The actors behind ransomware tend to fall into two categories: cybercriminal gangs, often based in Eastern Europe, and groups backed by economic outcasts like Iran, Russia and North Korea. Historically the first prefer a shotgun approach; the second behave more like snipers. Here are a few of the groups that have been linked to recent ransomware and are still a threat.
It may seem that the very term “ransomware” wasted little time going from “newish-sounding threat” to expected, constant presence in the news and IT meetings alike. But, of course, it’s ultimately just a modern word for one of the oldest crimes out there—holding someone or something hostage until someone else pays for its release. Nonetheless, as the targets and means of these attacks have evolved, keeping track of it all has become a bit more complicated than a name on a ransom note. The ransomware landscape is constantly shifting as actors change their targets, find new points of attack and think of fresh ways to leverage encrypted data. Hundreds of variants of ransomware have been documented over the past few years, but here’s a cross-section of types posing a threat right now.
Brian Finch recently returned to Joel Simon‘s Industry Insights podcast to discuss the uptick in cyberattacks, data breaches perpetuating insider trading and strategies companies can employ to guard against these problems.
Joel Simon: It’s hard to believe it’s been more than 10 months since you joined us for a discussion of social engineering, fund diversion scams and a then recent escalation of state-sponsored cyberattacks. A lot has changed since then, but not surprisingly cyberattacks have increased and some of their aftereffects have had far-ranging implications. What are you seeing as the biggest threats today?
Companies use a variety of causes of actions to protect their websites from competitors or others wanting to “scrape” data from their site using automated tools. Over the years, legal doctrines such as copyright infringement, misappropriation, unjust enrichment, breach of contract, and trespass to chattels have all been asserted, though many of them have limited applicability or are otherwise imperfect options for site owners. One of the most commonly used tools to protect against scraping has been a federal statute: the Computer Fraud and Abuse Act (CFAA). The CFAA is a cybersecurity law passed in 1986 as an amendment to the Comprehensive Crime Control Act of 1894. Originally drafted to address more traditional computer “hacking,” the CFAA prohibits intentional access to a computer without authorization, or in excess of authorization. Due to both the criminal and civil liability that it imposes, the CFAA has been an effective tool to discourage scraping, with website operators arguing that by simply stating on the site that automated scraping is prohibited, any such activity is unauthorized and gives rise to CFAA liability. An ongoing case between data analytics company hiQ Labs Inc. and LinkedIn questions the extent to which companies may invoke the CFAA as it pertains to scraping of this type of data.
Efforts to regulate cross-device tracking have increased since we last addressed the topic in 2017, following the release of the FTC’s Staff Report. Significant developments include the implementation and enforcement of the EU’s General Data Protection Regulations (GDPR), and the fast-approaching implementation deadline for the California Consumer Privacy Act (CCPA). These regulations, while not targeting cross-device tracking specifically, seek to limit the way in which consumer data is tracked and sold.