How cybercriminal’s use cryptocurrency ?

How cybercriminals use cryptocurrency?

Cybercriminals all over the world have leveraged this technology’s increased anonymity to buy and sell illegal goods, services, stolen data, underground infrastructure and force victims to pay ransom. While blockchain analysis enables researchers and law enforcement to glean information from illicit transactions, criminals have countered by adopting the use of cryptomixers to obscure their transactions and further complicate investigations. It has been observed gangs in the cybercriminal underground are increasingly relying on cryptomixing services to obfuscate the origin of their criminal earnings.

What are Cryptomixers ?

Cryptomixers are often stand-alone services that are available to the general public via the open internet. They often use anonymous means of communication and do not keep logs of customer transactions, which given the push by law enforcement for crypto exchanges to incorporate financial compliance laws into their operations, makes cryptomixers a useful tool for criminals.

How Mixers Work ?

Mixers work by allowing threat actors to send a sum of cryptocurrency, usually bitcoin, to a wallet address the mixing service operator owns. This sum joins a pool of the service provider’s own bitcoins, as well as other cybercriminals using the service. The initial threat actor’s cryptocurrency joins the back of the “chain” and the threat actor receives a unique reference number known as a “mixing code” for deposited funds. This code ensures the actor does not get back their own “dirty” funds that theoretically could be linked to their operations. The threat actor then receives the same sum of bitcoins from the mixer’s pool, muddled using the service’s proprietary algorithm, minus a service fee. For added anonymity, the threat actor can choose to send this new “clean” sum of bitcoins to numerous wallet addresses to further obfuscate the trail of the illicit funds. This makes it more difficult for law enforcement to associate the original “dirty” cryptocurrency with the threat actor.

POPULAR CRYPTOMIXERS

While the act of “mixing” cryptocurrency is not itself an illegal practice, these platforms aren’t widely used by the vast majority of crypto-enthusiasts. Most users do not need the extra level of privacy nor want to lose crypto to the service fees that come with mixing cryptocurrency. The cryptomixers that were observed all had well-established presences on multiple, well-known cybercrime forums. All of the mixers had professional-looking sites, likely serving as an attempt to make their operations appear more legitimate and attract a wider range of clients. None of the providers advertised their roles in money laundering, instead preferring to suggest their sites serve businesses using cryptocurrencies and individuals interested in protecting their privacy.

Among the most popular mixers observed are

• 

• Absolutio  

• AudiA6

• Blender

• Mix-BTC

• Helix

All the mixers observed were operational on the clear web and Tor network except mix-btc, which was only available on the open internet. All four providers offered their services in English, with Absolutio, AudiA6 and mix-btc also featuring Russian-language versions of their sites. All four mixers offered services for Bitcoin, while others also offered mixing services for Bitcoin Cash, Bitcoin SV, Dash, Ethereum, Ethereum Classic, Litecoin, Monero and Tether cryptocurrencies.

All the mixers listed a minimum balance for mixing services, which varied from 0.001 bitcoin (about US $60) for Blender to 0.006 bitcoin (about US $375) for mix-btc. Maximum amounts varied significantly, with Absolutio limited to 2 bitcoins (about US $125,700), Audi A6 to 27 bitcoins (about US $1.7 million) and Blender to 2,600 bitcoins (about US $163 million). Mix-btc did not specify an upper limit for transactions.

Additionally, all four mixers charge transaction fees, collected as a percentage of the total amount of cryptocurrency to be mixed. Some services allow users to choose a “dynamic” service fee, which is most likely done to complicate investigations into illicit cryptocurrency funds by altering the amount being laundered at different stages of the process, making it more difficult to tie the funds to a specific crime or individual. The fees are the following:

• Absolutio: ​​Users select “dynamic” service fees, falls between 1 percent to 30 percent

• AudiA6: Flat service fee between 3 percent and 5.5 percent

• Blender: Users select “dynamic” service fee, falls between 0.6 and 2.5 percent

• Mix-BTC: Flat service fee between 3 percent and 5.5 percent, additional charges depending on the volatility of bitcoin price

While these mixers do not share their wallet addresses publicly, Intel 471 found a wallet that was used by Blender from June 2020 to July 2020, handling bitcoin transactions in excess of 54 bitcoins (about US $3.4 million). Assuming an average transaction fee of 1.6 percent, this wallet could have received fees in excess of US $50,000 during that time period.

EVEN MORE “PRIVACY”

With RaaS groups wanting as many ways as possible to keep a low profile, some developers decided to integrate cryptocurrency mixing services in their administrative panel instead of relying on the web-based options. The developers behind Avaddon, DarkSide 2.0 (also known as BlackMatter) and REvil likely integrated the BitMix cryptocurrency mixer to facilitate the laundering of ransom payments for program affiliates. Additionally, BitMix itself operated an affiliate-type program in which registered partners received 50 percent of fees charged for mixing funds. This meant any RaaS groups engaged in this partnership would receive 50 percent of the commission BitMix charged ransomware affiliates With BitMix commissions reaching as much as 4 percent, the affiliate program presents an appealing prospect to RaaS groups.

Action against Cryptomixers

Larry Dean Harmon, founder of Helix and Coin Ninja, has been fined $60 million for being involved in money laundering. He is among the first mixing services operator in the crypto industry, but the Financial Crimes Enforcement Network announced its involvement in money laundering on Monday. The founder has faced continued criminal charges and is now fined for breaching the Bank Secrecy Act (BSA). Larry was arrested in February for operating mixers that the prosecutors allege constitute unauthorized money services companies. The charges against Harmon indicate that he has laundered more than $300 million in Bitcoin.

CONCLUSION

Cryptomixers are a linchpin in ransomware schemes. Through these services, threat actors can achieve their end goal of cashing out and keeping the criminal underground liquid through the trade of illicit goods and services. A thorough understanding of the operational underpinnings of these mixing services is key to comprehending how criminals are laundering the money they earn from their crimes. It’s important to understand how all facets of a ransomware operation works if civil society is to stop the losses inflicted by these schemes.

What is DAC ? What are its Benefits for Indians

Digital Address Code (DAC) as address for eKYC, property tax, online shopping !

The Department of Posts, Government of India, is in the process of creating an unique  Digital Address Code (#DAC) as a  proof of address  which can be used for booking an online delivery or for paying property tax.DAC would help in digitally authenticating an address.

--Currently, Aadhaar is commonly used as a proof of address. But the address mentioned on the Aadhaar card cannot be digitally authenticated. 

--DAC would be an unique address identity and is usable by all stakeholders.  DAC is expected to identify each address in the country uniquely and link the address to its geospatial coordinates represented numerically or alphanumerically.

--DAC is proposed as a solution. It would be an input that could be keyed in or captured out of a QR Code by apps of service providers and would be cognizable by digital maps.

--However, in the case of sensitive establishments, the DAC may not be issued or it may be linked to coordinates of a “neighbourhood” or city.

--DAC would be unique for each address i.e. each individual dwelling unit or office or business. For example, each flat in an apartment would get separate DAC. This code would be permanent for each address.

--The proposed DAC would be useful for the logistics and eCommerce industry and also help in targeting social sector benefits to the right beneficiary. As per the proposal, each and every dwelling unit in the country would get a DAC. For this, satellite imagery with 5m resolution has been proposed to be used.

--There will be a process for the verification of DACs. All verified DACs would be eligible for an online address authentication service.

Benefits of DAC:

The draft proposal has listed some of the following benefits of DAC:

1. The proposed DAC would be linked to geospatial coordinates. It will help provide address authentication as an online service.

2. The DAC would help in simplifying the KYC verification process in business sectors like banking, insurance, telecom etc. This would further result in reduced cost of doing business. DAC online authentication combined with Aadhaar authentication would be a truly digital eKYC.

3. The DAC may lead to higher productivity and quality of service in delivery services, especially eCommerce. It would also help reduce eCommerce fraud.

4. DAC is expected to simplify the delivery and implementation of Government Schemes.

5. The adoption of DAC would lead to increased financial and administrative efficiencies across sectors like property taxation, emergency response, disaster management, election management, infrastructure planning and management, census operations and grievance redressal.

6. The DAC is expected to fulfil the requirements put forth regarding 'One Nation One Address' (#ONOA) by the Working Group of Ministers on Employment Generation and Skill Development dated 22nd October 2020.

पुलिस द्वारा इलेक्ट्रॉनिक उपकरणों की खोज और जब्ती के लिए दिशानिर्देश

 

 .. Dr. Prashant Mali

न्यायदृष्टांत वीरेंद्र खन्ना वि. कर्नाटक राज्य और अन्य (2021) के मामले में, उच्च न्यायालय ने जांच अधिकारियों द्वारा खोज करने के तरीके और स्मार्ट फोन से संबंधित जांंच के दौरान एकत्र किए गए सबूतों तथ्यो के संरक्षण के संबंध में दिशा निर्देशों को रेखांकित किया गया है।

इलेक्ट्रॉनिक उपकरण या ईमेल खाते:

न्यायालयने  एक मामले की सुनवाई करने के दौरान कहा जिसमें जांच के दौरान आरोपी से मोबाइल फोन की तलाशी और जब्ती शामिल थी। इस संदर्भ में न्यायालय ने अभिनिर्धारित किया कि एक जांच के दौरान अपनाई जाने वाली प्रक्रिया के संबंध में कोई विशिष्ट कानून नहीं है जिसमें इलेक्ट्रॉनिक उपकरण शामिल हैं।

निर्णय में यह निष्कर्षित किया गया कि इलेक्ट्रॉनिक उपकरणों की खोज और जब्ती के संबंध में पुलिस विभाग द्वारा विस्तृत दिशा-निर्देश तैयार किए जाने चाहिए। तब तक न्यायालय ने निम्नलिखित दिशा-निर्देशों को जारी किया-

निम्नलिखित दिशानिर्देश: व्यक्तिगत संगणक (कंप्यूटर) या लैपटॉप के मामले में -

1. किसी भी इलेक्ट्रॉनिक उपकरण, स्मार्टफोन या ई-मेल खाते के संबंध में परिसर की तलाशी लेते समय, खोज दल के साथ एक योग्य फोरेंसिक परीक्षक होना चाहिए।

2. तलाशी के समय जिस स्थान पर संगणक (कंप्यूटर) रखा या रखा जाता है उसकी फोटो इस प्रकार ली जानी चाहिए कि बिजली, नेटवर्क आदि सहित तारों के सभी कनेक्शन ऐसी फोटो में आ जायें।

3. संगणक (कंप्यूटर) और लैपटॉप किस तरह से जुड़ा है, यह दिखाने के लिए एक रेखाचित्र तैयार किया जाना चाहिए।

4. यदि संगणक (कंप्यूटर) चालू है और स्क्रीन खाली है, तो माउस को स्थानांतरित किया जा सकता है और जैसे ही स्क्रीन पर छवि दिखाई देती है, स्क्रीन की फोटो ली जानी चाहिए।         

5. मॅक पता भी पहचाना और सुरक्षित किया जाना है। फोरेंसिक परीक्षक के उपलब्ध न होने की स्थिति में, संगणक (कंप्यूटर) को अनप्लग करें, संगणक (कंप्यूटर) और तारों को लेबल करने के बाद अलग-अलग फैराडे कवर में पैक करें।

 

संगणक (कंप्यूटर), लैपटॉप आदि की जब्ती के संबंध में उपरोक्त कदमों के अलावा, यदि उक्त उपकरण किसी नेटवर्क से जुड़ा है, तो निम्नलिखित की सिफारिश की गई  है:

1.    यह पता लगाने के लिए कि क्या उक्त उपकरण किसी रिमोट स्टोरेज डिवाइस या साझा नेटवर्क ड्राइव से जुड़ा है, यदि ऐसा है तो रिमोट स्टोरेज डिवाइस और साझा नेटवर्क डिवाइस को जब्त करें।

2.    वायरलेस एक्सेस पॉइंट्स, राउटर्स, मोडेम्स और ऐसे एक्सेस पॉइंट्स, राउटर्स, मोडेम्स से जुड़े किसी भी उपकरण को जब्त करे जो कभी-कभी छिपे हो सकते हैं।

3.    यह पता लगाने के लिए कि क्या किसी असुरक्षित वायरलेस नेटवर्क को स्थान से एक्सेस किया जा सकता है। यदि हां, तो उसकी पहचान करें और असुरक्षित वायरलेस उपकरणों को सुरक्षित करें क्योंकि हो सकता है कि आरोपी ने असुरक्षित वायरलेस उपकरणों का उपयोग किया हो।

4.    यह पता लगाने के लिए कि नेटवर्क का रख-रखाव कौन कर रहा है और नेटवर्क को कौन चला रहा है, नेटवर्क के संचालन और ऐसे नेटवर्क मैनेजर से जब्त किए जाने वाले उपकरणों की भूमिका से संबंधित सभी विवरण प्राप्त करें।

 

मोबाइल उपकरणों के मामले में, निम्नलिखित की सिफारिश की गई है:

मोबाइल उपकरणों का मतलब होगा और इसमें स्मार्टफोन, मोबाइल फोन, टैबलेट जीपीएस यूनिट आदि शामिल होंगे।

1.    डिवाइस को किसी फैराडे बैग में पैक करके नेटवर्क से संचार करने और वाई-फाई या मोबाइल डेटा के माध्यम से किसी भी वायरलेस संचार को प्राप्त करने से रोकें।

2.    डिवाइस को पूरे समय चार्ज रखें, क्योंकि अगर बैटरी खत्म हो जाती है, तो वोलेटाइल मेमोरी में उपलब्ध डेटा खो सकता है।

3.    स्लिम स्लॉट की तलाश करें, सिम कार्ड को हटा दें ताकि मोबाइल नेटवर्क तक किसी भी पहुंच को रोकने के लिए, एक फैराडे बैग में सिम कार्ड को अलग से पैक करें।

4.    तलाशी के दौरान, यदि जांच अधिकारी ने परिसर में स्थित सीडी, डीवीडी ब्लू-रे, पेन-ड्राइव, बाहरी हार्ड ड्राइव, यूएसबी थंब ड्राइव, सॉलिड-स्टेट ड्राइव आदि जैसे कोई इलेक्ट्रॉनिक स्टोरेज डिवाइस जब्त किए हैं, तो उन पर लेबल लगाकर  उन्हें एक फैराडे बैग में अलग से पैक करें।

5.    संगणक (कंप्यूटर), स्टोरेज मीडिया, लैपटॉप आदि को मैग्नेट, रेडियो ट्रांसमीटर, पुलिस रेडियो आदि से दूर रखा जाना चाहिए क्योंकि वे उक्त उपकरणों में डेटा पर प्रतिकूल प्रभाव डाल सकते हैं।

6.    निर्देश मैनुअल, दस्तावेज आदि प्राप्त करने के लिए परिसर की तलाशी लेना, साथ ही यह पता लगाने के लिए कि कहीं पासवर्ड लिखा हुआ है या नहीं, क्योंकि कई बार उपकरण रखने वाले व्यक्ति ने उक्त स्थान पर अथवा एक किताब, लेखन पैड या कही और पासवर्ड लिखा हो सकता है ।

7.    जांच/खोज दल के परिसर में प्रवेश करने से लेकर उनके बाहर निकलने तक पूरी प्रक्रिया और प्रक्रिया को लिखित रूप में प्रलेखित किया जाना है।

             

पासवर्ड जब्त करने की प्रक्रिया:

एक जांच अधिकारी जांच के दौरान आरोपी को पासवर्ड/पासकोड/बायोमेट्रिक्स प्रस्तुत करने के लिए ऐसे निर्देश जारी कर सकता है।              

यदि आरोपी अधिकारी के निर्देशों का पालन नहीं करते हैं, तो अधिकारी तब तलाशी आदेश जारी करने के लिए न्यायालय में आवेदन कर सकता है।

मोबाइल फोन या लैपटॉप की खोज करने की आवश्यकता दो परिस्थितियों में उत्पन्न होगी - एक आपात स्थिति में जब यह आशंका हो कि किसी उपकरण में निहित संभावित साक्ष्य नष्ट हो सकते हैं, इस परिदृश्य में, खोज वारंट पर जोर देना व्यर्थ होगा और इसके बजाय यह उचित होगा यदि जांच अधिकारी ने लिखित रूप में अपने कारणों को दर्ज किया कि ऐसी तलाशी बिना वारंट के क्यों की जा रही थी, यानी ऐसे अधिकारी द्वारा तलाशी की आकस्मिक प्रकृति के बारे में उद्देश्य संतुष्टि को पर्याप्त विवरण में दर्ज करना होगा, ऐसा न करने पर वारंट के बिना तलाशी क्षेत्राधिकार के बिना होगी।

दूसरे मामले में जांच के नियमित सामान्य क्रम में, अपेक्षित पासवर्ड प्राप्त करने के लिए तलाशी वारंट प्राप्त करना आवश्यक होगा।              

सीआरपीसी का अध्याय-7 जो खोज और जब्त करने की शक्ति प्रदान करता है, पर भरोसा किया गया था कि स्मार्टफोन को भी खोजा जा सकता है। यदि कोई आरोपी व्यक्ति सर्च वारंट और पासवर्ड प्रदान करने के निर्देश का विरोध करता है, तो उसके खिलाफ एक प्रतिकूल निष्कर्ष निकाला जा सकता है और जांच अधिकारी जानकारी प्राप्त करने के लिए डिवाइस को हैक करने के लिए आगे बढ़ सकता है।   

           

पासवर्ड देना आत्म-अपराध की परिधि नहीं है:

कर्नाटक उच्च न्यायालय ने यह भी कहा कि स्मार्ट फोन से प्राप्त साक्ष्य वास्तव में आरोपी के अपराध को साबित नहीं कर सकते हैं। इस तरह के सबूत अन्य सबूतों के बराबर होते हैं जिन्हें किसी आरोपी के अपराध का फैसला करने के लिए संचयी रूप से भरोसा करना पड़ता है। चूंकि मोबाइल डिवाइस से प्राप्त साक्ष्य वास्तव में किसी आरोपी व्यक्ति को दोषी नहीं ठहरा सकते हैं, उच्च न्यायालय ने तर्क दिया कि पासवर्ड देने का कार्य आत्म-अपराध की परिधि नहीं हो सकता। 

पासवर्ड देना निजता के अधिकार का उल्लंघन नहीं है:

कर्नाटक उच्च न्यायालय ने यह भी माना कि पासवर्ड प्रस्तुत करना गोपनीयता के अधिकार का उल्लंघन नहीं करता है, और संबंधित डिवाइस से प्राप्त जानकारी का उपयोग जांच के दौरान किया जा सकता है क्योंकि यह पुट्टस्वामी में बनाए गए अपवादों के अंतर्गत आता है। हालांकि यह स्वीकार किया कि जांच अधिकारी के पास आरोपी की व्यक्तिगत जानकारी की अधिकता होगी, जिसे उसी तरह से संभाला जाना है जैसे भौतिक रूपों में साक्ष्य को संभाला जाता है और यह कि जांच अधिकारी किसी भी व्यक्तिगत जानकारी के दुरुपयोग या तीसरे पक्ष के साथ जानकारी साझा करने के लिए उत्तरदायी होगा।      

                      

सामान्य दिशा-निर्देश:

•     सभी मामलों में जब्त किए गए उपकरणों को धूल रहित और तापमान नियंत्रित वातावरण में रखा जाना चाहिएः

•     तलाशी के दौरान जांच अधिकारी परिसर में स्थित सीडी, डीवीडी, ब्लू-रे, पेन ड्राइव, बाहरी हार्ड ड्राइव, यूएसबी थंब ड्राइव, सॉलिड स्टेट ड्राइव आदि जैसे किसी भी इलेक्ट्रॉनिक स्टोरेज डिवाइस को जब्त करने, लेबल लगाने और पैक करने के लिए एक फैराडे बैग का उपयोग किया जाना चाहिये।

•     संगणक (कंप्यूटर), स्टोरेज मीडिया, लैपटॉप आदि को मैग्नेट, रेडियो ट्रांसमीटर, पुलिस रेडियो आदि से दूर रखा जाना चाहिए क्योंकि वे उक्त उपकरणों में डेटा पर प्रतिकूल प्रभाव डाल सकते हैं,

•     निर्देश मैनुअल, दस्तावेज आदि प्राप्त करने के लिए परिसर की तलाशी लेना, साथ ही यह पता लगाने के लिए कि क्या पासवर्ड कहीं लिखा गया है, क्योंकि कई बार उपकरण रखने वाले व्यक्ति ने पासवर्ड को उक्त स्थान पर अथवा एक किताब, लेखन पैड या इसी तरह लिखा हो सकता है।

•     जांच/खोज दल के परिसर में प्रवेश करने से लेकर उनके बाहर निकलने तक पूरी प्रक्रिया और प्रक्रिया को लिखित रूप में प्रलेखित किया जाना है। 

Child Pornography : Detection and Prevention Using Technology

There are many organisations of all sizes that are committed to fight against Child Pornography and Child sex abuse. They are from civil society groups and specialist NGOs to other technology companies, and I too work in this field by contributing my thoughts occasionally as a Lawyer handling such cases. This article is compilation of latest softwares available for combating the crime of child sex abuse or child Pornography using technology.

Microsoft developed PhotoDNA, which is used by NCMEC and online service providers to prevent the redistribution of child Pornography and child sex images.

The Internet Watch Foundation (IWF) similarly works with internet companies to remove child Pornography and child sex images from servers, and collect evidence for police investigations.

Google also scans for child Pornography and child sex images across its Apps  including YouTube, and through a content safety API helps companies like Facebook detect child Pornography and child sex images material .

A forensic tool called Child Protection System, which scans file-sharing networks and chatrooms to find computers that are downloading photos and videos depicting the sexual abuse of prepubescent children. The software, developed by the Child Rescue Coalition, a Florida-based nonprofit, can help establish the probable cause needed to get a police search warrant.

The Child Protection System, which lets police officers search by country, state, city or county, displays a ranked list of the internet addresses downloading the most problematic files. The tool looks for images that have been reported to or seized by police and categorized as depicting children under age 12.

The AI tool, called Safer, is developed by non-profit Thorn to assist businesses which do not have in-house filtering systems to detect and remove such images. Safer is one tool which could help with quickly flagging child abuse content to limit the harm caused.The detection services of Safer include Image Hash Matching, CSAM Image Classifier, Video Hash Matching, SaferList for Detection.

Netclean is the AI based software company indicates that its product, Net Clean ProActive, “detects when child sexual abuse material is being handled in your IT-environment. Similar to anti-virus software, but instead of detecting computer viruses, ProActive finds images and videos that law enforcement has classified as child sexual abuse material.”

Apple plans to scan iPhones for images of child sexual abuse, The tool designed to detect known images of child sexual abuse, called "neuralMatch," will scan images before they are uploaded to iCloud. If it finds a match, a human will review the image. If child pornography is confirmed, the user's account will be disabled and the National Center for Missing and Exploited Children will be notified. The system will not flag images not already in the center's child pornography database.

All efforts are made by sane organisations to combat this elephant in the room, efforts by the organisations and companies mentioned above is a method where Technolgy is used to solve a daily problem . I feel we accepting the reality that problem exist in our society brings in many solutions.

What does Pegasus Spyware do? Don’t Overthink

What does the Pegasus spyware do? Don’t Overthink 

Did you imagine some super spy software which tracks you even when your mobiles internet or data connection is off.

According to the software’s description on the NSO Group’s website, the Pegasus spyware is capable of complete data extraction from the victim’s phone.

What makes this software worse is that it can be used for remote and stealth monitoring, without the victim even realising that they are being watched.The NSO Group’s website notes that the spyware can extract data remotely via untraceable commands.The Pegasus spyware could essentially make it unnecessary to have physical access to a device to spy on victims.



For instance, iPhones, which are usually touted for being secure, reportedly have a gaping security issue in iMessage that allows remote access and duplication of data.

But if you are common man please don’t overthink all the above to operational day in day out requires cash to be burnt and if you are common man like me no government is gonna spend on you so chill, 

DONT OVER THINK

How to check if your mobile has PEGASUS 

Amnesty International has developed Mobile Verification Toolkit (MVT), this tool helps the user to identify whether his phone has been hacked by Pegasus spyware or not. It works with both Android and iOS devices, although Amnesty said that more forensic traces were found on iPhones than Android devices, which makes it easier to detect on iPhones.

MVT requires at least Python 3.6 to run on the system. MacOS users need to have Xcode and Homebrew installed as well. If you want to view forensic traces on an Android device, you'll also need to install certain dependencies.

Users have to back up their data to allow MVT to decrypt all files stored locally on their phones to see the Pegasus proofs. However, in the case of a jailbroken iPhone, a full file system dump can also be used for analysis.

Once a backup is created, MVT uses indicators such as domain names and binaries to look for Pegasus related traces of NSO. If you have an encrypted iPhone backup, you can also use MVT to decrypt your backup without having to make a whole new copy.

The code for the tool is also open source and is available on GitHub along with detailed documentation.

Pegasus has been termed as the most sophisticated hacking software available today to intrude phones. The NSO Group has, time and again, claimed that it does not hold responsibility in case of misuse of the Pegasus software. The group claims that it only sells the tool to vetted governments and not individuals or any other entities.

How to Pay Ransom During Ransomeware attack on your company ?

How to Pay Ransom during a Ransomeware cyber attack in India ?

The demand for ransom is illegal under the IPC, but not the payment. If business exigencies require, ransom may have to be paid under duress. even Section 37 of the income tax Act in India will not come in the way of the claim for deduction of ransom money. Commissioner of Income Tax Vs M/s Khemchand Motilal Jain (Madhya Pradesh High Court (2011))

There are also companies that swoop in at the last minute to handle the logistics. companies like CyberSecOp, DigitalMint, are a full-service, final-mile crypto broker.They are at the end of the process

They hired specialists, after the forensic consultants, the company, and stakeholders have all made the determination victims have exhausted all their options and that paying the ransom from an economics perspective is the best way to move forward. That’s when they come to companies like CyberSecOp, digitalmint in order to help them acquire crypto at any time of day or night,

In the space of 30 to 60 minutes from initial contact, these companies are able to make the ransom payment for the victim. This includes vetting the hacker to make sure they aren’t tied to a U.S.-sanctioned country and going on the open market, order books and exchanges to acquire the cryptocurrency needed to pay the ransom.

They say that 90% to 95% of ransoms are paid in bitcoin, but monero is an increasingly popular option. Monero is considered more of a privacy token and allows cybercriminals greater freedom from some of the tracking tools and mechanisms that the bitcoin blockchain brings.

Since January 2020, DigitalMint alone has facilitated more than $100 million in ransomware settlements with a median payment of $800,000.

Last year, crypto ransomware payments overall more than quadrupled from 2019 levels to $350 million, according to Chainalysis,  that figure is likely understated. But the true number may be closer to $1 billion.

In April, a task force including Amazon Web Services, Microsoft, the FBI and the Secret Service, among others, delivered recommendations to the White House on how to fight the ransomware threat. On the question of whether to ban payments to attackers, the group of more than 60 members was split.

Part of the problem is that the threat actors are getting greedy at pricing their ransom demands. 

If they ask for too much, forensics goes through their feasibility studies and says, ‘Well, that’s too much. Let’s just rebuild our systems, take a risk, and not pay for it,’ 

At a certain point, it is more economically viable to just pay the ransom rather than hemorrhaging cash due to paralyzed operations.

Bitcoin is the most popular currency demanded by ransomware attackers, but other cryptocurrencies they have dictated include Ethereum, Zcash, and Monero.

Other methods

The first step is to contact your organization's bank to determine if they transfer funds to a cryptocurrency exchange, and if there are any limits.

Then set up an account with a cryptocurrency exchange such as CoinDCX or WazirX,  or on coinbased which is FDIC-insured for up to $250,000 held in US currency in a custodial account. Once the US dollars are exchanged for digital currency, Coinbase insures the digital currency should its system be breached, but does not insure the breach of an individual account, according to its website.

Once you create a cryptocurrency exchange account, have your bank transfer/wire its government-issued currency into the wallet or custodial account. From there, you can purchase some cryptocurrency to hold in a digital wallet or custodial Coinbase account.

But you may want to think twice before buying and holding cryptocurrency in custodial accounts because the value of this currency can be highly volatile. 

To seed a cryptocurrency exchange account or Coinbase account in advance of any ransomware attack, you must open an account with one of the cryptocurrency companies such as Bitcoin, Zcash, Ethereum, or Monero.

For Small Ransom Payments, Go to a Bitcoin ATM

Using a Bitcoin ATM is faster than purchasing Bitcoins online, says Neal Conner, a customer service manager for Bitcoin ATM manufacturer Lamassu, which has 300 machines across the globe through independent operators.

These ATM machines are cash-based, no [credit or debit] cards or bank accounts are required. If you're buying online, they certainly are from the brokerage or exchange you are purchasing them from. With online methods of purchasing Bitcoins, most users have to go through registration, verification, and linking of credit cards or bank accounts, a cumbersome process, especially if you have cash and just want Bitcoin immediately.

First, download a Bitcoin mobile wallet app on the Bitcoin site for Android or iOS Phone.

The wallet allows you to access one of the growing network of Bitcoin ATM machines, such as Coinucopia. The Bitcoin wallet app for Android or Breadwallet for the iPhone, for example, work with this particular ATM, for example. Next, download an app for reading QR codes. The ATM reads the wallet information via its QR code displayed on the phone.

The Coinucopia ATM can accept a minimum of $5 to a maximum of $3,000 per transaction, which will then be converted into Bitcoin and loaded onto the phone's Bitcoin wallet. The maximum daily amount that can be purchased for a Bitcoin wallet account is $10,000.

Once the money is loaded onto the digital wallet, the ransomware address can be entered onto your smartphone and the payment sent.

Pay via an Online Cryptocurrency Account

If just a limited number of machines or devices are hit with ransomware, online payment may be a good option.

The decision to use an online cryptocurrency service verses a Bitcoin ATM machine largely depends on the comfort level of the person handling the transaction.

Depending on the cryptocurrency exchange service, a cap generally exists on the amount of Bitcoin, Monero, or other type of cryptocurrency that can be purchased per transaction.

For example, a cap of $5,000 per transaction to purchase Bitcoin or to convert Bitcoin to Monero would require you to execute the purchase process 14 times if you have 50 computers and devices infected with ransomware and a ransom demand of $1,400 per machine. That would total a $70,000 purchase in digital currency, and potentially exceed the daily allotment per account that is available.

Depending on the type of cryptocurrency the attacker demands - Bitcoin, Monero, Zcash, or Ethereum - the type of account you would need to get and number of services differs.

If a ransom demand is in Monero, for example, you need a Monero digital wallet. Additionally, you need to sign up for a digital currency converter service such as ShapeShift, because a number of cryptocurrency exchanges do not accept Monero directly, Spagni explains. You would also need to sign up for a cryptocurrency exchange to purchase the Bitcoin, which would then be converted to Monero using ShapeShift.

Signing up for a digital wallet, cryptocurrency exchange, and digital currency converter service, can take longer to execute a transaction than using a Bitcoin ATM.

Final Advice

Try to Convince decision makers Not to Pay the Ransom

Don't give up hope that your CEO or board of directors will have a change of heart and give up on paying ransom.

Tell them the main reason not to pay: it doesn't necessarily not guarantee access to the locked files, sometimes even cybercriminals don't know the decryption key coz ransomeware seller never sold the decryption key to the cyber criminal.

Sane advice: Don't pay the ransom. Once you do, they may keep coming back for more. That's like Kidnapping. The other thing is that if other cyber criminals in this space know you pay, then they, too, will hit you up next.