By Ali Qamar
In May, a debilitating ransomware attack crippled the U.S. oil production company Colonial Pipeline. The attack paralyzed their operations and forced the company to shut down its 5,500-mile pipeline. As a result, half of the gasoline supply normally distributed to the East Coast couldn’t be delivered. The attack caused panic as people scrambled to find gasoline, resulting in a rise in gas prices throughout the United States. The attackers were DarkSide, a Russian criminal group. Colonial Pipeline ultimately paid a reported $5 million ransom in bitcoin to DarkSide in return for a decryption key. (Some of that ransom was eventually recovered by the U.S. Department of Justice.) The gasoline shortage remained for three weeks even after the ransom was paid. In addition to performing its own attacks, DarkSide operates as a ransomware-as-a-service (RaaS) gang, leasing its malware to others for a cut of the profits from any successful attack. This has opened the door for an exponential increase in attacks. Just what is ransomware-as-a-service, and why has this threat grown so much recently. We’re going to give readers an overview of how ransomware-as-a-service works — and why it’s become such a threat.
DarkSide emerges — and so does ransomware-as-a-service
DarkSide emerged in August 2020 and went on an unprecedented crime spree. It targeted organizations in more than 15 countries and locked the computer files of hundreds of accounts. The act compelled firms to pay large ransoms for decryption keys. DarkSide also threatened victims that they would publish the stolen data online.
It was a risky gamble for the cybercriminals, but it paid off for them. As DarkSide increased their technological know-how, they leased out their software to other cybercriminals. DarkSide raked in millions of dollars from their own ransomware attacks and received payments from affiliates using their ransomware. Hence the term, ransomware-as-a-service.
Ransomware-as-service: Kits for sale
Ransomware-as-a-service is as lucrative, if not more lucrative, than the traditional ransomware business. However, only those with technical skills can build their own kits. Others can buy the kits outright from other criminals. Kits are available on the Dark Web for one-time fees or monthly subscriptions. When you buy a paid plan, you may have access to technical documentation and even customer support.
Modern ransomware is a well-paid business. As a result, many developers are turning to the Dark Web to advertise their services. These providers offer upsells such as portals to their clients. These portals allow their subscribers to glean the level of infection, files encrypted, total payments, and other information about the target.
The ransomware industry is booming. Cybercriminals like DarkSide are creating more and more new opportunities for affiliates. Competition among ransomware software developers leads to progressively refined malware loads. This rivalry also promotes ever-rising demands from hackers looking to make more money.
Hackers do not decrypt your data or files until you pay a ransom fee, typically in bitcoin. The total payout to ransomware criminals is expected to top $20 billion worldwide this year and could hit more than $250 billion a year by 2031.
The ransomware-as-a-service future
DarkSide’s attack on a critical pipeline raised the ante on the potential damage cybercriminals can inflict. Indeed, attacks on critical infrastructure are growing. As for DarkSide, expect them to do even more damage in the future. Fortinet’s FortiGuard Lab published a report in May that said a new function was discovered in the DarkSide ransomware variant that can target disk partitions. The finding was made before the DarkSide attack on Colonial Pipeline. This new variant can expose and compromise hard drive partitions and detect any hidden files in masked partitions.
How to stay safe from ransomware
We all know that online security is paramount for every Internet user, whether you are an individual or a giant enterprise. Therefore, you need to act carefully while online. For example, protecting your Microsoft Office 365 account from a ransomware attack requires a few safety measures.
But many people and companies do not take the necessary precautions against ransomware attacks because they’re too lazy to install software, update their OS, or patch known vulnerabilities. Here are few tips to protect yourself from ransomware:
- Upgrade your devices. Keep your devices constantly updated; never delay the updates, as these updates might have crucial patches against malware and vulnerabilities.
- Look out for phishing emails. Malicious actors actively send emails with a link to entice them to open and release their data unknowingly. If the message looks like spam or is from somebody you do not know, be careful.
- Only download from trusted sources. One easy way to avoid getting malware is by downloading all your software from the official source. You’ll be able to prevent dangerous infections if you download it directly from a company’s website.
- Apply a firewall. A firewall can keep your data secured and private. As the name suggests, it prevents anyone from accessing your device without authorization by implementing a protective barrier. In addition, firewalls block traffic in or out of the system. The best part about this is that you don’t have to worry because they’ll be denied access if someone tries.
- Use a VPN. While a virtual private network (VPN) is a security and privacy tool, it can also act as a firewall. When connected to VPNs, you connect to an outside network through a VPN server located away from your actual location. Thus, it acts as a “secure gateway” between the Internet and your device, ultimately keeping you and your business safe online.
Ali Qamar covers privacy and cybersecurity for TechGenix. His work has been featured in major tech and security blogs, including InfosecInstitute, Hackread, ValueWalk, Intego, and SecurityAffairs. He is the founder and editor of PrivacySavvy.com now. Follow Ali on Twitter @AliQammar57.