4 December, 2022


Cyber-Espionage & Ransomware Wars

By Kumar David

Prof. Kumar David

There are two categories of cyber-attacks; attempts by governments and state intelligence agencies to penetrate, disable or gather information from foreign or domestic sources and the second is when organised gangs, or occasionally individuals penetrate computer facilities to collect what may be called a cyber-ransom. The latter is the work of a cyber-mafia. There is not a great deal that can be said about the former since little is reported. Even investigative journalists who penetrate the shroud of state secrecy rarely make an exposé of governmental cyber snooping, or for that matter any state led contravention of people’s rights. Of course the best way to learn about a government snooping on its own people if from another country. America for example is replete with journalistic comment, security agency (FAI, National Security Agency or NSA and other) releases, and ‘learned’ papers on how China spies on and molests its citizens and exposés of the antics of Putin’s agencies. But the deadly side of domestic state led cyberwar and cyberespionage is a topic about which little is known and those who talk are likely to be liquidated or placed behind bars. For example what is known about Israel’s capabilities and the damage it inflicts on Iran’s nuclear programmes? It is said that Russian cyber penetration of Western intelligence and Chinese fingering of commercial and security networks is superb, but frankly, I am sure that given its higher technology American data gathering is much better.

If the intention is to do huge damage to another countries infrastructure, say crippling electricity supply, disrupting air traffic or gas/oil pipelines, or creating havoc on the roads by screwing up GPS-ware, no one can do it better than a foreign state agency. The downside is that the comeback will be quick and as devastating; it’s is an extreme that a state or a military will resort to only in circumstances such as war. Other than Israeli and U.S. attacks on Iranian nuclear facilities and alleged campaigns of disinformation, election interference, or information gathering, other cyberattacks sponsored by foreign state agencies are rare. However, it is when cyber is linked with other technologies such as drones, jamming financial transfers or experimental interference with military exercises or foreign communications channels, that that it gets grey and dangerous. Explicit acts like sanctions or trade blockades supported by cyber intervention cannot be termed peacetime cyberwar (forgive the oxymoron) since they are not secretive. Sun Tzu’s (544–496 BC) Art of War written 2500 years ago is stunning in its conceptual relevance to modern cyberwarfare!

Sun Tzu ponders The Art of Cyberwar |Image: Defence Acquisition University, Virginia

It’s cyber terrorism-for-profit or ransomware that is now grabbing the headlines.  Ransomware is malicious software designed to befoul computer systems. Hackers demand a ransom — typically in cryptocurrency — in return for restoring access. Institutions lose millions for every day that access is denied and there is a danger that hackers may spread disruption to other parts of the network. Hackers often gain access to a computer system through the administrative side of a business. Some of the biggest attacks started with an email; an employee is tricked into downloading malware. There have also been cases of hackers using weaknesses or third-party software that a business has purchased. They use any means to gain a foothold in a network.

The operator of America’s largest fuel pipeline Colonial Pipeline was attacked at 5:30 a.m. on May 7. It took about an hour to shut down the pipeline and its 260 delivery points across 14 states. Shutdown prevented the infection from migrating to other operational controls. The pipeline system delivers 45% of the gasoline consumed on the East Coast. This operator of the nation’s largest fuel pipeline confirmed it paid $4.4 million to the gang in Bitcoin to restore the locked up corporate network. Who were the hackers? The FBI says that DarkSide, a relatively new gang which it alleges is based in Russia, was responsible. It is unusual for criminals to attack national infrastructure- but it is a growing concern. The hack on Colonial Pipeline is significant but hospitals, airports, banks and food production and supply facilities are all coming under attack.

How can a pipeline be hacked? Can the CEB’s System Control Centre or the Petroleum Corporation be attacked? (They should send the ransom note to Beijing since GoSL is too broke to pay). Many people do not know that the nerve centre of most sophisticated industries are extremely digital. Controls, energy management systems, fuel supply logistics, sensors, thermostats, valves and pumps are controlled by interlocking computer systems.

Colonial Pipeline runs 5,500 miles from Houston, Texas, to New Jersey. (Map: Colonial)


Ryuk is perhaps the most dangerous ransomware in operation. It is spread via malicious or phishing emails, with dangerous links and attachments. According to the FBI, Ryuk’s attacks have already caused more than $60 million in damage worldwide since 2018; more than 100 companies have been attacked. Victims needs to send a message to find out how much they must pay for the decryption key – what cheek!

SamSam ransomware gained prominence in 2018 after infecting the City of Atlanta, Colorado Department of Transport and Port of San Diego. Also in 2018 two Iranian hackers were accused of using SamSam against 200 organizations and companies including hospitals, municipalities and public institutions. $30 million was lost as a result of these attacks. SamSam victims are asked to make a first payment for a first key to unlock a few machines. “With buying the first key you will find that we are honest”, says the ransomware message!

WannaCry executed devastating ransomware attacks and is spread via email scams or phishing. The estimated loss so far is $4 billion. Worldwide, more than 200,000 people and companies such as, FedEx, Telefonica, Nissan and Renault have suffered.  WannaCry exploits a vulnerability in the Microsoft Windows operating system. There are dozens more dangerous ransomware outfits in existence, the better known ones go by the names Petya, Trojan and TeslaCrypt. Petya for example infects the boot record of computers that use the Windows system. It blocks the entire operating system and the unblocking ransom is $300 per computer.

What can be done about protection? The best solution is well trained, responsible and alert staff. In addition there are dozens of protection programmes on the market. The ransomware fighting project ‘No More Ransom’ is a worldwide initiative by Europol and several government agencies and cybersecurity companies to fight ransomware. ‘No More Ransom’ helps victims of infections caused by ransomware to recover blocked data without having to pay any ransom.

Print Friendly, PDF & Email

Latest comments

  • 3

    I was informed some years ago that much of the computer viruses were produced by ‘anti-virus’ businesses.
    Is there not a possibility that the unblock business works hand-in-glove with the ransomware business?

    • 3

      I presume hackers can gain access only if you are connected to the Internet.
      If that is the case why can’t critical facilities run on isolated networks?
      Where is the hole in my understanding?


      • 3

        I think quite a few do.
        But one becomes vulnerable when one has to cross company borders.
        This may interest you, apparently Somali rebels could not be tracked by US spy agencies for long because they did not use mobile phones.

        • 0

          Many moons ago, there were only primitive computers or none at all in many places such as power systems. Even the Apollo 11 computer couldn’t be hacked. They worked well enough at the time.
          So maybe it’s time to look at controls of that sort. The current practice of using computers in everything from fridges to bridges might make them more efficient, but opens a lot of loop-holes.

          • 0

            Old codger
            Was there Internet during Appolo II?


        • 1


          “Where is the hole in my understanding?”

          The Somali pirates used pigeon post, marathon runners, smoke signals, talking drums, ……

          Instead of at the rear the hole is at the top part of your head.

  • 2

    I am happy that Prof Kum has written a lay man’s description of this global menace. In relation to worldwide operations involving Billions, if not Trillions of Dollars with massive computer networks, I am an exceedingly a small fry, with a single laptop and an internet connection. Yet one of those cyber bullies saw value in me to drop an email to me that he/she is aware of one of my passwords that I use and wanted me to “submit” to him with a view to obtain a ransom. (What money have I got pay the joker? Peanuts). Fortunately, I regularly back up data into another external drive and I had nothing to lose even if the joker locks my computer. I promptly changed the passwords of my bank account and other accounts using an almost discarded desktop operating on a different operating system. When I received a second email, I reset the laptop operating on windows 10 and adopted some measures as advised by a security expert. Since then, the fellow has not sent me any nasty mail. In Singapore vandals get a good canning to their bare bottom. So should computer vandals.

  • 0

    Where did you get your info? Other countries even if hacking like mad, never even dreamt of using legitimate business to do illegitimate deeds. If they did, their law would have been very fast on them- even bad ones use honor codes so business will flow smoothly for best profit. But the mindset of our countrymen is a bit different, isn’t it. Gosh, we are like King Louis of Jungle Book trying to steal fire. And Sri Lanka is ready to dive head and feet first into this system with pride and pomposity. Port City: The great manipulator of global currency. What an embarrassment. Alas.

    • 0

      I cannot list them all. But you can fact check.

Leave A Comment

Comments should not exceed 200 words. Embedding external links and writing in capital letters are discouraged. Commenting is automatically disabled after 5 days and approval may take up to 24 hours. Please read our Comments Policy for further details. Your email address will not be published.