BOSTON—Collaboration is important when it comes to fighting ransomware, but the lack of communication around the issue remains a serious impediment, law enforcement says.

“If we don’t know about it and no one keeps track of it, then no one cares,” Frank McLaughlin, a detective with the Boston Police Department’s cybersecurity division said during a SOURCE Boston panel Thursday morning.

Collaboration was a big theme throughout the panel on which McLaughlin was joined by officials from Kaspersky Lab and McAfee.

“It’s incumbent on everyone in the information security industry to communicate how businesses are affected [by ransomware],” McLaughlin said, “We don’t get better as police officers without help from the community.”

McLaughlin said he’s spent the last 20 years dealing with violent crime but recently shifted gears and now helps carry out cyber investigations for the BPD. He acknowledged the BPD doesn’t see a whole lot of ransomware – those cases are mostly reported to the FBI – but he’s learning about it.

The FBI began encouraging ransomware victims to report infections last fall. While McLaughlin couldn’t speak for the FBI, he said the BPD only receives a few calls periodically about ransomware.

“We get a couple of calls here and there but people mostly don’t want to report it to the police because if they fill out a police report it becomes public record,” McLaughlin said.

That stigma – that the public feels the police can’t help them – is tough to overcome, Paul Roberts, the panel’s moderator and editor in chief of The Security Ledger, said.

“These things are washing up in local precincts and people don’t know what to do. It’s like any other endemic problem,” Roberts said.

That’s ultimately a win for attackers, Michael Canavan, head of sales at Kaspersky Lab added.

“The lack of reporting is increasing the success of attackers, “Canavan said. “They know if corporations or individuals are less likely to report it, there’s less of a barrier for entry. There’s a responsibility to report. It helps feed information databases for people like Frank and helps drive up the cost of attacks for attackers.”

The call to action to share more data seemingly comes as ransomware is more popular than ever. Ryan Naraine, the head of Kaspersky Lab’s North America Global Research and Analysis Team said early on in the panel that the trend has grown exponentially.

“It’s a foolproof business model,” Naraine said, “It generates a level of anxiety and desperation; people will pay.”

The fact that attackers are incorporating ransomware into targeted attacks is alarming as well, Naraine said.

“Attackers are using scary APT techniques and tactics to infect organizations, stay there, then sometimes demand one Bitcoin, $1500 per machine to unlock them,” Naraine said. “Attackers are deliberately keeping their prices low – they’re not demanding billions of dollars.”

McLaughlin, who’s taking a Master’s degree class pertaining to computer security, said he’s fortunate to be taking the class with members of the FBI and has time to discuss with them how they can better parse information that comes in. He said he understands that having more data on ransomware attacks and encouraging victims to report such attacks are some of the first steps toward combatting them.

“With the volume of calls we get on a daily basis, it won’t get looked at,” McLaughlin said, “but if we can find a way to collect that information and work with the FBI we could say ‘Hey, those IP addresses came from the same part of the world, maybe this issue isn’t 15 different attackers, it’s 5.'”

Education around the topic should be a focus too, the detective said, suggesting that maybe the threat of ransomware should be treated like a warning riders see on the subway or on the highway.

“If we had a PSA, even a billboard geared toward physical safety with a clear and concise message and link, it could help,” McLaughlin said, “From a policing standpoint I can’t protect you from getting robbed every day, I can’t protect you from getting shot but there are things that fall on us as individuals, we should have a duty and an obligation to do an awareness campaign or something.”

Photo via Jennifer Stitt

Categories: Malware

Comment (1)

  1. GT500
    1

    If he wants to learn about ransomware, then tell him to get on BleepingComputer. There’s tons of information there, and I’m sure if law enforcement officers actually wanted to collaborate with the malware analysis experts who hang out at sites like BleepingComputer then many of them would more than likely be happy to share information about ransomware with the police.

    Reply

Leave A Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>