Who are the ransomware gangs wreaking havoc on the world’s biggest companies?
In the past year, some of the UK’s most recognised institutions, from the Guardian to Royal Mail, have been hit with the defining cyber crime of our time: ransomware. Hackers locking up computer networks and demanding payment for the keys to restore them have snarled operations and left victims scrambling to recover.
Nearly every sector of society, including healthcare, business, government and education, has now been targeted by ransomware gangs making demands that stretch into the tens of millions. Ironically, just a few months before the release of my own book on ransomware, my publisher was hit with a bruising attack, leaving my co-author and I unable to reach our editors via phone or email.
In the UK over the past few weeks alone, separate attacks have reportedly compromised NHS employee records and confidential emails, as well as data on more than 1 million patients. In the US, a baby’s death was attributed to a 2019 ransomware attack on an Alabama hospital that knocked out monitors displaying foetal heart-rate tracing information at a nurses’ station.
So how has this criminal enterprise taken hold with such force? Just a decade ago, ransomware was a relatively unknown crime that mainly affected home computer users. Hackers would demand a few hundred pounds of cryptocurrency for the return of locked family photos and other personal files. They operated mainly alone or in small groups connected online, spreading ransomware through spam email distributed indiscriminately to large numbers of prospective victims — only a small fraction of whom would actually open the malicious links or attachments.
Although profits gained from this early “spray and pray” model were modest, ransomware was nonetheless appealing to hackers, who were attracted in part by the straightforward nature of the crime. Traditional data breaches were labour-intensive affairs that required them to find buyers for records such as credit card numbers in order to cash in. Ransomware made the hack itself profitable.
Criminals seeking the path of least resistance rushed to get in on the extortion economy, and as ransomware matured as a business, gangs began to organise in ways that mirrored legitimate corporations. Many seemed to find safe haven in places such as Russia, North Korea and Iran, but large parts of eastern Europe also became hotbeds for cyber gang operations, and hackers now operate all over the world.
The most ambitious ones, such as Ryuk and REvil, hired workers with the expertise to get their ransomware inside large organisations that had much deeper pockets than home users — a strategy known as “big game hunt