Non negotiable
Young, male, tech-savvy, few social contacts, high need for attention - this is how many people imagine the typical cybercriminal. We have been trying to dispel this cliché from people's minds for years.
They are false and "the" cybercriminal is trivialized. In truth, he is highly professional and motivated by only one thing: Money.
A recent case in Switzerland shows that a large part of the cybercrime business is closely linked to "traditional" crime:
An email provider was attacked using distributed denial of service attacks. This part of the crime, the threat, actually took place in cyberspace. In the next step, however, demands for protection money were made - very old school.
No business with criminals
According to the doctrine known from politics
"We do not respond to ransom demands"
the provider decided against payment. The announced attack followed - and was directed not only against the email provider itself, but also against its Internet service provider and its data center, and was so massive that other customers were also affected.
The pressure increased enormously, so that the email provider finally paid the demanded sum of 15 Bitcoins (approx. 5,350 euros). The attacks continued - even after the demands had been met.
The email provider has since made this attack public with many details and announced that it will never pay a ransom again. Thanks to cooperation with the Swiss Reporting and Analysis Center for Information Assurance (Melani), it has also become clear that the attacks have targeted other companies and are being carried out either in different stages or even by different groups.
This example shows that we are not dealing with young "nerds" who get a bit rowdy. Today's cyber criminals are part of organized crime.
This can be seen both in the use of tried and tested "business models" (e.g. protection rackets), which are transferred to cyberspace, and in the necessary structures in the background.
In real life, handing over money is the most dangerous part of the criminal's enterprise. Law enforcement agencies have also been masters at following the "money trail" for many decades. Hence the high demand for ever new methods of money laundering.
In this specific case, the protection money was paid via bitcoins. But cryptocurrencies are not so anonymous either. Although it is difficult to assign an account (or "wallet") to a user, the content and transactions are publicly visible and traceable for everyone.
So even with cryptocurrencies, money laundering is an integral part of the business model. I assume that many other companies have also already fallen victim to such attacks - this is inevitably due to the maturity of the attacks and processes, but also to our investigations into the cyber underground.
Victims often simply pay silently - but in doing so, they encourage the criminals in their actions. I am therefore grateful to the email provider for bringing this case into the public eye and making it clear that paying is not a solution.
As with classic protection rackets, the criminals only take this as a sign that they have "broken" their victims and can go even further with a little more pressure - profit maximization, so to speak.
So if you are the victim of such an attack, inform the law enforcement authorities or the relevant reporting offices! Only then is there a chance of putting the case in a wider context, for example by providing information about similar cases, or tracing the money - and therefore also the blackmailers.
So that the criminals behind them can be put behind bars in the traditional way, even in the digital age.