Ahhh hello again. Cyber McNasty here. I appreciate I haven’t written in a while – apologies for that. To be honest I have been that busy being nasty and making friends (hacking) with new clients that I simply haven’t had time to write.
In case you were wondering, life has been good to me lately. Covid has really impacted my line of work. In a good way – all those people remote working, using their own devices and not being disciplined in updating the operating software and applications. Similarly, people have been living their lives so much more on social media. I love it! This makes it much easier to find people and then social engineer them to my advantage. It truly amazes me that they either have not worked out how to implement their privacy settings, or that they simply cannot be bothered. Either way, as always, I am very grateful.
What else…? Oh, you may be interested to know, I have moved. Gibraltar has proven to be such a lucrative income stream that it made sense for me to relocated here. Expensive? Well, yes, but the pay days I have enjoyed just recently, thanks to you, means that I can afford it.
Just recently, I have expanded the services my business offers to my friends (well victims). I still spend a lot of time intercepting emails and diverting payments, but my team (well bots) are so well programmed that it just runs itself these days. To tell you the truth, I had become a little bored and fancied a new challenge.
So, to keep you up to date, I now offer ransomware attacks to my ill-prepared business friends.
What’s ransomware I hear you ask?
Well, to put it simply its where I gain access to your devices and networks; lock you out of it; encrypt all your data; and stop you from being able to operate. I then contact you and demand a ransom in recompense for allowing you back in. No payment, no access. Simple.
I love the chaos this creates. People simply do not realise how access to devices and online information and systems dominate their lives; how much we expect and rely on this access; and the impact that occurs when this access is removed. It is crippling. Imagine what would happen if you lost access to your laptop. How would you cope without access to your emails, your client and contacts data, your online files, access to your website and its data? And that’s only your information technology. What about your operational technology?
So how do I do it? Two ways really. Firstly, I make friends – as always. I really am a social animal. Gibraltar is such a great place to grab a beer, people watch, listen and make friends. Identifying specific individuals, who work at a place of opportunity and then social engineering them by gathering information from social media and the dark web, will always be the first step in my criminal line of work – call it reconnaissance to use military terminology. But I covered this in my last letter, so I do not want to cover old ground.
The second way is to set up a WIFI network for you to connect to. By doing so, you give me direct access to your devices and network. How do people fall for this? Well, as we have already discussed people expect access to WIFI. Speed and ease of access is their motivation, not necessarily the security of that access or who is providing it. They really are willing to connect to anything to get their data fix.
What surprises and delights me is the lack of preparation to prevent ransomware attacks or processes to deal with an attack should it happen. I mean, the fact is that ransomware attacks are not new. There are hundreds of stories online detailing my, and my comrades previous exploits. Is it the most likely form of cyber attack? Well, no. Email interception and invoice/payment tinkering will always be more prolific; however, ransomware is not difficult and with smart devices and the internet of things will only increase.
There really is no excuse not to be prepared.
“But it’s hard and expensive,” I hear you say. Not relative to the crypto ransom I am going to demand from you; the disruption and loss of revenue I am going to cause; and then the cost of fixing the problem so it does not occur again. As the saying goes: prevention really is better than cure.
The reality is that I and ransomware attacks are not going to go away. So, if I am being honest, for my sake and my bank account’s I really would rather you continued to ignore the problem so I can hack you and hold you to ransom. I look forward to seeing you soon.
Michael Wills is co-founder and chief data officer for CSS Platinum.