What the Tech? How Ransomware Is Investigated
As ransomware cases surge around the world, companies are spending tens of millions of dollars to deal with an issue that’s decades old.
Ransomware has been around since the late ’90s and while the tactics are the same then as they are now, preventing ransomware hasn’t changed much.
In 2015, I interviewed FBI Special Agent Scott Augenbaum who was tasked with investigating cybercrime. Our first visit, June 9th, 2015 was to discuss Crypto-Locker which is what we call ransomware today.
In that interview, Augenbaum explained the difficulties law enforcement faced when trying to catch cybercriminals. He discussed how ransomware worked, how it found its way onto computer systems, and the only way for individuals to regain their data.
In 2015, most ransomware targeted individuals and their computers. Augenbaum mentioned in the interview that the ransom demand was around $500 payable in Bitcoin.
I found it interesting to look back at that interview and discover much of what Augenbaum said then, applies today.
But cybercriminals using ransomware target multi-billion-dollar companies, governments, health care institutions, police departments, infrastructure, media organizations, and churches.
Augenbaum, who is now retired from the FBI still fights cybercrime by training organizations to prevent the bad guys from infiltrating their systems.
“I hate to say it, but it’s the same issues we’ve been dealing with since 2013,” he said over a Zoom interview.
“So when you start telling me about 2021 and the ransoms and everything, there were signs. There were early warning signs. We could have been addressing those things back 5 years ago but unfortunately, it’s too late.”
By too late, Augenbaum means it’s too late for companies that ignored those warning signs and have been affected by ransomware.
The steps Augenbaum talked about in that 2015 interview remain the best ways to prevent ransomware from taking over a computer or computer network.
“You’re going to get an email from someone you know and someone you trust and they’re going to ask you to click on an attachment or open a link,” he explained.
“When you have someone working at an organization, they’re surfing the internet, they go to a questionable website or a website that’s been infected with a malicious code.”
“We have to make sure we are patching every operating system and every application,” he said. Ransomware most often comes onto a computer through a malicious link in an email. It might appear to come from a friend, a family member, or even someone you work with or work for. It may look legit. It probably will look legit.
Augenbaum suggests looking at your computer desktop and the applications installed and delete or remove the ones you no longer use. “We need to limit our attack surface,” he said.
“How many programs does the average person have on their computer that they are not using? And if you’re not using it, you’re probably not patching it.”
Windows releases updates every few months that installs patches to prevent malware from coming through. Those updates also include patches to holes that have been discovered which could allow malicious attacks.
“You know what concerns me?” asks Augenbaum. “What happens to the small businesses in this country? What happens to churches? What happens to the non-profit associations? What happens to the local media stations when they get hit? They absolutely get destroyed.”
Many companies that did not address the ransomware threat 5-10 years ago likely hoped that someone would have solved the problem by now. Augenbaum says thinks that is as unlikely as it was in 2015.
“There is no one product on the market right now that is going to cover those steps,” he said.
“That’s the problem. There’s no such thing as an easy button to prevent this from happening.” Augenbaum echoed his answer from 2015 when I asked why can’t law enforcement find and arrest the cybercriminals sending out the ransomware attacks.
They’re anonymous. They’re spread out across the world. They use the untraceable Bitcoin for payments.
“No one can arrest the problem away,” he said