Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

F-Secure’s Mikko Hypponen Talks Cyber Crime and Cyber Unicorns

At some point in the recent past — he is not sure exactly when — F-Secure’s Chief Research Officer Mikko Hypponen coined the term ‘cyber crime unicorn’. His purpose was to highlight the growing professionalism of cyber criminals; and the term caught on. Now he has asked the question seriously: could a ransomware product actually be a criminal tech unicorn; that is, a start-up business valued at more than $1 billion?

At some point in the recent past — he is not sure exactly when — F-Secure’s Chief Research Officer Mikko Hypponen coined the term ‘cyber crime unicorn’. His purpose was to highlight the growing professionalism of cyber criminals; and the term caught on. Now he has asked the question seriously: could a ransomware product actually be a criminal tech unicorn; that is, a start-up business valued at more than $1 billion?

In a new article his short answer is No; but that’s only because it would be impossible for the founders to cash-out through the traditional IPO route. By most other yardsticks, cyber crime relates favorably to legal business. Consider one of today’s prime businesses, Uber. According to a Thursday report in Bloomberg, Uber is on course to recording a $2 Billion loss this year following a similar loss last year — and yet its latest valuation is $69 billion. Cyber criminals do not make losses.

There is little financial risk in cyber crime — and especially with ransomware. Following a relatively low cost and short investment period it starts making profit very rapidly. And the profits can be extensive. One of the facilitators is the rise of bitcoin — it allows the criminals to move and launder money relatively easily and safely; but it also allows researchers to get some idea of the amounts involved.

“Ransomware gives each victim a unique bitcoin wallet into which the ransom should be paid,” Hypponen told SecurityWeek. “By getting ourselves infected in laboratory conditions we can follow what happens. The ransom is usually moved from each unique wallet into a central wallet controlled by the criminals — and from there it is laundered.” The laundering is often through buying pre-paid cards and then selling them on eBay and Craigslist; or directly through gambling casinos. But in the meantime, security firms such as F-Secure can monitor the amounts that pass through the central wallets — and it is millions of dollars.

If this were a legitimate business making this amount of money this fast, it could indeed become a unicorn. But until there are underworld stock exchanges with access to as much money as Wall Street and London, crime cannot take that final hurdle towards becoming a billion dollar business. While cyber criminals follow basic good business principles, there is not — at least, not yet — an underworld Big Business.

But if cyber crime cannot be modelled on business investments and unicorns, is it already modelled on the gangster gangs of old Chicago? “If you mean protection rackets then yes,” said Hypponen. “But it’s more crimes such as DDoS that relate directly. Taking an ecommerce site off-line is very similar to closing a high street shop through violence if the protection money isn’t paid.”

This analogy goes even deeper, because in ‘old Chicago’ there were turf wars between rival gangs. To a degree, this already happens with cyber crime — different gangs will steal ideas and even code from other gangs. “There’s even an example of one gang ‘taking out’ a rival by stealing and publishing its decryption keys,” said Hypponen.

But for now, Hypponen’s response to his own question is no, we won’t see cyber crime unicorns in the immediate future. But we do need to take note of the business-like organization and discipline within some of the gangs. He believes there are close to a hundred of these ransomware gangs, although a few might be one gang operating more than one ransomware. For now there would seem to be ample return on effort for all of them.

Advertisement. Scroll to continue reading.

Off-line backups remain our best defense against ransomware — that and an up-to-date anti-malware product. It is worth noting — as Hypponen commented — that ‘backing-up’ to online services such as Drobox, Drive and One Drive, will not solve the problem — these are on-line and not off-line backups.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...