-
Experts urge caution as demand grows for AC in heatwave-hit UK
-
Immobilised by heatwave, handicapped man sues Austria in rights court
-
Thousands flee raging wildfires in southern Europe
-
Bellingham tells England to believe after Mexico masterclass
-
Tuchel hails 'heroic' England win in Mexico, but joy soured by Henderson injury
-
'Major' damage as super typhoon hits US islands
-
Bellingham savours 'best night of England career' after Mexico heroics
-
Kane says England found a way to win
-
Ancelotti fails in mission to end Brazil's World Cup woe
-
England, Norway advance at World Cup, FIFA ruling triggers uproar
-
Bellingham powers 10-man England past Mexico, into World Cup quarters
-
Asian markets mixed as tech recovery stutters, oil slips
-
Canada's McIntosh breaks 200 fly world record, oldest in women's swimming
-
Russia launches deadly barrage on Kyiv region on eve of NATO summit
-
Norway dance to Haaland's beat in 'surreal' World Cup run
-
'Major' damage as Super Typhoon Bavi hits US island of Rota
-
Daddy issues? NATO's Rutte sticks to charm to keep Trump on side
-
Australia signs defence alliance with Pacific nation Fiji
-
Norway's World Cup win over Brazil beyond my dreams, says Haaland
-
Philippine Senate trial to decide VP Duterte's political future
-
Neymar calls time on Brazil career after World Cup elimination
-
Australia PM apologises for Kylie Minogue comments
-
Ancelotti promises Brazil will bounce back after World Cup exit
-
Penalty save inspired Norway, says 'keeper Nyland
-
Mexico-England World Cup match delayed one hour due to storms
-
As Venezuela quake deaths pass 3,000, attention turns to mourning, burials
-
Gotterup wins PGA John Deere after Kohles splashdown
-
FIFA clear US star Balogun to play in World Cup after Trump call
-
Haaland knocks Brazil out of World Cup as Norway reach quarters
-
Gauff downs Bencic to book maiden Wimbledon quarter-final
-
'Catastrophic' Super Typhoon Bavi hits US island of Rota
-
Spain boss backs Yamal to sparkle in Portugal World Cup showdown
-
West Indies trail Sri Lanka by 231 runs
-
Australia's World Cup final win vindicates Molineux's self-belief
-
FIFA clear US star Balogun to play after Trump call
-
Sinner powers into fifth straight Wimbledon quarter-final
-
Venezuela quake survivor 'reborn' after eight days in rubble
-
Euphoric homecoming for Cape Verde after heroic World Cup run ends
-
Red-card U-turn rocks World Cup as England face Azteca test
-
White supremacist march in DC just 'messy' democracy, official says
-
Struff oldest first-time men's Slam quarter-finalist in Open era
-
'Perfectionist' Djokovic not happy to win ugly at Wimbledon
-
Banana!: 'Minions' knocks 'Toy Story' off N.America box office perch
-
'Catastrophic' Super Typhoon Bavi aims at US Pacific island Rota
-
Sabalenka wants to drink, 'forget about tennis' after Wimbledon exit
-
Reflective Ronaldo takes on critics 'trying to kill me for 23 years'
-
Mooney stars as Australia hammer England in women's World Cup final
-
Verstappen claims Red Bull car 'dangerous' after crash
-
Djokovic makes history, Osaka sends Sabalenka crashing out of Wimbledon
-
Trump thanks FIFA for suspending USA's Balogun World Cup ban
Hive ransomware: modern, efficient business model
The US Justice Department's shutdown Thursday of the Hive ransomware operation -- which extorted some $100 million from more than 1,5000 victims worldwide -- highlights how hacking has become an ultra-efficient, specialized industry that can allow anyone to become a cyber-shakedown artist.
- Modern business model -
Hive operated in what cybersecurity experts call a "ransomware as a service" style, or RaaS -- a business that leases it software and methods to others to use in extorting a target.
The model is central to the larger ransomware ecosystem, in which actors specialize in one skill or function to maximize efficiency.
According to Ariel Ropek, director of cyber threat intelligence at cybersecurity firm Avertium, this structure makes it possible for criminals with minimal computer fluency to get into the ransomware game by paying others for their expertise.
"There are quite a few of them," Ropek said of RaaS operations.
"It is really a business model nowadays," he said.
- How it works -
On the so-called dark web, providers of ransomware services and support pitch their products openly.
At one end are the initial access brokers, who specialize in breaking into corporate or institutional computer systems.
They then sell that access to the hacker, or ransomware operator.
But the operator depends on RaaS developers like Hive, which have the programming skills to create the malware needed to carry out the operation and avoid counter-security measures.
Typically, their programs -- once inserted by the ransomware operator into the target's IT systems -- are manipulated to freeze, via encryption, the target's files and data.
The programs also extract the data back to the ransomware operator.
RaaS developers like Hive offer a full service to the operators, for a large share of the ransom paid out, said Ropek.
"Their goal is to make the ransomware operation as turnkey as possible," he said.
- Polite but firm -
When the ransomware is planted and activated, the target receives a message telling them how to correspond and how much to pay to get their data unencrypted.
That ransom can run from thousands to millions of dollars, usually depending on the financial strength of the target.
Inevitably the target tries to negotiate on the portal. They often don't get very far.
Menlo Security, a cybersecurity firm, last year published the conversation between a target and Hive's "Sales Department" that took place on Hive's special portal for victims.
In it, the Hive operator courteously and professionally offered to prove the decryption would work with a test file.
But when the target repeatedly offered a fraction of the $200,000 demanded, Hive was firm, insisting the target could afford the total amount.
Eventually, the Hive agent gave in and offered a significant reduction -- but drew the line there.
"The price is $50,000. It's final. What else to say?" the Hive agent wrote.
If a target organization refuses to pay, the RaaS developers hold a backup position: they threaten to release the hacked confidential files online or sell them.
Hive maintained a separate website, HiveLeaks, to publish the data.
On the back end of the deal, according to Ropek, there are specialist operations to collect the money, making sure those taking part get their shares of the ransom.
Others, known as cryptocurrency tumblers, help launder the ransom for the hacker to use above-ground.
- Modest blow -
Thursday's action against Hive was only a modest blow against the RaaS industry.
There are numerous other ransomware specialists similar to Hive still operating.
The biggest current threat is LockBit, which attacked Britain's Royal Mail in early January and a Canadian children's hospital in December.
In November, the Justice Department said LockBit had reaped tens of millions of dollars in ransoms from 1,000 victims.
And it isn't hard for Hive's operators to just start again.
"It's a relatively simple process of setting up new servers, generating new encryption keys. Usually there's some kind of rebrand," said Ropek.
F.Pavlenko--BTB