Cybercriminals’ new modus operandi? Stealing data for ransom

Maan Macapagal, ABS-CBN News

Posted at Mar 23 2017 09:14 PM

MANILA — The Philippine National Police (PNP) warned the public about a new type of cybercrime targeting laptop and mobile-phone users.

The PNP discussed the details of the so-called "ransomware" during the 4th National Summit on Cybercrime in Camp Crame.

Using a special software, cybercriminals can lock a user out of his or her personal laptop or mobile device.

"They will encrypt your file, halimbawa kikidnapin ang isang tao at pababayaran. Ngayon they will kidnap your data, your information tapos babayaran mo 'yun sa kanila, through a password," Superintendent Jay Guillermo, spokesperson of the PNP-Anti Cybercrime Group (PNP-ACG) said.

(For example, a person is kidnapped, a ransom needs to be paid. In this case, it's the data, information that are being kidnapped and you have to pay them to through a password.)

Since most personal devices hold precious data, the user has no choice but to pay a ransom in exchange for the password to be able to access the device again.

According to cyber-security expert Ruben Martin Mondejar Jr., the device is compromised because of a malicious software or malware. 

"Kahit sa cellphone, it’s just another device with a software inside a firmware pwede pa rin silang atakehin," Mondejar said. 

(Even a cellphone is vulnerable to attack.)

Anyone can fall victim to ransomware, whether an individual or a company. Even your friends and relative can be easy targets. 

“It can happen to anyone, a malware, the main purpose is to spread across, mas maraming infected, mas maraming revenue (the more they infect, the bigger their revenue),” Mondejar said. 

"Typically they would like to target companies because marami kang pwedeng mata-target dahil lahat interconnected. Kahit ang Facebook mo i-attack kita for example, so lahat ng friends mo ransomware malware. Naniwala silang ikaw ang nagbigay ng information, iki-click nila yung link. So lahat ng friends mo, let’s say 4,000 ang friends mo, lahat sila potentially pwedeng ma-infect ng ransomware."

(In companies, more people can be targeted because they are interconnected. If I attack you on Facebook, for example, every one of your friends will be infected with ransomware malware. Your friends will believe that it is you who passed on the information so they'll click the link. So all your friends can be potentially infected with the ransomware.)

Payment for ransom is also done online through the use of credit cards or use of online currency called bitcoins. 

“May popup saying you have to pay. Wala kang magagawa kase naka-lock na siya, magbabayad. Normally for ransomware they will have this message saying you have to input your credit card information. So basically, lahat online na ang transactions. Either they will ask you to use your credit card or bitcoins," Mondejar said. 

(When you see a popup, it's game over because it will lock you out of your phone and you need to pay up.)

Guillermo confirmed this ransom payment procedure.

“They will ask for a payment through bitcoin minsan 2 or 3 bitcoins lang P120,000, through virtual currency," he said.

How does the malware get in the device? According to cyberexperts, some emails have malwares embedded in them. 

"You have to call first, if your friend was the one sending out. Kapag ang messages ay parang robot na siya. Hindi siya typical way kung paano magsalita ang friend mo, suspicious na siya. You have to call them and verify, ikaw ba ang nagpadala nito," Mondejar said.

(If the messages sound robotic, it's not how your friend typically talks, you have to be suspicious. Ask them, "Did you send this out?")

Sometimes, malwares are also attached in free apps and games that are downloaded especially on “jailbroken” devices. 

"Tayong mga users, kung saan tayo makalibre, kaso ang libre ngayon walang security checks, prone tayo, kapag in-install, nag-execute, doon na tumatakbo ang application," Mondejar said.

(We're drawn to free stuff, but anything that's free online aren't checked for security. When you install something and it executes, that's when the application starts to run.)

"Sa background, may ginagawa pala siya. Jailbroken siya, hindi siya dadaan sa typical life cycle nina Apple or Google Play Store so if ever, hindi siya nache-check or nave-verify, so mostly you will be prone to those attacks. 

(What we don't know, behind the scenes, something nefarious is happening already. If it's jailbroken, it doesn't go through the typical life cycle of an Apple or Google Play Store so the app isn't checked or verified.)

"Sa Apple or Google, madalas bini-verify nila ang code if it is malicious or not. Because they will have to register or the typical companies who are gonna post their applications. In a way, controlled naman siya. So if ever naman na may makakapasok, most likely your phones will have security precautions din, that’s why we always advise to have anti-malware solutions in your phones to protect your phones from any malicious software." 

(With Apple or Google, they usually verify a code if it's malicious or not.)

Guillermo added: "The program will access your photos, locations, contacts, camera and speakerphone. Kapag sinagot mo automatic, it can access the camera and the microphone of your cellphone."

Cyber experts say people become targets because of how they handle their digital life. 

“Nagsisimula siya sa digital life natin. Paano mag-attack, aaralin ko ang targets, sino na ang mga taong laging nagpo-post sa Facebook niya, kung saan siya nagpupunta sa social media. Nasusundan nila kung ano ang ginagawa mo, kung ano ang favorites mo. Gagamitin ang mga yan laban sa inyo,” Mondejar said. 

(It all starts with our digital life. How do you I attack you? I'll the study the targets. Who frequently posts on Facebook? Where does the person go on social media? Your movements can be tracked, your favorites, too. They can use these information against you.)

“Ang digital life natin, pwedeng maraming tao ang nagmamasid sa atin, post tayo ng post, we’re happy about what we’ve been accomplished, kapag malungkot tayo, kapag galit tayo, pino-post natin. Kung target ka talaga, gagawa sila ng paraan para makita ang information mo.” 

(A lot of people are looking at what you post, whether we do it often or not. When we're sad, angry, we post our reactions. If you're a target, criminals will do everything possible to view your information.)

Cyberexperts advise the public to create strong passwords and to change them every 90 days, avoiding the use of names and birthdays. 

"The only way to protect our information is through encryption. Ibig sabihin itago mo ng maayos. Itago mo ang information mo na hindi madaling makuha. Halimbawa sa bahay natin, yung sa traditional na vault sa bahay mo dapat ganon din ang gagawin mo. Kailangan maraming layer of protection," Guillermo said.

(Hide your information really well, that nobody can access it.)

Statistics show that there are 556 million cybercrime victims annually, 1.5 million victims per day and 18 victims per second. 

Here are Mondejar's tips to protect your data from being breached. 

1. Monitor credit card statements weekly and look for any questionable activity.

2. Create strong passwords and change every 90 days, avoid using your name, initials and birthdays.

3. Check for secure, wireless connections when working on public places such as the coffee shop while keeping an eye on phishing emails.

4. Lock your laptop and other devices when shopping online, share only personal information on credible websites and look for https at the beginning of the web address.

5. Use identity protection software and services.

6. Request for a copy of your credit reports to monitor activity. 

7. Copy important file in another hard disk or external hard drive, stored in a safe place. If your computer is compromised, you still have access to your personal files.