Nokia buckled to a multi-million Euro ransom demand over a stolen encryption key.
According to IT News, in 2007 the mobile phone manufacturer’s encryption keys were used to sign applications for smartphones running the Symbian operating system, to ensure they were approved by Nokia.
The blackmail attempt took place in 2007, when Nokia was still the number one smartphone vendor in the world with Symbian holding a dominant, half-market share. Even though Nokia reported the matter to the Finnish police, the company also agreed to pay a ransom with a cash-filled suitcase left at a parking lot in the city of Tampere.
Jon French, senior security analyst at AppRiver, said: “Paying can only further show other hackers that they have a chance of making a lot of money from these corporations. Nokia seems to have gotten incredibly lucky that the hacker didn’t release the key anyways.
“Once they have the cash, there can sometimes be nothing to lose for them at that point. However, this choice plays in to the whole ransom situation. If the hacker went back on their word and released the key regardless, it would be a well learned lesson for Nokia (and probably others) to never trust a ransomer again and never pay in the future. So a hacker releasing the key anyways could sort of shoot the ransom scheme in the foot per se.
“Backing up may not be the most important thing when it comes to ransoms unless you’re dealing with something like CryptoLocker. In the case of stolen sensitive or proprietary data, it was most likely copied and not literally stolen in its entirety. The major concern is probably that the public will find out and someone could do something nefarious with the data. Like in the Nokia case, malware authors could sign their code and everything would look good and secure to the phones.”
After businesses were held up by ransomware such as CryptoLocker at the start of this year, the last couple of weeks saw the likes of Domino’s Pizza and Feedly held to ransom in the cases of seized data and a threatened DDoS attack, but in both cases both companies appeared to stand their ground.
French said: “This ‘trusting the ransomer’ thing has reared its ugly head the most with the Crypto malware. These malware authors have created reputations that if you pay the ransom you will indeed get your files back. Some of this malware even lets you decrypt a single file to show they aren’t kidding about the decryption working.
“So let’s say you are an IT person and your network got hit with Cryptolocker causing tens of thousands of dollars in damage due to lost files. You do some research and see everyone online is saying the decryption works if you pay. I admit it’s probably a tough decision for a company to make. Do you do what’s right and not pay the money and be out of the lost data and revenue? Or do you pay a couple hundred dollars to hopefully get all your businesses files back? Since people know paying works in many of these cases (due to other people sharing their unfortunate experiences), I’m inclined to think that many people would risk the few hundred dollar ransom to get the data back in some cases.”
David Howorth, vice president EMEA at Alert Logic, told IT Securi
ty Guru that he would advise any enterprise that finds itself in a situation where hackers are blackmailing it to never pay.
“Not only does this make that company a sitting duck for other hackers once word gets out that it ‘pays up’, but – let’s face it – these hackers have no ethical code of conduct. Once they have your sensitive information, it is safe to assume that the data is making its way to the black market, where it will be sold,” he said.
“The best safeguard is for enterprises to implement layers of security across the infrastructure stack and make sure basic security best practices, such as patching servers and keeping security software updated are in place. Making sure they monitor their data centre infrastructures for malicious traffic and vulnerabilities in real-time, 24 hours a day, seven days a week and being able to act fast on remediating the high risk vulnerabilities enables companies to be proactive in their defences.”
Is this the latest scourge of businesses? Rather than facing APTs or data breaches, they now face wise attackers who seem to have jumped on a tactic that Nokia has allowed to be successful. Yes it was seven years ago while the recent stories have seen businesses stand firm against ransom threats, and in the case of the seized data from Domino’s, we don’t know what happened to the attacker “Rex Mundi”. Perhaps it is the case that all businesses need to stand together and this threat will pass – Editor