Podcasts
Word Notes
Ep 110
Word Notes 8.2.22
Ep 110 | 8.2.22

Pseudoransomware (noun)

Show Notes
Transcript

Rick Howard: The word is: Pseudo-ransomware.

Rick Howard: Spelled: Pseudo as in something disguised as something else and ransomware as in a type of malware designed to encrypt data for financial gain. 

Rick Howard: Definition: Malware, in the guise of ransomware, that destroys data rather than encrypts.

Rick Howard: Example sentence: The goal of pseudo-ransomware also referred to as wiperware is to cripple the victim's systems rather than offer the opportunity to decrypt them. 

Rick Howard: Origin and context: Typical ransomware crews, cyber criminals, encrypt their victim's data and demand a ransom payment in exchange for the decryption key. But, there isn't a lot of incentive on the criminal end to put much care and attention into the recovery part of the exchange. A study by proven data in 2020 found that in April of that year, criminals that received payment delivered the decryption keys 89% of the time. Out of those cases though, 31% of the victims required a lot of help and time to completely recover.

Rick Howard: Although the cyber criminal's didn't use pseudo-ransomware for all intents and purposes, the impact was the same. The criminals didn't destroy the data per se. They just made it unusable for a long time. They didn't care how much chaos they injected into the victim systems. They got their money. 

Rick Howard: In contrast, some nation state actors, to deflect attribution, use pseudo-ransomware to deceive their victims and investigators into thinking that they are cyber criminals. In reality, they use it as a smoke screen to cover other more nefarious actions to either bring in more revenue to fund their operations or to hobble their enemies in a continuous-low-level-cyber conflict kind of way.

Rick Howard: According to the U.S. Department of Justice, North Korean hackers used pseudo-ransomware to cover their tracks as they went after Taiwan's Far Eastern International Bank in 2017 to compromise the SWIFT system, the massive financial artery that connects banks, financial institutions, and governments worldwide. 

Rick Howard: From "Sendworm," Andy Greenberg's cybersecurity cannon hall of Fame book about the Russian cyber attacks in Ukraine from 2014 to 2017, the Russian GRU or Main Intelligence Directorate modified the ransomware called Petya originally created by the North Koreans into a pseudo-ransomware, eventually named NotPetya.

Rick Howard: The impact was that they compromised some 300 companies within seconds of delivery and a Ukrainian ISP estimated that at least 30 of those companies were totally burned to the ground. Big companies were also brought to their knees like Merck with over $870 million in recovery costs, FedEx, TNT $400 million, Saint-Gobain, $384 million and Maersk with over $300 million in recovery costs. The white house low ball estimate of the total damage was just over $10 billion. That's billion with a. 

Rick Howard: Nerd reference: In the 2008 movie, The Dark Knight, directed by Christopher Nolan, Bruce Wayne played by Christian bale, has a discussion with his butler, Alfred, played by Michael Caine about the nature of some chaotic men. Who are not motivated by the traditional things that typical criminals desire, like running a business, even if it's criminal. Some men just want to tear the system down or don't care that they tear the system down as long as they get what they want.

Bruce Wayne: Criminals aren't complicated, Alfred. We just need to figure out what he's after. 

Alfred: With respect master Wayne, perhaps this is a man you don't fully understand either. A long time ago, I was in Burma, my friends and I were working for the local government. They were trying to buy the loyalty of tribal leaders by bribing them with precious stones.

Alfred: But their caravans were being raided in a forest, North of Rangoon, by a bandit. So we went looking for the stones, but, in six months we never met anyone who traded with him. One day, I saw a child playing with a ruby the size of a tangerine. The bandit, had been thrown them away. 

Bruce Wayne: So why steal that? 

Alfred: Well, because he thought it was good sport because some men aren't looking for anything logical like money. They can't be bought, bullied, reasoned, or negotiated with. Some men just wanna watch the world burn.

Rick Howard: Word Notes is written by Tim Nodar, executive produced by Peter Kilpe, and edited by John Petrik, and me, Rick Howard. The mix, sound design, and original music have all been crafted by the ridiculously talented Elliott Peltzman. Thanks for listening.

Word Notes
Podcast Info
HOST(S):
Rick Howard
Rick Howard is the CSO of N2K and the Chief Analyst, and Senior Fellow at the N2K Cyber, formerly CyberWire. His past lives include CSO at Palo Alto Networks, CISO at TASC, the GM at Verisign/iDefense, the Counterpane SOC Director, and the Commander of the Army's Computer Emergency Response Team (CERT). Rick served 25 years in the Army, taught computer science at West Point, edited two books and just published his own book, "Cybersecurity First Principles: A Reboot of Strategy and Tactics" and he is regularly joined at the N2K Cyber's Hash Table by a collection of industry experts.
Schedule: Tuesdays
Creator: CyberWire, Inc.
ADVERTISEMENT
Sponsored by Strata Identity
Sponsored by Strata Identity

Strata, the #1 platform for Identity Orchestration, integrates multi-cloud and hybrid identity infrastructure and allows enterprises to enforce consistent identity and access policies. Strata empowers IT and cybersecurity teams to architect identity that’s forever modern and permanently flexible. Learn more.