The video giant is one of a number of mainstream websites on which users have published tutorials on how to create malware and ransomware used for cyber attacks – including the recent one on M&S
How-to video guides are being uploaded to YouTube explaining the steps to create the same software which has crippled M&S through a major cyber attack.
The video giant is one of a number of mainstream websites which publishes tutorials on how to create malware and ransomware. This is software designed to gain access to computer systems and then demand huge payments with a threat of often releasing sensitive information or crippling systems. The Mirror can reveal the group behind it – Scattered Spider, typically young hackers from Britain and America – are rapidly expanding by offering advice to other cyber criminals and then taking a cut of the profits. And they have taken tips and advice from a larger group called Dragon Force.
Advice on how to create the software to access systems and then demand something in return is available on Youtube and also medium.com – a social publishing platform. Experts fear this easily accessible advice will be used to launch other attacks. One video on Youtube has been viewed two million times and goes into detail on how to create the software needed.
It starts by saying: “We are talking about dangerous things. Malware or malicious software.” Although the video makes clear it is for educational purposes, the guide says: “I encrypted, now let’s hold them for ransom. Let’s encrypt those suckers right now. Here we go.”
The 30 minute video then goes into precise detail on how it is done. A number of people commenting say it is shocking that such detail is being posted on Youtube, even while saying it is for education. The medium.com article has six steps on how to do it.
Freelance cyber crime expert Scott Wilson said: “It’s a worry that this is so freely available on Youtube. Cyber criminals could use this and those wanting to get involved in the world. This is a global crime which is causing mayhem and destroying businesses and lives. Youtube and other websites hosting these guides need to act.”
Former Met Police detective Peter Bleksley said: “This is an open-invite to criminals. The criminal world is moving away from bank robberies and drug dealing and into cyber-crime. These videos are shocking. It’s a disgrace.”
Professor Oli Buckley, a cyber security expert at Loughborough University, said: “Marks & Spencer isn’t just facing a small hiccup with one of their systems, they’ve been hit by the full force of a ransomware attack. Sadly, they don’t usually come with quick fixes.
“It’s a really stark illustration of how the real-world is underpinned by the digital domain, and if something is damaged digitally it can have knock on effects in reality. It seems like the DragonForce ransomware is at the root of the attack, with most experts pointing the finger at Scattered Spider.
He said it was easier for newer starters to get involved: “Rather than carrying out every attack themselves, they operate more like a platform: offering other cyber criminals access to their malware tools and infrastructure. In return, they take a cut of any ransom paid.
“It’s a very business-like setup and, increasingly, this kind of professional approach is becoming common in the ransomware world. What makes this significant is that it lowers the barrier to entry, meaning you don’t need deep technical skills to launch a sophisticated attack if you’ve got access to these tools.”
Three retail giants have been hit by cyber attacks in the last week. Marks & Spencer, the Co-op Group and Harrods were all targets of online scammers trying to gain access to its systems.
The boss of M&S told customers they were “working day and night” to manage the cyber attack that forced it to temporarily shut down online operations. Stuart Machin said he was “really sorry” for the disruption to services but did not say when normal business would resume.
A spokesperson for Youtube said: “YouTube prohibits content that promotes using or distributing malware to harm others or access secured systems. However, we may make exceptions for content aiming to educate viewers about these risks, when it does not encourage harmful malware use. This includes content from creators, security researchers, universities, and others.”
Medium was approached for comment.
