Computers in the city of Atlanta, capital of the state of Georgia in the southern United States, were attacked by hackers on Thursday. The hackers demanded a ransom … in bitcoins, this cryptocurrency alternative to traditional currencies. According to local media, the ransom is $ 51,000. Mayor Keisha Lance Bottoms said the cyberattack, far from being the first of its kind in the world, resulted in the shutdown of several applications, including those that were used by users to pay their bills or to access legal information. The city’s mayor called the situation “very serious,” saying she became aware of the attack Thursday morning, discovering unusual activity on the servers. The FBI and the Department of Homeland Security have been asked to participate in the investigation.
The Atlanta hackers, suspected of using pirated software developed by the NSA (US National Security Agency) are said to be the “Shadow Brokers”. This set of hackers is known in particular for having unveiled in 2016 the spy tools of a cyber-espionage group linked to the NSA. The Shadow Brokers also publicly uploaded an exploit (a piece of software that exploits security vulnerabilities) called EternalBlue, which is behind the two biggest ransomware cyberattacks: WannaCry and NotPetya.
“It’s profitable”
Since last year, “extortionist” or “ransomware” cyber attacks have hit more than 200,000 companies, hospitals and government agencies in 150 countries. In 2017, the English health system was blocked, but Germany was also hit by such an attack. So how do you explain this effective increase in cyber attacks? “It’s very simple, it’s profitable” explains to Figaro Gérome Billois, Wavestone cybersecurity expert. “Ransomware is a fairly straightforward attack that earns money. There are investment returns that can go up to 1000%. So these are attacks that people will be able to carry out for a few thousand euros and which behind will collect tens or even hundreds of thousands of euros, ”he explains. But the advantage is also that the bitcoin is supposed to ensure the anonymity of the ransom, which makes it difficult to identify the cybercriminal.
In addition, the cyberattack carried out in Atlanta this Thursday is a “targeted” attack, assures Gérome Billois. “There are two types of attacks: the indiscriminate ones that are in emails, attachments, etc., and which will aim to water as widely as possible. The hackers will then demand a ransom of around $ 300 on each computer. Then there are the targeted attacks like in Atlanta and which have been in effect since 2016, with attacks on hospitals, cities, businesses, and where hackers will find loopholes in the security system of companies, block this company and demand a ransom that amounts to tens of thousands of dollars, ”he says.
And yet, on multiple occasions, victims of cyber attacks either refuse to pay or make a much smaller payment than the original ransom demanded. Why? “Because there are cybercriminals who, after payment, do not give the key needed to unlock the computers.” This is why some companies, cities, states do not pay the ransoms. Even by making the payment, they are not guaranteed to recover their data and “must call on experts to find them,” notes Gérome Billois. “This only works in 50% of cases”, he laments, specifying that in some cases “companies have had to file for bankruptcy as in Clermont-Ferrand” (the Clermont-Pieces company), which had to close shop, having lost all its customer files and data.
A risk for States: “it can hurt very badly, very quickly”
In addition, Gérome Billois notes that last year, two large-scale attack campaigns were carried out at the international level (Notpetya – which was ultimately not ransomware – and WannaCry). “So yes, there is a risk that a State could be largely affected by blocking software which replicates itself from computer to computer on its own and which then affects a large part of the economic fabric.” States are trying to anticipate this risk, according to the expert, but he affirms that it remains “very complicated”, explaining that this type of attack “can hurt very, very quickly”.
To prevent these malicious actions, Gérome Billois underlines that it is necessary “to cut the problem at the source then to succeed in prosecuting the cybercriminals”. “Not paying the ransoms” would be a way of drying up the source. “Making the payment does not first of all make it possible to recover the files but in addition, it finances the attack according to” specifies the expert. He indicates that it is extremely difficult to manage to prosecute the criminals, who act outside their country of origin, and to condemn them because there is a “weakness in international law and in cooperation between the police”. Anonymity also complicates the prosecution of the cybercriminal. But this is not a brake because despite this, “bitcoin is traceable when the person converts it into real currency, allowing the person to be found”.
–
