 |
| The ' ransomware ' has become the digital Black Plague |
The
virus that has left KO to Telefónica and half the planet is not an
unknown in the world of computer security, nor is Telefónica the first
company that falls under the attack of a ' ransomware '. In just five
years, these viruses have been located in the top 3 of the worst
computer threats. The apocalypse was seen coming and just happened:
Someone has turned a ' ransomware ' into a ' worm ' that is propagated
by the Nets only automatically.
Cybersecurity
experts as respected as the Englishman Kevin Beaumont or Spanish
Bernardo Quintero, creator of VirusTotal, endorse the thesis that we are
before a ' worm '. In the case of Telefónica, it is confirmed that the
initial infection was caused by a ' spam ' campaign, but the most
worrying thing is that it was neither necessary. With this type of '
worms ', it is possible to infect thousands of computers without an
employee misleading to click on an attachment in your email or plug a
malicious USB into your company's internal computer.
Reality
can now be more brutal. In this massive and global attack, very focused
on Europe, someone would have launched ' worms ' with ' ransomware '
functions to the Internet. These functions would be: Encrypt the
computers that are in their path and ask for a ransom of 300 euros for
each one, in exchange for the key that decrypts them.
The hole that this worm gets into is a Windows vulnerability for which a patch exists; The affected companies did nothing
As
for the functions of the ' worm ', these would be to walk through the
networks autonomously to the search for computers that had a concrete
hole, ' meddle ' by it, infect it and follow its unstoppable path. Only
that one of these worms would have reached Telefónica's network, perhaps
from Russia or Taiwan, where there have been even more massive
infections than in Spain, would be enough to start this historic chaos.
The
hole that this worm gets into is a Windows vulnerability that Microsoft
reported on March 14 and for which there was a patch since then that,
incomprehensibly, the affected companies had not yet installed, perhaps
by having thousands of computers and non-exhaustive security policies.
Or, also incomprehensiblely, they did not use antivirus, since most
antivirus detected this ' ransomware ', according to data from
VirusTotal.
The
knowledge of this security hole we owe it to equation Group, one of the
NSA's elite hacker groups, who ' enjoyed ' him for years, until another
group of hackers, called Shadow brokers, stole this information and
spread it to the world.
Like
all the ' ransomware ' of today, this also collects its bailouts with
the virtual currency Bitcoin. Tracing the Bitcoin addresses that the
criminals have provided their victims to pay the ransom is proving that
many of them are paying. As Lorenzo Martínez, technical director of
Securízame explains, one of the keys to the success of ' ransomware ' is
precisely that "there is a way to solve the attack based on paying a
ransom that is affordable in price and that really fix it, it is not a
hoax." According to Verizon, 64% of the victims end up paying.
70% of the attacks today
The
possibility of an immediate economic achievement has made growing as
the foam the organized ' cybercrime ' related to the ' ransomware ',
creating even a business model: ' ransomware-like-service '. In this
modality are offered different services to anyone who wants to start in
this crime, know nothing about computers but have money to pay: there
are those who will sell the virus, who will mount the collection service
with Bitcoins, and even who will organize the infection.
Thus,
the number of attacks of ' ransomware ' carries bending around the
world since at least 2014, when it began to be a massive attack. The
police can do little against these criminals, shielded in the '
cybercrime ' international, attacking normally to individuals and small
businesses that have no own resources to fight against them, except the
known police report.
There
is already the ' ransomware-like-service ': You can sell the virus,
mount the collection service with bitcoins and even organize the
infection
With
the passage of the years and the impunity of this crime, the amount of
the bailouts has been increasing and its authors have dared with bigger '
fish ', like the system of transport of San Francisco and diverse
hospitals. The attacks of ' ransomware ' are today 70% of all who are
committed to viruses in the world, according to Verizon. We will see
now, when the undertakings concerned are large and many, in an
unprecedented planetary attack, if it is so easy for their authors to
remain safe and sound in their hiding places, in the black caves of the
underground.
0 comentarios: