Cisco Talos: interview with a hacker about ransomware attacks

Cisco Talos: intervista ad un hacker degli attacchi ransomware

Cisco Talos interviewed “Aleks”, a hacker active in the ransomware attack landscape. Let’s find out something more together

At the end of 2020, Cisco Talos identified and made contact with one of the protagonists of the ransomware threats. Alex, this is the invented name adopted for the occasion, he agreed to share some details about his “profession”. In this way he revealed very important information that is almost never considered by security professionals: the human side of threats. Let’s see the profile of this man in more detail.

Talos gained Aleks’ trust just as the latter was trying to steal critical information to use in his activities. By learning about the hacker from a human side, Talos managed to understand what prompted him to engage in cybercriminal activities, how he selects his goals and what his thoughts are on the current ransomware threat landscape.

The Hacker Professional Background Behind Ransomware Attacks | Cisco Talos Interview

Aleks leads an ordinary life: loves music, history, cooking, has deadlines at work and dedicates his free time to family and hobbies. Nothing more than an ordinary man like everyone else. The hacker is a man of about 30, residing in the Siberian region and most likely has a college-level education and has been working in the rasnomware world for several years.

Cisco Talos: interview with a hacker about ransomware attacks

Claims to have self-taught the skills needed for penetration testing, network security, and how to work with threat intelligence, both open-source and the cybercriminal underground. In the early 2000s he gained a good understanding of the network and its protocols and began to focus on markup and scripting languages ​​such as HTML, CSS, and JavaScript.

This knowledge, linked to the study of small web frameworks, helped him find a job at an IT company as he finished his studies. After graduation he continued to work in the IT field. There strong disappointment for not having been appreciated and listened to by the computer industry and for never having received an adequate salary for his acquaintances, he pushed Aleks towards the “dark side”.

The highlights of the Cisco Talos interview with the hacker

  • Hackers are constantly looking for unpatched systems, a quick and easy way to break into company networks. Patching management can be complicated, especially for large companies.
  • Most cybercriminals rely almost exclusively on open-source tools that are readily available on the Internet – the quickest and most effective way to bring an attack without having to use more sophisticated tools.
  • Cybercriminals are often self-taught and avid consumers of security news and keep up to date with the latest research and vulnerabilities, using this information for their own attacks. Companies should encourage their security teams to continue learning by not only obtaining certifications but also by keeping up to date and closely following trends in the cyber threat landscape.
  • Cybercriminals aim to hit the simplest targets regardless of any moral obligation. Despite Alek’s statements on the ethics of the attacks, Talos believes that schools, health care realities and those related to COVID-19 remain important targets.
  • Although no longer active, the use of the Maze ramsonware was based on a franchise with a real affiliate program. As with Maze, enabling the use of Lockbit also requires a selection process and a sharing of profits. Also, keeping your word to the victim is an important part of LockBit’s business model.

Cisco Talos: interview with a hacker about ransomware attacks

Instead, they are listed below some statements of Aleks which provide a further look at the current ransomware attack scene:

  • Hospitals are considered to be easy targets to hit and make the payment of the ransom with percentages ranging from 80% to 90%.
  • The GDPR of the European Union plays in favor of the “bad guys”: Victims of ransomware in Europe are more likely to pay the ransom to avoid the legal consequences of an attack if it becomes public. The United States is also a target, but since it is mandatory to report all violations suffered to the authorities, the interest in paying a ransom is often lower.
  • Maze managers withheld up to 35% of profits generated by its affiliates’ ransomware attacks– an extremely high percentage compared to other groups that discouraged some hackers from working with them.
  • Hackers seem to have a rather contradictory code of ethics: Aleks, for example, expresses strong contempt for those who attack health care organizations but, at the same time, provides weak evidence that they are not his target.

In short, from this interview by Cisco Talos to hacker Aleks various and sometimes contradictory profiles emerge. To push hackers to act like this can be the most disparate reasons and for this reason sometimes they can lose their humanity. Certainly becoming a hacker would be avoided, but who can judge them for their choices? Let us know what you think about it in the comments. In the meantime, I would like to point out our article regarding the phishing campaign that is taking place on the occasion of Valentine’s Day. In order not to miss further news regarding the software universe, keep following the pages of tuttooteK!