency that was leaked online. The “stockpiling” refers to the America government secretly finding out flaws in operating systems or any software in general, and then keeping those vulnerabilities for it own use, as opposed to alerting the company that developed the software. “This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” writes Brad Smith, president and chief legal officer of Microsoft, in the company's official blog. Smith wrote that information in the hands of governments have leaked into the public domain repeatedly and resulted in widespread damage. “An equivalent scenario with conventional weapons,” Smith wrote in the strongly worded statement, “would be the U.S. military having some of its Tomahawk missiles stolen.” So, how much did The Shadow Brokers (creators of Wannacry) make? Interestingly, the ransom has not been paid by many people relative to the massive scale of the attack. Considering that the malware affected 29,000 organisations in China alone and its total number of victims has reached 200,000 so far, the total amount of money deposited to the hackers' bitcoin accounts is puny, less than 70,000 US dollars, at the time of writing this article. Approximately 250 payments have been made. Technically though, the hackers have not made a single penny, as they haven’t withdrawn any of the bitcoin currency deposited to their three accounts. Even if they do withdraw, they will have to convert that to a conventional currency, which would be unlikely for them to attempt, given the amount of attention this has gotten.