The other war of cyber-attacks that worries everyone

It is midday Sunday and the Hospital Clínic suffers an imminent crash in its systems. All the alarms are sounding as the technicians try to recover from a situation that breaks with the usual routine: a ransomware cyber-attack has been perpetrated against one of the most important hospitals in Spain.
 
It is not just any attack. The Spanish state security forces specialised in cyber-attacks and cyber-surveillance go into action after verifying that the criminal group RansomHouse is behind the incident that has paralysed the health complex.
 
They are a significant criminal power: they operate in the dark, they are delocalised and cyberpolice do not have an easy time locating them; the only thing the press is told is that they operate from abroad and work with the same "modus operandi" to cyber-hijack the network of the vulnerable entity in exchange for a financial ransom, only then can it be released and control be regained.
 
Ransomware is a form of malware that encrypts a victim's files and the attacker demands a ransom in exchange for restoring access to the data in return for payment. "Users are shown instructions on how to pay for "their release" to obtain the decryption key; ransoms can range from a few hundred dollars, to thousands, and always paid in Bitcoin."

The Clínic has been caused a huge problem as a vital health infrastructure. In just the first 48 hours of the virtual hijacking, the centre halted more than 150 surgeries and cancelled more than 3,000 consultations; it also stopped attending all emergencies.

With everything automated, the medical prescriptions of its inpatients had to be reviewed manually. The main concern of the management is related to the research against cancer and rare diseases carried out by this specialised centre renowned for its numerous transplants and linked to the Trasplant Service Foundation. 
 
The hypothesis is that this attack was perpetrated in order to steal information on these numerous and valuable research projects on cancer and other rare diseases. 
 
Neither the experts of the Catalan Cybersecurity Agency nor the Mossos d'Esquadra have managed to solve the problem as quickly as possible, revealing the vulnerability of infrastructures and the damage that can be caused by these powers operating from the shadows of the Internet.

Tomás Roy, director of the Catalan Cybersecurity Agency, said that this was a "complex" attack and that, contrary to what happens in these cases, it does not follow the same pattern because it includes new and more sophisticated techniques.
 
This was the first major ransomware attack against a major hospital in Spain and one that has achieved its purpose, considering that, according to sources consulted, experts in cybersecurity in the Iberian country, at least a dozen attacks are attempted every day against vital infrastructures by "foreign terrorists" operating on the Internet. 
 
A few months ago, a ransomware attack took place in the United States against the provider Community Health Systems (CHS), which manages patient data in a network of 80 hospitals across the United States. On that occasion, the attacking group stole data on one million hospitalised patients. 
 
This form of cybercrime has many purposes: from stealing election data, to intervening in election results to undermine democracy and trust in institutions; to cyber-hijacking relevant public and private entities for ransom and financial gain; to deliberately acting as a terrorist actor to cause harm to the population and to cause chaos, confusion and disorder.

There is a whole hybrid warfare going on in different countries, in different spheres, and it does not necessarily have bombs, missiles or an invading army. What this new way of disrupting and disturbing the stability of other countries above all is about is generating chaos through cyber attacks; provoking terrorism; using the massive flows of illegal migration as a weapon of war; taking advantage of social networks to misinform, cause confusion and pour out a discourse of hatred and in favour of social rupture. A hybrid war that is also fuelled by biological warfare over an unknown virus. 
 
In the case of the SARS-CoV-2 virus, three years after the pandemic was declared, the question remains as to how the pathogen arose; nor, in cybercrime, is it easy to detect the culprits because they are almost always delocalised. They are a rather pernicious and disturbing power in the dark.
 
According to Cybersecurity Ventures, cybercrime is booming: by 2023, it could have an impact of close to $8 trillion globally and the forecast for 2025 is $10.5 trillion.

At the last meeting between Joe Biden and Vladimir Putin in Geneva in 2021, the US president told the Russian leader to his face that he was ready to respond with all his capabilities to the cyber-attacks against the United States, which are aimed at damaging oil pipelines and even water sanitation systems.
 
In May 2021, the Colonial Pipeline was hijacked, leaving 17 US states without fuel and causing chaos; two months earlier, in another cyberattack, a water treatment plant in Oldsmar, Florida, detected in time that "someone" was manipulating the chemical levels of sodium hydroxide to poison the city's water.
 
As a correspondent, I was able to be present at this meeting. At one point, President Biden asked Putin the following question: "I ask you, would you like it if these cybercriminals were attacking you, for example, your refineries? Would you like that?
 
Biden then added that his country is ready to respond to every cyberattack with its maximum capabilities because "these ramsoware criminals have to be stopped" and, in fact, he invited Putin to put a limit on them together "because it is unacceptable". He also stressed to the Russian leader that there are 16 key points in the US infrastructure that must be kept out of any attack, otherwise they will respond.
 
In January last year, the Russian Federal Security Service reported the arrest of members of the REvil group, and at the request of the FBI it was possible to apprehend fourteen members who were distributed in various parts of Russia. The White House said REvil was behind the attack on the Colonial Pipeline company.
 
How did they find them? According to the Russian justice system by following the route of the money received for their numerous cyber hijackings, although they were all blockchain operations.
 
There is another group also linked to Russia, Evil Corp, which is on the list of those most wanted by the United States in the field of cybercrime, but the American justice and investigation services require the cooperation of the Russian authorities. They do not have that.
 
The FBI and Interpol have already managed to arrest and dismantle other hacker groups located in Ukraine, South Korea, Romania and Kuwait; but it has not been possible to do the same in the case of Evil Corp because it is inside Russia. 
 
Recently, the FBI and the European Police, together with German authorities, managed to apprehend an 11-person cell of a group allegedly linked to Evil Corp in Dusseldorf; they are accused of being responsible for attacking the UK National Health Service and the Dusseldorf University Hospital through the DoppelPaymer technique.
 
"With DoppelPaymer, data stolen from some 200 companies in various parts of the world, including the US defence sector, has been released," according to Brett Callow, an analyst at cybersecurity firm Emisosft.
 
The "Ransomware in a Global Context" report, prepared by Virus Total, indicates that more than 130 different ransomware variants were detected in 2020, most of them linked to attacks in 2020 against 14 of the 16 critical infrastructure sectors in the United States. In fact, alarms about the breach of US national security were raised to such an extent that it was these massive cyberattacks that motivated Biden to meet with Putin in Geneva in June 2021.
 
Whenever he can, President Biden's speeches almost always remind us of the cyber threat, which he sees as a "shooting war" that harms businesses of all sizes with the intention of provoking a national security emergency.
 
To make matters more tense, the invasion of Ukraine by Russian troops since 24 February last year has only increased cyber-attacks by 800% against public and private companies and governments of several countries that are mainly allied to Kiev.