Cybercriminal Missteps Lead to Victim Data Recovery
This year has already seen some of the largest, most publicized, and sophisticated ransomware attacks in history. From the Colonial Pipeline to JBS Foods and Brenntag, attacks, data-hostage situations and ransom payments are on the rise. And, unfortunately, they’re likely to only get worse.
However, a team of private cyber security experts can finally claim victory, at least a small one. After analyzing the digital footprint of a cybercriminal network, they were able to help some victims recover their hostage-held data, ransom free.
The story begins at the end of the summer. You may recall DarkSide, the cybercrime network responsible for the Colonial Pipeline shutdown. In late summer, months after collecting a $4.4 million ransom for the pipeline attack, the DarkSide network decided to change its name to BlackMatter.
What would seem to be an evasive maneuver to recode the network, the name-change ended up being a game-change, because BlackMatter made a critical error in its new code update.
This error allowed cyber security experts to trace a trail of breadcrumbs back to BlackMatter. It was a slip-up that allowed Emisisoft, a New Zealand-based cybersecurity firm, to enter the network and decrypt some hostage-held data files.
Emisisoft then sent the decryption keys to the rightful data owners, allowing them to regain access, without ever having to pay ransom.
This coding misstep may have cost BlackMatter hundreds of millions of dollars in future ransoms, and likely cost them millions immediately.
This year alone, ransomware and cyber-attacks are likely to cost organizations up to $20 billion in losses. And next year could be much worse.
So, while the Emisisoft sleuths may claim a small victory over BlackMatter, steps must still be taken to prevent attacks in the future, not to merely re-hack the hackers once the money is gone.
Make no mistake, BlackMatter will update code, assuring no infiltration of their network will occur again. And they’ll be back to hacking and holding businesses ransom for millions in no-time.
Its why global industry must be prepared.
ToolCASE, the worlds most advanced transactional artificial intelligence and cybersecurity firm may hold the key. Their RembrandtAi solution has shown to catch cyber frauds in real time, as hackers are entering systems.
This real-time capability allows institutions to detect frauds and attacks as their happening. In fact, their technology is so sensitive, it can detect anomalies amongst billions of data points.
Because of this, RembrandtAi could alert operators to shut down critical systems before they’re hijacked and ransomed.
In a world where cyberattacks are increasingly more common, solutions like those from ToolCASE must be implemented. The only way to prevent ransomware and cyber-attacks is to identify and shut them down live, not after the fact.
You can read more about the Emimisoft re-hack, HERE
Or learn more about the ToolCASE suite of Ai cybersecurity solutions, and how they can save your institution millions if fraud costs and ransoms, HERE
source: https://www.nytimes.com/2021/10/24/technology/ransomware-emsisoft-blackmatter.html