Cyber Threats No1 Ransomeware

Ransomeware is cyber threat No1

It is notable that one of Dr Who’s worst enemies was the Cybermen; Emotionless Machines (i.e. computers).

Here is how RANSOMEWARE operates - described as metaphor

Imagine someone steals your computers, and offers to return them in exchange for an amount of money. The amount may be small or enormous. They have also destroyed all your backups. IF you pay them, they may or may not actually return all your gear. When all is said and done these are crooks so cannot be trusted, of course.

and without the metaphor

They do not physically steal your kit. Via the internet they gain access to your computers’ data and make it inaccessible to you until you pay them for the secret code needed to gain access. The process is called “encryption”, and that needs a “key” to de crypt it. What you pay for is that “key”, which may or may not work. When all is said and done, these are crooks so cannot be trusted, of course.

To pay or not to pay?

IF you pay them, they may or may not actually return all your gear / give you the decryption key. As I have said above, they are crooks so cannot be trusted. On top of this they may engage in further extortion by demanding payments to not publish your data on the internet; in other words blackmail.

“My system is secure they cannot gain access”. Yes. They can with frightening ease.

Here’s the problem, they gain access by acquiring internal credentials. They do this by various methods, the two most common are “phishing” and “man in the middle” (MITM) attacks.

https://en.wikipedia.org/wiki/Phishing

https://en.wikipedia.org/wiki/Man-in-the-middle_attack

Where large sums of money are involved they will even acquire physical access to systems such as those in data centres, for example by renting the rack next door so all they need is to crack a lock. Similarly physical access to server rooms at your site by using staff credentials etc.

Identity theft

Theft of your data allows the opportunity for identity theft.

https://en.wikipedia.org/wiki/Identity_theft

That link is salutary reading.

So they can empty your bank accounts, make purchases in your name, buy cars (etc) and take out loans and overdrafts pretending to be you. They will brazenly use the telephone masquerading as you and even present themselves in person (not to you of course).

Beware who has your details capable of being used like this, your nearest and dearest (especially the elderly) and your employees can be vulnerable innocent targets for giving away your identity data. There is no substitute for training, but having it taken seriously can be a challenge.

What is the first thing banks ask for? Date of Birth. What does everyone disclose to Facebook and others? Date of Birth. And so on.

August 25, 2025

Cyber Defences There is no defence against the malware known as Ransomeware. There are now many many attempts at defence, but ANYTHING attached to the internet is

Decision Making How (not?) to make decisions The idea I follow is that a decision is a choice made with insufficient information. Of course the information may be

Cyber Threats No1 Ransomeware

Previous post

Next post