Europol reports on the most predominant cyber crimes with ransomware in the the front line: Why is it so?

In September Europol released the 2017 Internet Organized Crime Threat Assessment (IOCTA) report on evolving cyber crimes, future recommendations, and tendencies of the past 12-month period. The report focuses on cyber-dependent crime such, including ransomware and DDoS attacks; payment fraud, online child sexual exploitation, and online criminal markets. Researchers have observed a decline in the use of exploit kits and criminals' increased interest in other malware infiltration methods, such as the use of spam botnets and social engineering.

The report presents the latest project named No More Ransom and recommends that law enforcement work together with the private sector on prevention initiatives. It is stated that many sectors are vulnerable to cyber crimes due to insufficient knowledge about potential attacks. Employees and the public in general should be educated to recognize fraudsters' attempts to deceive them and respond accordingly. Simultaneously, educators and parents should be engaged in raising the awareness of the risks of choosing coding as a means for crime. Moreover, the report highlights the necessity for law enforcement to cooperate with Europol for a common purpose to analyze malware. ommended thatcyber crimes due to adequate knowledge about potential attacksnt work together with the private s

In this overview, we focus on ransomware, which vary in targets and the damage done, due to its wider target profile. In general terms, the primary target of cyber-based crimes are vulnerable software, unsecured Internet-connected devices, including mobile devices; networks, and users with their sensitive information.

According the report, ransomware and information stealers are the most predominant threats dealt with by EU law enforcement. Unlike banking Trojans the purpose of which is to steal sensitive information, ransomware can be applied to infect multiple industries, including private and public sectors. Moreover, the difficulties that arise due to the complexity of monetization related to the data obtained by data-stealing malware swifts cyber crooks to ransomware, which is much easier to monetize. Attackers employ anonymous cryptocurriencies to collect the ransom money, the most popular of which is the Bitcoin currency. Monero, Ethereum, and Zcash are three money transaction systems that are gaining popularity in the digital underground.

The two strains of ransomware Locky and Cerber are the most prominent threats of 2016. The list could be continued by adding some other damaging threats such as CTB_Locker, Cryptowall, Crysis, and Teslacrypt.

In May 2017, up to 300,000 computer in over 150 countries were infected by the WannaCry ransomware, the profit of which surprised security experts. It was estimated that less than 1 percent of the victims agreed to pay the money demanded. The threat used a Windows SMB exploit named EthernalBlue to infect both the private and public sectors, the latter one includes UK's National Health Service, logistics company Fed-Ex, Spanish telecommunication company Telefónica, and some other worldwide famous companies. Another WannaCry attack was launch a month later after Microsoft released a patch for the exploit. Even though the attackers neglected to earn considerable sums of money, they cause havoc and considerable data losses to the affected sectors.

Soon another attack by the Petya ransomware using the same exploits as WannaCry was launched to hit over 20,000 victims in over 60 countries. Mainly European computer were targeted, with more than 70% of the total victims based in Ukraine. The report indicates that over 50% of the business affected by the Petya ransomware were reported to be industrial companies. It was also suggested that the attack was staged to resemble a ransomware attack, the primary goal of which was to destroy data.

In response to the rapid evolution of ransomware, the Dutch National Police, Europol and some other entities joined their force against crypto-malware by launching a project named No More Ransom. At the moment, the project includes over 100 partners working jointly to help ransomware victims. The campaign is available in 26 languages and has 54 decryption tools that have helped more than 29,000 victims to fix their encrypted files and save victims as much as 8 million Euros in ransom.

Europol is determined to involve various institutions in raising the public's awareness of cyber threats so that potential damage could be minimized. It is apparent that malware distribution methods are changing, and it is expected that law enforcement will adapt to the ongoing changes. As for home computer users, it is highly advisable to take as much preventative measures of cyber attacks and stay aware of possible attempts of being deceived by cyber fraudsters.