First let’s start off by defining a few terms that will be utilized throughout this memo. A
malicious actor is someone who intends to do harm to an individual, service, or system.
Ransomware is malicious software that takes possession of personal or proprietary
data, renders it inaccessible, and then holds it for ransom until the requested condition
is met. Third-party network access is when a malicious actor gains access to a
compromised third party or organization in order to steal client data and attack the
network from the inside. A privilege escalation attack is when an attacker gains elevated
access to resources that they should not normally be able to have access to. Encryption
or to have something encrypted is the process of modifying data to the point that it is
difficult to decipher when using the naked eye and can only be decrypted by those who
have the proper decryption key. Zero-day vulnerabilities or zero-day exploits are attacks
that strike security flaws in systems to take advantage of there not being fix established
yet. PII or Personal Identifiable Information is information that can be used to help
identify who you are, such as your full name, phone number, email address, home
address, and social security number.
What’s happening? and Who does it effect?
Today’s memo starts with Yaroslav Vasinskyi also known as Robotnik. Who is this
individual you may be asking? Well, he is someone who has just been sentenced to
over 13 years in prison and ruled to pay $16 million back in restitution due to taking part
in 2,500 Ransomware attacks and the accompanied schemes used to extort his victims.
The reason that he has only been charged with “taking part” in the listed cybercrimes is
attributed to him collaborating with a group of other people. They used the ransomware
dubbed as Sodinokibi or REvil and with it infiltrated thousands of computers, encrypted
user data, and demanded that their victims pay them in either cryptocurrency or with US
currency. These innocent and unsuspecting people were forced to give their money to
the extortionists to get their personal data back for the fear of having it publicly exposed.
Why should it matter to you?
As previously stated, having your private data accessed, encrypted, and ransomed until
you send a malicious actor your hard-earned money is not an ideal situation that anyone would want to be in.
On top of that, the stress and anxiety of having a clock countdown before your private information becomes public information does not help the situation. This could happen to any of us at any time due to the nature at which the ransomware can be distributed to our computer systems and it sometimes isn’t even a mistake being made on our part. An example of this is third-party network access where
a third party or supplier that is responsible for the safekeeping of your PII has account
credentials stolen or vulnerabilities in their network that can be accessed due to zero-
day exploits or privilege escalation attacks.
Call to action – What you can do
The first thing that you should do when faced with ransomware that can encrypt your
personal data and hold it hostage is to take preventative measures so that it never
happens to begin with. Some examples of how you can take preventative measures to
protect yourself are making sure that you don’t click on suspicious links or download
applications that aren’t from official websites or app stores. Another thing that you can
do is to make sure that your data is always backed up. We can’t take control of when
our data will be compromised and as stated earlier in this memo, sometimes it isn’t even
you that is making the mistake. So, it would be best practice to have a copy of your date
in an alternate location whether that be in the cloud, on another computer or hard drive,
etc.
Resources
Ancell, N. (2024, May 2). Hacker jailed over $700M REvil ransomware scheme.
Cybernews. https://cybernews.com/news/hacker-jailed-revil-ransomware-attacks/
The Hacker News. (2024, May 2). Ukrainian REvil Hacker Sentenced to 13 Years and
Ordered to Pay $16 Million. https://thehackernews.com/2024/05/ukrainian-revil-hacker-
sentenced-to-13.html
theNet. (n.d.). The software supply chain is under attack. Cloudflare.
https://www.cloudflare.com/the-net/supply-chain-attacks/