Links

Columnists



Site Search


Entire (RSS)
Comments (RSS)

Archive Calendar

October 2020
S M T W T F S
 123
45678910
11121314151617
18192021222324
25262728293031

Guides

How to Become a Bounty Hunter



Tag: ransomware

A Detroit FBI Agent Talks About the Growing Menace of Ransomware

Jason Bilnoski: " These people are very sophisticated and very technical."

Jason Bilnoski: ” These people are very sophisticated and very technical.”

By Allan Lengel
ticklethewire.com

DETROIT — Someone hacked into the computer system at the city-run Lansing Board of Water & Light last  April 25,, froze certain files and demanded that the utility pay a ransom to regain access.

Things are back to normal, but the city paid nearly $2 million to address the issue and upgrade its security system, according to the Lansing State Journal. A utility official indicated the hack came from Eastern Europe.

Stephen Serkaian, a spokesman for the utility, declined to comment to Deadline Detroit on Friday about rumors that the utility paid “thousands of dollars” in ransom to regain control of its corporate internal communication, emails and functions for billings. No utility services or customer-employee information was compromised, he said.

The utility was target of the growing problem called ransomware in which hackers encrypt files, freeze access to computers of private and public companies and individuals and then demand a ransom that can range from hundreds to thousands of dollars. Once paid, the hackers release the files, but not always. Sometimes they collect the money, but release just some, but not all.  Sometimes they take the money and don’t release any.

It’s growing problem in Michigan and elsewhere around the country. So far this year, there have been more than 1,300 incidents reported in Michigan alone, according to the FBI, which pegs the costs of ransom payouts, fixes and computer security upgrades in the state at about $2.6 million to date. Many of the culprits come from Eastern Europe.

In the case of the Lansing utility, the Detroit FBI, which covers Michigan, declined to comment on the case, only to say that no one to date has been charged. The utility says that the FBI and Michigan State Police are investigating the matter.

The FBI advises against paying ransoms, and urges companies and individuals to back up systems and implement proper security. (Guidance is here).

Ticklethewire.com recently sat down with FBI Supervisory Special Agent Jason F. Bilnoski, head of the bureau’s Detroit Cyber Squad. This interview was also published in Deadline Detroit.

The following interview was trimmed for brevity. The questions has been edited for clarity.

DD: When did ransomware first come on the scene?

Bilnoski: Ransomware has been around for years now, since the early 90s, but ransomware has become prevalent in the last few years. As with in any criminal scheme, when actors realize that It works, they pick up with their activities.

DD: Basically, how does someone hack into a system?

Bilnoski: Ransomware traditionally used to be a spear phishing campaign or phishing campaign. It used to be wide open. You’d send a company a spam email or spoofed email of sorts to everyone in the company. But over the past few years they’ve become very targeted and very precise. It’s extremely hard for those on the victim end of the side to understand: Is this a legitimate email with a legitimate file from, say, my CEO, my supervisor? Or is it a spoofed or a malicious file or malicious link?

DD: Is that primarily how hackers get in the system?

Bilnoski: Absolutely. No matter how we educate our employees within the private sector, the studies have shown that somebody within the organization is unfortunately going to click on that link.

DD: How does that work after that?

Bilnoski: That malware takes over the system usually without the user knowing initially, and at some point to where they no longer have access to their file or network. In some cases they have a message that pops up on their computer screen, saying basically “your system has been hacked, you need to pay a certain amount of money by a certain time or you will no longer get access to your system.”

DD: The money payment. How does that work?

Bilnoski: Over the years it has gotten more sophisticated and harder for law enforcement because of use of anonymizers. Specifically, Bitcoin is one of these electronic currencies that is very hard for law enforcement to follow and track due to the use of it being anonymized through the system. Bitcoin is the primary means of paying ransoms. And Bitcoin can fluctuate in value.

bitcoin_23672

 DD: What is the value of a Bitcoin?

Bilnoski: It changes daily. I believe at last check it was somewhere around $200 to $250 a Bitcoin.

DD: What have you seen in Michigan so far this year:

Bilnoski: I think we’ve had over 1,300 cases reported in Michigan to date this year. 1308 to be exact. So far, the adjusted loss is a little over 2 ½ million dollars for corporations and organizations.

DD: When you say adjusted loss, is that ransom payments?

Bilnoski:  Adjusted loss is initial demands and also the financial losses of a company, certain mitigation efforts, whether or not the company is taken off line.

DD: What do you see in terms of actual payments? 

Bilnoski: I don’t want to get into specific payments for simple reasons: I don’t want to put fictitious numbers in an actor’s mind, but it could be a very small number. What we do advocate is that companies and organizations do not pay the ransom, just like we would advocate on any other type of extortion or ransom scheme. The problem paying is that it encourages additional actors, it encourages additional victims and there’s no way of guaranteeing that a victim organization will have their files released if they pay that ransom.

Read more »