you can say “oh”. Make sure you read to the end of this feature to
see how you can protect your Nextclouds. For backing up system
files, we would recommend the TimeShift backup tool, which is
available for Windows, Linux, Mac, and Android and is easy to
install anywhere.3
ENABLING RANSOMWARE
We’re not sure about this cryptocurrency malarkey. And
we’re even less sure about people co-opting the term
‘crypto’, which for years has been used by cypherpunks as an
abbreviation for the noble art of cryptography. But one thing we
can thank cryptocurrency for is ransomware. If victims were
instead asked to pay regular ‘fiat’ money to a bank account, or
money transfer, they’d be much less likely to pay. Furthermore,
thanks to banks in most countries being pretty wise about
knowing their customers, the scammers would be much more
likely to be caught.
>> Over the past decade or so, ‘crypto’ (in particular Bitcoin) has
cemented its position as the premier conduit by which to receive
ransomware payments. It’s often said that Bitcoin payments
are hard to trace. But this isn’t true, given that an indelible
record of every Bitcoin transfer lives forever on the blockchain,
for any inquisitive eyes to see. The hard part is breaking the
pseudonymity between wallet addresses and individuals.
>> But that might be about to get slightly less difficult. Anyone
who’s watched popular crime fiction will have heard detectives
talking about “following the money”. That’s easy to do with
Bitcoin, you can even use a website such as blockchain.com to do
it from the comfort of your own browser. You probably won’t solve
any crimes that way, but boffins are getting good at designing
their blockchain scanning algorithms. The team at analysis firm
Elliptic figured out that the Colonial Pipeline hackers DarkSide
were also responsible for an attack on a German chemical
company a few days later. But Elliptic went further still and
managed to identify around 45 other wallet addresses that hadall paid an average of $1.9 million. This runs to a total of
$90 million, which Elliptic believes is the total amount of
ransom paid to DarkSide throughout its history.
>> It’s not illegal to pay a ransom and, for large
companies without time or backups, it could be the best (or
rather, least bad) option. Colonial Pipeline stakeholders
can take some solace in the fact that DarkSide’s website
was seized soon after the incident. Soon after that, the
FBI announced it had obtained a wallet key and was able
to recover 85 percent of the ransom paid. It has been
speculated (see https://ciphertrace.com/ransomware-
seizure-blockchain-analytics-helps-us-authorities-
seize-over-2-million-in-darkside-ransom-paid-by-
colonial-pipeline/) that this figure was, in fact, paid to
a DarkSide affiliate (an intermediary hacker who may
have gained initial access), with DarkSide itself keeping
the remaining 15 percent (their RaaS operator fee), as
well as all the group’s other ill-gotten gains, in an as-of-
yet unseized wallet.
>> DarkSide has, in the past, demanded ransoms in
Monero (XMR), a privacy-conscious altcoin that doesn’t
record unique addresses on its blockchain. Given
its relative lack of popularity though, it’s no good for
paying huge sums with as few exchanges hold millions
of XMR in their coffers. Cryptojacking malware hijacks
machines (often through malicious JavaScript) to mine
cryptocurrency, and it turns out Monero is an ideal
token for this. It can be mined on modest hardware, so a
large enough attack can net great profits.
>> Linux machines have been targeted in this way since
at least January 2020 by malware dubbed FritzFrog.
This malware is written in Go and propagates over SSH.
It uses a peer-to-peer approach, rather than traditional
Command and Control (C2) servers, making it hard for
investigators to shut it down.>> Give yourself a warm fuzzy feeling this winter by getting your Nextcloud instance A-rated for security.MAR 2022 MAXIMU MPC 69
© NEXTCLOUD