The term “hacker” has become a buzzword. Most of the security-focused companies have a white-hat hacker testing their systems, but we’re not talking about that today. When I say hacker in this article, I mean the illegal kind; the kind that’s been romanticized in hundreds of Hollywood movies where hacking is just furiously smashing the keyboard for ten seconds.

Well, what do you know, in reality, it’s a lot different. Plus, you don’t even have to be a genius or even particularly tech-savvy to start hacking people. Ransomware and particularly crypto-locker attacks are an explosive industry, with an estimate of $5 Bn being extracted in 2017 alone. That’s due to the simple fact that you no longer need to have advanced programming skills to get a ransomware program.

Cryptolockers as a Service 101

Does the name EternalBlue mean anything to you? If you’re not on top of cybersecurity news, it probably won’t. However, pretty much everyone by now has heard of the WannaCry ransomware attack that hit the NHS in the UK, effectively sending a ton of hospitals back to 1950s and causing nearly £100 M in damages.

The infamous ransomware was based on EternalBlue, reportedly developed by the NSA. So what is it, exactly? EternalBlue is a Microsoft vulnerability (that they patched, although it’s safe to say that it didn’t really fix the issue) and an exploit that is used by many attackers.

“Unfortunate” is a very weak way of describing the fact that such a strong exploit became so easily accessible to malicious agents. However, it’s not surprising. There is no such thing as a system that’s unhackable or 100{6feaf74659bb228ac71d4b44630a8d52e718e4127a7f4337598235e19f63e205} safe. Today, getting into a network can take as little as an investment that’s way below the price of the new iPhone.

And that’s, of course, not where it ends with EternalBlue. Another huge hit was taken by Maersk, a maritime company, that had been hit with a cryptolocker called NotPetya. While it cost the company about $300 M, its widespread damage is estimated in billions of US dollars and is widely regarded as true cyberwar.

Cryptolocker programs — a type of ransomware that encrypts files on computers that are affected — can be easily bought on the dark web. Funnily enough, it’s available as a service much like any antivirus software, and the only catch is that you have to be able to access the dark web. But of course, you can easily Google how to do exactly that and get helpful 10-step guides with screenshots.

So, how would you spread your shiny new ransomware? You probably need access to thousands of emails that you can easily get to (maybe you want to see what’s inside these people’s inboxes, too). Great news — you can buy huge lists of active emails for about the price of a pumpkin spice latte.

The World of Noob Hackers: How to Protect Yourself?

A year’s subscription to cryptolocker software costs about $600. A 100k list of active emails goes for $5–6. Setting the whole campaign requires the ability to use Google and follow simple 10-step guides, as well as a couple of hours to kill. Clearly, just about anyone can do it; and that’s why ransomware is so prevalent today.

Simply downloading antivirus and calling it a day is not going to protect you. While you do need software that is capable to identify and defend against ransomware, it’s better to avoid getting it in the first place. In order to get you to download malicious programs, hackers still heavily rely on good old social engineering.

The problem with social engineering is that it exploits the inherent psychological flaws that pretty much every one of us has. This article talks about an experiment in which an ethical hacker has shown just how powerful it can be. He managed to get into a computer of a powerful CEO, as well as into the network of an entire theme park by exploiting simple human vulnerabilities.

Although the article has been written five years ago, it’s still very much relevant today. Technology is incredibly prevalent in our lives — in fact, only 11{6feaf74659bb228ac71d4b44630a8d52e718e4127a7f4337598235e19f63e205} of Americans don’t use the internet — but contradictory to that fact, we’re still a pretty defenseless bunch, and hackers happily make use of that.

However, in the age where you can learn so much with just a little bit of time on your hands and a couple of Google searches, you don’t have an excuse to remain uninformed. Simply knowing how the most common scam techniques work you’re already getting ahead of the crowd full of vulnerable people that are susceptible to online attacks.

Few Simple Antiphishing Tips:

  1. Does this email look suspicious? Look out for attachments or links, because this is how the malicious software gets into your computer. If you’re not 110{6feaf74659bb228ac71d4b44630a8d52e718e4127a7f4337598235e19f63e205} sure you were supposed to get this email with this exact file, don’t open it. Don’t click on the links you’re not sure why you’re seeing and if it’s coming from someone you know, double-check with them if they really sent it to you.
  2. Don’t click strange links. You can get infected by simply clicking a link on a YouTube comment, and sometimes even by a Google ad. Don’t be mindless when you go online, and make sure that you always have your antivirus and scan your computer regularly.
  3. Don’t download random software. This is like openly inviting hackers to make use of your network. If you’re downloading a program, make sure you know who created it and that you really do need it. Do a quick Google search “is X a scam” or “is Y malware” to make sure it’s not an obviously malicious program you’re letting into your system.
  4. Use reliable programs that can protect you. Even if you’re mindful about what you do online, you need software that can help you stay safe. Do your research before you pick a provider and invest in tools that have a proven track record of stopping malicious agents.
  5. Make use of vast security-focused databases. VirusTotal can scan websites and files to check for malware. Have I Been Pwned? can tell you if your email has been compromised. Subscribe to blogs and news’ sites talking about security, and remain on top of things at all times.

The bottom line is that no matter what you do, you’re never 100{6feaf74659bb228ac71d4b44630a8d52e718e4127a7f4337598235e19f63e205} safe if you go online at all. With so many institutions getting affected by malicious agents, you cannot even be 100{6feaf74659bb228ac71d4b44630a8d52e718e4127a7f4337598235e19f63e205} sure your sensitive information won’t become public even if you live internet-free, because governmental institutions know a lot about you, but very little about security.

However, that doesn’t mean you should go live under a rock. Simply knowing a few things about how attacks happen can help you avoid them, or remain calm and collected and do the right thing if you do get hit. Godspeed!

At ROKKEX, we take security extremely seriously and our crypto exchange is built on ‘Security First’ principle. We want to share our expertise with the broader public for the world to become happy, safe, and wise.

If you have any ideas and suggestions, contact us at

Website . LinkedIn . Facebook . Twitter . Telegram . Reddit . Instagram 

Leave a Reply