Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

F-Secure’s Mikko Hypponen Talks Cyber Crime and Cyber Unicorns

At some point in the recent past — he is not sure exactly when — F-Secure’s Chief Research Officer Mikko Hypponen coined the term ‘cyber crime unicorn’. His purpose was to highlight the growing professionalism of cyber criminals; and the term caught on. Now he has asked the question seriously: could a ransomware product actually be a criminal tech unicorn; that is, a start-up business valued at more than $1 billion?

At some point in the recent past — he is not sure exactly when — F-Secure’s Chief Research Officer Mikko Hypponen coined the term ‘cyber crime unicorn’. His purpose was to highlight the growing professionalism of cyber criminals; and the term caught on. Now he has asked the question seriously: could a ransomware product actually be a criminal tech unicorn; that is, a start-up business valued at more than $1 billion?

In a new article his short answer is No; but that’s only because it would be impossible for the founders to cash-out through the traditional IPO route. By most other yardsticks, cyber crime relates favorably to legal business. Consider one of today’s prime businesses, Uber. According to a Thursday report in Bloomberg, Uber is on course to recording a $2 Billion loss this year following a similar loss last year — and yet its latest valuation is $69 billion. Cyber criminals do not make losses.

There is little financial risk in cyber crime — and especially with ransomware. Following a relatively low cost and short investment period it starts making profit very rapidly. And the profits can be extensive. One of the facilitators is the rise of bitcoin — it allows the criminals to move and launder money relatively easily and safely; but it also allows researchers to get some idea of the amounts involved.

“Ransomware gives each victim a unique bitcoin wallet into which the ransom should be paid,” Hypponen told SecurityWeek. “By getting ourselves infected in laboratory conditions we can follow what happens. The ransom is usually moved from each unique wallet into a central wallet controlled by the criminals — and from there it is laundered.” The laundering is often through buying pre-paid cards and then selling them on eBay and Craigslist; or directly through gambling casinos. But in the meantime, security firms such as F-Secure can monitor the amounts that pass through the central wallets — and it is millions of dollars.

If this were a legitimate business making this amount of money this fast, it could indeed become a unicorn. But until there are underworld stock exchanges with access to as much money as Wall Street and London, crime cannot take that final hurdle towards becoming a billion dollar business. While cyber criminals follow basic good business principles, there is not — at least, not yet — an underworld Big Business.

But if cyber crime cannot be modelled on business investments and unicorns, is it already modelled on the gangster gangs of old Chicago? “If you mean protection rackets then yes,” said Hypponen. “But it’s more crimes such as DDoS that relate directly. Taking an ecommerce site off-line is very similar to closing a high street shop through violence if the protection money isn’t paid.”

This analogy goes even deeper, because in ‘old Chicago’ there were turf wars between rival gangs. To a degree, this already happens with cyber crime — different gangs will steal ideas and even code from other gangs. “There’s even an example of one gang ‘taking out’ a rival by stealing and publishing its decryption keys,” said Hypponen.

But for now, Hypponen’s response to his own question is no, we won’t see cyber crime unicorns in the immediate future. But we do need to take note of the business-like organization and discipline within some of the gangs. He believes there are close to a hundred of these ransomware gangs, although a few might be one gang operating more than one ransomware. For now there would seem to be ample return on effort for all of them.

Advertisement. Scroll to continue reading.

Off-line backups remain our best defense against ransomware — that and an up-to-date anti-malware product. It is worth noting — as Hypponen commented — that ‘backing-up’ to online services such as Drobox, Drive and One Drive, will not solve the problem — these are on-line and not off-line backups.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.