Ransomware: I doubt that anyone reading this article hasn’t had a device infected by at least one malicious file, what we call a virus. Whether it’s a computer or a smartphone, it doesn’t matter, it’s practically impossible that this hasn’t happened. Even more so in the beginning of the opening of the commercial internet signal in Brazil, in 1995, where there were many programs that were sent by e-mail and, after being executed, the lights flashed and the cd-rom opened, for example.
Something harmless compared to today. At that time, nobody cared about having access to our data, because there were very few transactions possible in internet banking and there were no marketplaces that today sell everything.
Over the years, with the advancement of technology and the internet and, especially, of financial services and others that have market value, types of malware have become increasingly dangerous and sophisticated, as they started to collect information such as passwords, personal and sensitive data of both companies and users.
With the entry into force of the General Law for the Protection of Personal Data (LGPD) in Brazil (attention, I will only refer to Brazil), companies that in any way use, store or process data from their customers or third parties have an obligation to protect this information and, if something happens, they can be held responsible for the leak. There are many types of attacks and with different intents, so let’s just focus on ransomware.
But what is a ransomware attack?
Quite simply, it is an attack in which the criminal uses a type of “virus”, which, once executed or opened on a computer or within a network, proliferates to all equipment connected to that network; as a result, users are prevented from accessing files and systems, which have been attacked through an encryption of stored data known as “virtual data hijacking”.
Simply put, data encryption is a way, through mathematical applications, to make all data encoded and cannot be read without a key that opens these files, through an activity called decrypt. The data is there, but scrambled.
This attack can also be done through a security breach in companies’ systems, where the attacker enters the network, collects this information and, after collecting all the data he wanted, launches the attack and charges a kind of “rescue” to provide the passkey to release this data. This type of information gathering can take months, as everything has to be collected in a way that does not arouse suspicion.
If the ransom is not paid, the data can be erased or exposed on any network or sold to fraudsters. However, the truth is that there is no interest of criminals in deleting the files, but in charging to unlock them, since if you delete, they don’t earn anything. Only as a last resort, if there is no payment, then the data can be lost or published as a form of revenge, which can generate huge losses for those who suffer this type of attack.
But can’t you track where the payment will be made? Very difficult. These payments are made in the form of cryptoactives, such as Ethereum, Bitcoin, Cardano and hundreds of other “virtual currencies” that are practically impossible to track because they are deposited in a virtual wallet – which is represented by numbers and not linked to any financial institution — and then can be turned into cash and withdrawn without a trace.
Well, it is obvious that this is a crime and is provided for in article 154-A of the Penal Code, which was included by law No. 12,737/2012, the famous “Carolina Dieckmann Law”. Before that, it wasn’t a crime. The person who committed this act did not have any kind of penalty because, as I have said in other articles, if there is no law that defines it as a crime, it is not a crime. However, the focus is not who commits the attack, but the consequences, which can be serious, for companies and people who are victims of this crime.