Unleashing a ransomware attack is as easy as a click of a button

If you think ordering groceries online is simple, then launching an illegal cyberattack might just come easy to you.

“It is mostly a lot of research,”said John Shier, Senior Security Advisor of the UK-based cybersecurity firm Sophos, at a recent event in Bengaluru. You don’t need to know complex algorithms, just know where you can find what service and you are good to go, he said.

Explaining the steps sophisticated cyber criminals use, Shier listed out simple steps one needs to follow for launching a cyberattack. "First, buy some bitcoins from a legal site. You can then use that to get your hands on some stolen credit card numbers from dumpsites."

The stolen credit card numbers are available on dumpsites accessible through the darknet. They are then used by cybercriminals to buy cryptocurrencies, which are then spent on more sophisticated attacks such as email spam, and malicious documents and services that offer Ransomware as a Service (RaaS).

The cost of buying ransomware could range from $100 to $1200, based on the number of ransomware services one has access to, and the desktops and systems one wants to infect.

A commission is charged for the service these platforms offer, which also depends on price range one chooses. The higher the price, the more value you get out of it, quipped Shier.

It is hardly a wonder that individuals and nation states are facing rising incidents of cyberattacks. These attacks, apart from incurring a huge cost, also have an adverse impact on security.

Though it is hard to put a number on the loss, Shier said recent leaks throw some insights. When the darknet market Alphabay was shutdown, the US law enforcement confiscated over $8 million worth of cryptocurrencies, reveals a news report.

According to report by Sophos, SamSam ransomware raked in nearly $6 million in ransom, with most of the victims based in the US followed by  Australia, India, Netherlands, West Asia, Canada, Belgium and the UK.

According to the answers to a parliamentary question on cyberattacks in India, close to 33,147, 30,067 and 15,779 Indian websites were hacked in 2016, 2017 and up till November 2018 respectively.

According to recent statistics, the cost of stolen records globally will reach $33 billion by 2023, with the US accounting for more than half, as opposed to $12 billion in 2018.

And activity on the darknet is only increasing despite continuous efforts taken to curb it. According to analytics platform Chainanalysis, business in darknet platform totaled over $600 million in 2018, with more than $2 million a day toward the end of the year.

To combat this, Shier says there are two things individuals/companies can do – Better their security strategy and keep up their wits. Peter Mackenzie, Global Malware Escalations Manager at Sophos, said in a statement that companies should ensure that their network is less visible and open to attack. IT managers should follow security practices, including hard-to-crack passwords and rigorous patching.