A day in the life of a cyber-criminal

Credit: ID 95309879 © Jakub Krechowicz | Dreamstime.com

I lay awake in bed looking over at the alarm clock on my side table it indicates 5:59 am, I am waiting for it to click over to 6 am and the alarm to sound. Click. The alarm sounds and I spring into action and the alarm was silenced as fast as it started. My wife is still asleep and barely stirred from the sound. I walk down the hallway past my children’s rooms and head for a shower.

Now I am all dressed and prepared for the day, it is time to make a coffee for my travel mug and head off on the commute to the office. It is a long commute to the office today, there must have been some sort of accident as traffic was crawling for such a long time I was almost late to the office. I am lucky it’s Friday, I am looking forward to getting away for the weekend with the family, and it has been something we have been saving for, for months now. A quick escape down the coast will do us all good. The pressure at work is starting to get to me; I just cannot seem to meet my targets but today just might be my day.

I see Harry and Jane talking at the photocopier as I enter and say a quick hello before making my way to my cubical down the back. It is a small space and looks just like the other 50 cubicles on this floor except I am at the end of the row and have a direct view out a large window just next to my desk which overlooks a man-made lake that is quite nice to lose myself in for a few minutes every now and then during the day when I am just not having a successful one.

I power up my computer and get ready to load up the contacts database I will be targeting today, I have a new group which I hope is much more fruitful then the last as my supervisor is just riding me to get better results and there is no way I will get the end of month bonus if I don’t pick up my game.

I load up my email template tool and decide to go with one of our new templates; I just have a good feeling about this one. It is a “you need to reset your password due to suspicious activity on your account” template, these are normally quite effective and it will take the recipient to a page they will enter the old password and then get them to add in a new one, it will then fail and ask them to press ctrl-alt-del and select reset password, then enter the detail in again just to ensure that the change takes effect. I send this out to 50K recipients on my list and I start to get some response almost immediately. I start to correlate the details into a working sheet that will later be injected into my tool to spread ransomware onto the target networks.

I get a few thousand responses and import them all, so that I can inject the ransomware executable onto all of the systems. I hit the run button on my campaign and it starts to do its thing spreading my bug through their systems but this will be a bit of a wait now. I will go down to the café on the ground floor now for some lunch and will see what the result is on my return. I don't want to get too excited but it is looking like my luck may have turned today but I will be patient and just see how I go.

Lunch was nice; I caught up with some of my old colleagues from the information gathering team that I worked with prior to moving to the attack group. It was good to just have a quick catch up and see how their families were all going. I get back to my desk and I have hit the jackpot. I have 100 organisations that have been infected with my ransomware bug and some of them are really big fish that will definitely get me some money though, I can almost smell the end of month bonus.

I look through my encrypted message app that all the ransomware decryption requests will be sent through too and I have some sitting there waiting for me to respond with how much it will cost to unlock all of their files. I request more information from them with how many machines that are encrypted and I have a hospital that has 300 machines locked and another accountants firm with 80 systems.

I will demand 10K bitcoins from the hospital and 5K from the accountant firm. I get an almost instant response to my price with the hospital asking for a discount, as they cannot afford that price, I send back 8K is my lowest offer. They accept and I will now wait for their payment before I send through the decryption tool. The accounting firm did not even negotiate they just paid the 5K. A few minutes later, the hospital sends through payment as well.

I send through the keys and the decryption tool so they can get back the files and offer help if needed to restore them but they do not ask for anything further. It is now 4 pm and I can see that I have another four requests for decryption prices come through for some smaller under 50 user sites so I send them through quotes for 1.5K bitcoins for decryption keys.

Its time I start to pack up for the day and make my commute home, it has been a successful day today and I will be surely getting a few thousand bonus this month now at a minimum. My wife will be happy, we have school fees coming up for the kids. A good day overall. Time for the break with the family...

So I bet you are all going what is this guy talking about, why is he telling us this story of what this criminal is doing, its because I wanted to paint the picture for you that these ransomware syndicates could quite possibly be run like a standard 9-5 job in which the workers get up and go through their day just like many of us would. To them it may be just their normal job and they do not see it as a problem. They get paid a salary with some bonuses if they can scam us out of more money then expected. They have families that may not even know exactly what they do (they probably think they have an IT support job).

With the way they work, this scenario could be quite real and not just a fantastical tale I have spun. How can we stop this type of criminal organisation? I don’t have that answer and it will be a combination of security folk like us finding them and law enforcement going through the right channels to get them to shut down. In this kind of scenario, I'm sure their families would see us as the bad guys not them, this is how they survive, feed their families.

Other employment sources need to be created in these places to help steer people to legitimate careers and stop them from becoming part of this horrible scenario. Better for them and for the rest of the world don’t you think? Well, that's enough of my story for now and I hope you liked the slightly different style I took this time around.. Let me know what you all think. 

Tags whalingdata breachesdecryptioncybercriminal

Show Comments