First, the most dangerous cyber criminals of this time are Ransomware Attackers. They threaten the people, cooperations, and government organizations to publish their data or blocks their access to the computer and data. Until they get paid.
In this, we get to know more about, John Fokker. Who is a Principal Engineer and a Head of Cyber Investigations, Advanced Threat Research at McAfee? He also one of them who started the “No Ransom Project”. Earlier, he was moving towards the Indian Ocean with his fellow Marines to ship a crew of pirates. There is no link between these two things but John Fokker turned out to be a cyber investigator. Let us know more about it.
Doing Something Different
After graduating in Computer Science, John Fokker took up a job at an office of antidote to the drudgery with the Royal Netherlands Marine Corps. As a marine, he worked for 8 years. In which he spent 5 years doing special operations like counterterrorism, counter-piracy, and hostage rescue. Doing all this he roams around the world.
In North Afganistan, he was involved in helping local civilians build infrastructures such as schools, water pits and keeping the engineers safe in the whole process.
He was also posted on Somalia with the team of Navy Ship, where they have to monitor the pirate activity in that area. They have to do a lot of observations at night to see where are the camps and who are ready to sail out. If there was any hostage situation on the ship they have to intervene. This whole process is of intelligence gathering.
After leaving away from home and doing this work he was tired of this lifestyle. So he decided to pass up this role and go to cybersecurity. He knows that he is not actively close to cybersecurity but he sees it as his future.
Cyber Security on his path
Before taking a job in cybersecurity John Fokker takes a job at the Dutch National Police in the role of Digital Investigations Expert. Not leaving civilian life so easily.
As John Fokker was a part of the organized crime team he went for drug kingpins, assassins, and other criminals, tapping their phones and analyzing the phone calls.
He also came to know that cyber investigations are not all about behind desks. As he once hiding in a ghillie suit aiming to “sniff their WiFi”.
When he was with the police he worked in various malware investigations and botnet takedowns.
Fokker said that besides the Netherlands is small in size but it plays an important role in international cybercriminals investigations because a lot of internet backbones terminate in the countries. So the Netherlands became the central hub where is a lot of web hosting.
Investigations for cybercrimes come less to police as the victim does not report to the police and the actual size of the threat is much larger. Police only get the most serious cybercrimes to handle through which the scope of investigations is limited.
The report of cybercrimes on the internet is more than reported. Today at this point the most crimes are associated with business emails and ransomware attacks which are not reported by the companies.
There is also no flexibility in the police for cyber investigations as they have to take permissions and there is a process to do it which takes a lot of time.
This whole was said by John Fokker when he joins the private sector, McAfee. He also mentioned that he enjoys the flexibility and power for investigation purposes in his new role. They hunt down the cybercriminals who are suffering their customers. Through this process get large information or scope of cybercriminals which they can also share with the police.
Ransomware as a hostage negotiation
Now, John Fokker spending his time in research of Ransomware. After the research ransomware is becoming more detailed, effective, and money-making for attackers. Through this, their demands are increasing day by day.
A report by Coveware found that the average ransom payments reached $220,298 in 2021. Meanwhile, data from Kaspersky shows that the ransom attacks are targeting more high-profile victims such as corporations and government agencies.
What makes Fokker research ransomware attacks?
It physiological element of ransomware attacks and the connection between the attacker and the victim fascinates him to research more about it.
The ransom attacks are kind of hostage situations where they left the victim in a vulnerable state before the attack and after also. They say there is no technical thing that can help to mitigate the ransomware attacks but a physiological one. The victim has to understand the attacker’s mindset and react accordingly.
The victim should not fulfill the demands of the attackers. They just have to say “No”. If we are going to fulfill their demands this will be going to encourage them to attack others or to them only by some new data on their hand.
No More Ransom Project
In 2017, Fokker attended a bid to assist ransomware victims, he founded a project named “No More Ransom” which involves free decryptors that help people to recover their data without fulfilling the demands of attackers.
This was the first ransomware portal built which grew quickly between the collaboration between law enforcement and the private sector.
It offers different decryption tools for different types of ransomware attacks such as Avaddon, Zigggy, Fonix, Judge, and Darkside. There will be more tools in the upcoming time.
They also help people to remove the type of infection they are suffering from by cross-checking the information they are provided with malicious URLs and Bitcoin addresses.
The ultimate goal of their research that the victim does not have to negotiate with the attackers by providing victims with solid backups and strategy in response to an attack. With this aim, they are hoping to eliminate the ransomware attackers one and for all.
I hope this information is useful to you and if any query let me know by sending your query in the comment section.