The real life kidnapping model has just morphed into a new avatar in the virtual world encrypting your essential files, demanding money, holding you as a hostage. Cyber criminals have now adopted the same ‘real-life’ kidnapping technique to snatch your valuable documents holding you for a hostage to make a deal. In such situations you need to buy your freedom for exchange of a ransom.
It sounds bizarre and almost like a science fiction but it starts taking place in our day-to-day life.
Few days back a graduate student of Canada’s Carlton University emailed CBC news service and let them know a ghastly plan of cyber attack which experts believe could sweep over the web world, quite disturbingly, and might be a trend setter in the near future. The Carlton University, later, confirmed its IT network was attacked by ‘RANSOMWARE’ – a type of computer virus that uses encryption to hold essential files hostage. They were told that they could get back ‘very important’ access to their files in exchange of money.
There was one condition. They were supposed to buy their freedom! They have to pay them in bitcoin – a digital currency known only in the ‘dark web’ and difficult to trace.
The attackers wanted 39 bitcoin in total, amounting to almost 39 thousand dollar holding tons of important research and official papers as hostage. Their message was clear: ‘get back your all important files, get back your freedom by paying us a ransom’.
University authority had to take some drastic steps immediately after they got the ransom call from the ‘cyber kidnappers.’ Students and employees were warned that any Windows-based system accessible from the main network may have been compromised. Students were told to refrain from using Windows system and shut down their computers expecting more damages. It took one more day to get back to normalcy – but that was partial. Only email service had been restored after one day.
In June of 2016, when University of Calgary was first attacked by a same type of assault, people didn’t take notice. The University paid 20 thousand dollar to regain access to their computers.
Within a few months same incident of Ransomware attack happens and it indicates that the trend may soon turn into a more sinister bend. After testing the first blood in Education sector cyber kidnappers may now target government and banking system, social media giants, and corporate sectors which need to handle important data online. It may hack from daily transport system to individual locking systems. Even it can make you hostage inside your room, car or even in the public toilet where WI-FI is available.
This is no science fiction.
Few days back San Francisco’s Municipal Transportation Agency (SFMTA) was similarly affected with Ransomware attack and simply made their ticketing system offline. It forced SFMTA to give the passengers joyride absolutely free of cost for a long time receiving huge financial damages. In addition the cyber kidnappers wanted 95 thousand dollar as ransom to take the system back to online. The authority decided not to pay for it’d encourage more cyber criminals to adopt the same ploy.
From an ethical hacker’s point of view considering the cyber security as each day passes by, we must get ready to defend such Ransomware. This is not a classical denial of service attack but it represents the same tactic in a new avatar. It’s using kind of denial of service attack but in a completely new format. It does not paralyze your whole system by denying services but after a reconnaissance it targets specific important files and just locks them up using encryption method.
Generally encryption is being used to prevent unauthorized access. It has gone the reverse. Now the cyber attackers turn back the guns pointing towards the authority who had once invented it, challenging them to decrypt their pride and prejudice.