Too noisy, low-level and unethical: Why some cybercriminals hate ransomware

With the prevalence of successful ransomware attacks, you might think that all cyber criminals view the rise of file-encrypting malware as a positive development.

For many, making cash quickly with the minimal amount of effort is their number one priority and ransomware very much fulfils that agenda - millions of malicious messages can be sent out at once and even if just a handful of ransoms are paid, a criminal can pocket a few thousand dollars worth of Bitcoin.

But even criminals have standards and it seems there are some who are against ransomware, either for ethical reasons or simply because they see it as too low-brow, or too obvious an attack.

Researchers at Anomali and Flashpoint have jointly looked into Eastern European criminal attitudes to ransomware and have found that while some are happy to carry out ransomware attacks against anyone, some find themselves with an ethical dilemma when it comes to targeting organisations like hospitals - which are often viewed as easy targets by attackers.

In February 2016, a Locky ransomware attack at the Hollywood Presbyterian Medical Center saw the Los Angeles hospital give into a ransom demand of 40 Bitcoins (then $17,000) in order to regain access to their systems. It was a big payday for a single attack, but the response on underground forums was mixed.

"From the bottom of my heart, I sincerely wish that the mothers of all ransomware distributors end up in the hospital, and that the computer responsible for the resuscitation machine gets infected with [the ransomware]...", wrote one "highly reputable" member of a Russian cyber crime forum, says the report.

However, that was met with a blunt reply from a ransomware operator, who simply stated "[the attackers] scored. It means everything was done properly."

Unsurprisingly, there's a large proportion of online criminals who subscribe to the view that so long as there's a payday, it doesn't matter who is targeted by criminal activity, no matter what the ultimate cost to the victim is. That's led to fears that a ransomware attack against a hospital or against critical infrastructure could cause harm or cost lives.

See also: Ransomware: An executive guide to one of the biggest menaces on the web

WannaCry raised the general awareness about ransomware and made it high profile to the extend that one underground forum user suggested banning ransomware from the marketplace because "It attracts attention to malware and causes companies to introduce measures to increase their security" and "It increases general awareness of topics related to information security".

The user went on to suggest that by "allowing ransomware operators on the forum, we are digging our own grave. Of course, banning this work on the forum doesn't stop this type of business, but as a minimum we can use community disapproval to make it more difficult to enter into it."

Researchers say that 48.5 percent of responses expressed support for such a ban. But rather than disapproving of ransomware from an ethical perspective, it now seems that those who are against it in the underground community have shifted their position to one of business - they believe that the rise of ransomware is making it harder to carry out cyber attacks in general.

For those who are against ransomware, the report also suggests there's another factor which comes into play: snobbery.

One of the reasons ransomware has become so successful is because it's so easy to carry out, to the extent that even the lowest-level wannabe cyber criminal can buy a ransomware-as-a-service kit and start a spamming campaign. It seems there are some in the criminal fraternity who just don't respect this approach when compared to more sophisticated campaigns.

"It's a business which is built not on intelligence and mental dexterity, but on brute-force and luck," wrote one user.

While there's debate amongst cyber criminals about the value of ransomware and who should and shouldn't be targeted, there appears to be one common area on which they can all agree on.

"There is only one rule - don't target Russia. All other cases depend on one's degree of perversion," said one user.

For the most part, Eastern European cyber attackers won't target Russia as they generally assume that Russian authorities will leave hackers be - so long as they target victims outside the country's sphere of influence.

READ MORE ON CYBER CRIME

• Cyberwar: The smart person's guide [TechRepublic]
• Locky ransomware: Why this menace keeps coming back
• Ransomware shuts down 1 in 5 small businesses after it hits [CNET]
• After WannaCry, ransomware will get worse before it gets better
• No more ransomware: How one website is stopping the crypto-locking crooks in their tracks