-
Co-star says Sam Neill battled pneumonia before death
-
Young Australian men falling victim to online sexual extortion: regulator
-
Armenian apricots become geopolitical battleground with Russia
-
New era for Gibraltar as border controls with Spain set to end
-
Jay-Z pays tribute to NY hometown crowd and his 30-year legacy
-
England face might of Messi's Argentina in World Cup semi-final
-
Birthday boy Yamal stands by 'no fear' comment ahead of France clash
-
Spain to go on 'front foot' against France in World Cup semi: De la Fuente
-
Trump slashes two Utah protected areas by more than 90%
-
US strikes Iran for third night as Trump says deal still 'possible'
-
Spain 'favourites' says Deschamps ahead of World Cup semi-final showdown
-
Trump vows to hit Iran 'hard,' impose Hormuz transit fees
-
Norway receive heroes' welcome in Oslo after World Cup exit
-
France and Spain prepare to duel at World Cup
-
Pickford backs England to keep cool in tense Argentina World Cup semi
-
Five Britons among foreign Spanish wildfire victims
-
Oil prices surge on US-Iran attacks; tech shares fall
-
Ukraine allies pledge more air defence, pressure Russia
-
Thomas Tuchel: England's World Cup mastermind
-
'Until the end': The tireless, traumatic search for Venezuela quake victims
-
Mbappe paradox stirs club v country debate as France face Spain
-
Trump expected to shrink protected lands in Utah: reports
-
Trump reimposes Iran naval blockade, threatens Hormuz fees
-
Twelve US states sue to block Paramount's Warner Bros. takeover
-
US vows campaign to end ICC 'threat' to Americans
-
New boss Alonso calls for Chelsea 'hunger', wants Fernandez to stay
-
Yemen govt says hit Sanaa airport, Houthis attack Saudi Arabia
-
Knight excited for future after England career ends in India defeat
-
US judge voids 'improper' Trump tax deal
-
From bombmaking to motorcycle tweaks: how Nigerian jihadists use AI
-
US appeals court revives private cases alleging Tylenol link to autism
-
Edwards vows to 'upskill' England women for Ashes after India defeat
-
Spieth adamant he has more golf majors left in him
-
Hungary MPs pass constitutional tweak to oust Orban-allied president
-
'VAR-gentina?': conspiracy theories swirl ahead of World Cup semi-finals
-
Ukraine allies meet in Paris to boost air defence, pressure Russia
-
Counter-terror police take over investigation into UK politician's killing
-
Fitzpatrick blames betting for golf fans' bad behaviour
-
McCullum sorry for England defeats after 'romantic' finish with Stokes
-
Trump declares Iran blockade back, says US will charge Hormuz fees
-
New boss Alonso calls for Chelsea 'hunger'
-
Uganda opposition leader treason trial starts without lawyers
-
Trump says US reinstates Iran blockade, will be 'paid' for guarding Hormuz
-
Iraola vows to remain true to himself at Liverpool
-
McCullum sorry for England Test defeats after Australia and India losses
-
Volkswagen confirms weighing up to 50,000 more job cuts
-
Trump says US 'taking over' Hormuz as fighting with Iran flares
-
Yemen government says attacked Sanaa airport, reviving dormant conflict
-
Three Britons among foreign Spanish wildfire victims
-
EU sanctions target Russian state-backed messaging app
Hive ransomware: modern, efficient business model
The US Justice Department's shutdown Thursday of the Hive ransomware operation -- which extorted some $100 million from more than 1,5000 victims worldwide -- highlights how hacking has become an ultra-efficient, specialized industry that can allow anyone to become a cyber-shakedown artist.
- Modern business model -
Hive operated in what cybersecurity experts call a "ransomware as a service" style, or RaaS -- a business that leases it software and methods to others to use in extorting a target.
The model is central to the larger ransomware ecosystem, in which actors specialize in one skill or function to maximize efficiency.
According to Ariel Ropek, director of cyber threat intelligence at cybersecurity firm Avertium, this structure makes it possible for criminals with minimal computer fluency to get into the ransomware game by paying others for their expertise.
"There are quite a few of them," Ropek said of RaaS operations.
"It is really a business model nowadays," he said.
- How it works -
On the so-called dark web, providers of ransomware services and support pitch their products openly.
At one end are the initial access brokers, who specialize in breaking into corporate or institutional computer systems.
They then sell that access to the hacker, or ransomware operator.
But the operator depends on RaaS developers like Hive, which have the programming skills to create the malware needed to carry out the operation and avoid counter-security measures.
Typically, their programs -- once inserted by the ransomware operator into the target's IT systems -- are manipulated to freeze, via encryption, the target's files and data.
The programs also extract the data back to the ransomware operator.
RaaS developers like Hive offer a full service to the operators, for a large share of the ransom paid out, said Ropek.
"Their goal is to make the ransomware operation as turnkey as possible," he said.
- Polite but firm -
When the ransomware is planted and activated, the target receives a message telling them how to correspond and how much to pay to get their data unencrypted.
That ransom can run from thousands to millions of dollars, usually depending on the financial strength of the target.
Inevitably the target tries to negotiate on the portal. They often don't get very far.
Menlo Security, a cybersecurity firm, last year published the conversation between a target and Hive's "Sales Department" that took place on Hive's special portal for victims.
In it, the Hive operator courteously and professionally offered to prove the decryption would work with a test file.
But when the target repeatedly offered a fraction of the $200,000 demanded, Hive was firm, insisting the target could afford the total amount.
Eventually, the Hive agent gave in and offered a significant reduction -- but drew the line there.
"The price is $50,000. It's final. What else to say?" the Hive agent wrote.
If a target organization refuses to pay, the RaaS developers hold a backup position: they threaten to release the hacked confidential files online or sell them.
Hive maintained a separate website, HiveLeaks, to publish the data.
On the back end of the deal, according to Ropek, there are specialist operations to collect the money, making sure those taking part get their shares of the ransom.
Others, known as cryptocurrency tumblers, help launder the ransom for the hacker to use above-ground.
- Modest blow -
Thursday's action against Hive was only a modest blow against the RaaS industry.
There are numerous other ransomware specialists similar to Hive still operating.
The biggest current threat is LockBit, which attacked Britain's Royal Mail in early January and a Canadian children's hospital in December.
In November, the Justice Department said LockBit had reaped tens of millions of dollars in ransoms from 1,000 victims.
And it isn't hard for Hive's operators to just start again.
"It's a relatively simple process of setting up new servers, generating new encryption keys. Usually there's some kind of rebrand," said Ropek.
D.Lopez--AT