Monetizing a hack is the hard part. For a while hackers tried to impersonate the user and access their bank accounts, or they would try to steal something fungible like CCV and PII… but those methods became harder and less reliable.
Ransomware solved this by coercing the user to act as the hacker’s agent to do monetization. The data on any given computer is basically worthless to anyone but the owner. No one is going to buy a folder of family and friends pictures from Grandma. But grandma will pay anything to get those photos back.
This technique is clearly a natural future progression of cyber crime. It will also be used as cover for destructive attacks, and as obfuscation for other attacks. Innovation in cybercrime creates new opportunities for exploitation.
Apparently some “online influencer partnership agencies” in Poland got hacked. The hacker calling themselves “The Penetrator” wants some cryptocurrency in ransom and threatens the victims with releasing “massive amounts” of data, including contracts.
Today’s crimeware is tomorrow’s cyber warfare toolkit
Very important: cyber criminals and hacker communities frequently innovate techniques and technologies that are adopted by state security forces. There are strong reasons for innovation by hackers and criminals, tighter feedback loops, more incentives, and more creative latitude, among many…
Why this matters
Ransom is simply applied coercion, and there are many ways to coerce someone once you have their data. This is the next step in ransomware, or cyber enabled coercion. There is no reason to limit the method of coercion. Just a few options off the top of my head:
- destroying data (which encryption ransomware typically threatens),
- releasing data,
- locking access to online accounts (easier with password manager adoption),
- posting browser history online and mailing the link to Contacts,
- Searching Photos for >N% skin tones, and mailing to all Contacts / post online
The future of coercion is bright. Hell, it may even be the entry vector for ML/AI into the cybercrime market!