FEATURE will need be able to explain how you’ve software licensing and development, IT Information Commissioner’s Office, addressed data privacy protection and jus- service contracts, outsourcing and cloud 26 May 2017. Accessed Oct 2017. tify your decisions if a data breach occurs services. He also advises on open source https://ico.org.uk/media/action- after the regulations go into effect. Use compliance, data protection, software IP weve-taken/mpns/2014217/glouces- of open source is not a special case, igno- issues and the IT aspects of M&A and IPO ter-city-council-mpn-20170525. rance of your use of open source will be transactions. He regularly acts for both pdfhttps://ico.org.uk/media/action- a weak defence and you need to manage established corporates and early-stage and weve-taken/mpns/2014217/glouces- vulnerabilities in open source just as you fast-growth businesses. ter-city-council-mpn-20170525.pdf. would any other software you use. Matt Jacobs is vice-president and general 2. ‘Black Duck’s 2017 open source The consequences for inaction can be counsel at Black Duck Software. He over- security and risk analysis finds secu- serious, both for you and for your custom- sees the worldwide legal affairs of Black rity and compliance risks in most ers, so our advice is to get processes and Duck including managing licensing and applications’. Black Duck. Accessed policies into place immediately to identify, contract negotiation, managing the com- Oct 2017. www.blackducksoftware. manage and secure the open source used in pany’s intellectual property portfolio and com/open-source-security-risk-analy- your applications and web properties. As advising senior management on day-to-day sis-2017. Benjamin Franklin once said: “An ounce legal affairs. 3. ‘GDPR – sorting the fact from the of prevention is worth a pound of cure.” fiction’. Information Commissioner’s References Office blog, 9 Aug 2017. Accessed About the authors 1. ‘Supervisory Powers of the Oct 2017. https://iconewsblog.org. Dan Hedley is a partner at law firm Irwin Information Commissioner: uk/2017/08/09/gdpr-sorting-the- Mitchell LLP. He advises businesses on Monetary Penalty Notice’. fact-from-the-fiction/. Hobby hackers to billion-dollar industry: the evolution of Srinivasan CR Srinivasan CR, Tata Communications

In recent months, ransomware has become a mainstream topic across the world, thanks to a string of high-profile attacks. There is a sense that no one is immune to attacks from a persistent and organised community of cyber-criminals who use ransomware as their main modus operandi.

Some of the most worrying attacks have economy gets more digital, we face a the world was unprepared for such an been those on national infrastructure. growing threat from cyber-attacks, with attack, the virus struggled to spread at During the WannaCry attack, for exam- ransomware at the heart of modern the time because few people used per- ple, the NHS was seriously affected, fac- cyber-criminals’ arsenals. sonal computers and the Internet was ing demands for payments of $300 or still in its very early stages. In addition $600 per computer to restore access. The Cyber-vandals to to this, encryption technology was still disruption led to significant delays in hos- cyber-criminals limited back then. pitals and surgeries across the country. In spite of its early beginnings, ran- Ransomware may be one of the most The origins of ransomware can be traced somware wasn’t a popular form of mal- popular forms of today, but this as far back as 1989, when unsuspecting ware in the 1990s and early 2000s as the hasn’t always been the case. Malware, victims were infected with the ‘AIDS main aim was to gain notoriety through like any virus, favours threats that can trojan’. This was distributed through cyber pranks and vandalism, with hack- adapt and evolve to their surroundings. floppy disks that were sent to victims ers using graphics to communicate the As we become more connected and our via the normal postal service. Although attack to the user. These graphics were

7 November 2017 Computer Fraud & Security FEATURE

update to let you know you’ve been hacked, the first most people and organisations hear of a successful attack is when the orchestra- tor starts asking for . Early examples of ransomware in its modern guise were seen in the form of Cryzip in 2006. Although Cryzip was a small-scale attack, it successfully carved the path for more harmful ransomware variations such as CryptoLocker and CryptoWall. It wasn’t until 2013 that we saw the full maturity of these modern variations of ransomware in the form we know now, released four years after was released as open-source soft- ware. These viruses were distributed via a simple attachment and, evading usual prevention techniques, proceeded to quickly find and encrypt their victim’s data. The next part was simple: pay up or lose your data.

“Security experts have esti- mated that $1bn was depos- ited into Bitcoin wallets associated with ransomware The malware museum at Archive.org. cyber-criminals in 2016 alone” sometimes amusing and creative – so write their own encryption code, which much so that some of them have been sometimes led to poor execution of the The ransomware variant CryptoLocker immortalised in an online Malware attack. The criminals of today rely on infected more than 250,000 systems Museum where you can interact with more sophisticated methods of hacking between September and December viruses of yesteryear – with their mali- such as off-the-shelf libraries that prove 2013 and its revenue reached more cious elements removed.1 to be much harder to crack. Another than $3m before it was taken offline in method the hackers have developed over 2014. An online tool was developed to “The criminals of today rely on time, that helped ransomware expand recover encrypted files compromised by more sophisticated methods of and become a more frequent form of CryptoLocker by analysing its encryp- hacking such as off-the-shelf cyber-attack, are slightly less sophisti- tion model. Unfortunately, this wasn’t libraries that prove to be much cated but equally harmful downloadable a way to stop it as cyber-criminals man- harder to crack” toolkits. These enable those attackers aged to develop different variations of with lesser technical skills to success- this virus known as CryptoWall and One infamous example from this peri- fully conduct attacks. The market for TorrentLocker. In fact, early 2014 to od is the MS Blaster virus, also known ransomware has expanded to the point early 2016 will go down in the history colloquially as the ‘LoveSan’ virus. The of advanced cyber-criminals monetising of ransomware as an era of CryptoWall, virus forced the system to restart after ransomware by offering ransomware-as- which was the most commonly used 60 seconds and included two hidden a-service programmes. ransomware, targeting hundreds of messages in the code: ‘I just want to say thousands of individuals and businesses. LOVE YOU SAN!!’ and ‘Billy Gates Thriving business The value of CryptoWall crimes reached why do you make this possible? Stop over $18m by mid-2015. It is estimated making money and fix your software!!’. Ransomware has thrived in today’s digi- that by 2019, cybercrime costs will reach The difference between early ransom- tal economy thanks to the emergence of $2tr, as reported by Forbes, while cyber- ware developers and the ones of today almost-impossible-to-trace crypto-curren- crime is estimated to cost the global is that the attackers back then used to cies. So now, rather than receiving a cheeky economy $445bn (£401bn) every year.2

8 Computer Fraud & Security November 2017