The Madness of Ransomware 'as a Service'


Ransomware has taken on absurd forms recently. At the beginning of this year, much of the east coast in the United States faced gas shortages because Colonial Pipeline was shut down. In July, hundreds of managed service providers had REvil ransomware dropped on their systems through Kaseya desktop management software. In Ireland, the HSE (the Health Service Executive, responsible for health care in the country) was in a digital hostage situation. And those are just a few of the most striking examples.

What’s so striking about these attacks is that they all seem to be the work of amateurs, and not of professional hacking groups.

The Colonial Pipeline hackers said of the chaos they caused at American gas pumps: "Our goal is to make money, not to create problems for society." The HSE hackers eventually gave their decryption code away for free, appearing to be a bit shocked by the impacts of their attack. And in July, the REvil group suddenly went offline, shortly before an unknown person handed the Kaseya victims the decryption key.

In fact, researchers at cybersecurity company Group-IB have reported that nearly two-thirds of all ransomware attacks in 2020 came from RaaS-based platforms which are tailor-made for amateurs to carry out devastating attacks.

Emergence of RaaS

What is RaaS and what does that mean? Ransomware as a Service (RaaS) means that you can simply purchase a service online, on the Dark Web, and you can then take whoever you want hostage at will. So, if you want to get rich quickly, all you need is a connection to the dark web, a credit card or other way to pay, and reprehensible morals.

Unfortunately, the success of these types of constructions says more about the state of cybersecurity than about the criminals themselves. Unlike really advanced cyberthreats, these types of RaaS services are very easy to recognize. Their IP addresses are known. Any decent secure Domain Name System (DNS) should automatically block RaaS - but this is not happening. And that's symptomatic of how far too many small and large companies still manage their security. Patches are not installed. Updates are not run. Passwords are not changed. Settings are not checked. And freely accessible information about all kinds of large and small threats is systematically ignored.

Importance of DNS

DNS is an essential part of any network. The server translates domain names into IP addresses and in this way ensures that network traffic ends up in the right place.

Because it is such a critical part of network functionality, DNS traffic has traditionally been unencrypted, widely trusted by the systems that make networks work. Unfortunately, this also makes it an ideal method for hackers seeking to transfer data into a network (for example when uploading malware) or out of one (like when stealing sensitive data).

But at the same time, DNS’s central location at the foundation of the network also makes it possible to use as a powerful security tool. As one of the first services a device uses when it connects to the network, DNS can give network administrators visibility across the entire network, allowing them to identify and isolate compromised machines before they can cause significant damage. DNS can also be used to monitor traffic and can be leveraged to automatically block traffic to known malicious servers.

DNS security solutions can use Threat Intelligence  - information about known threats, which is collected and shared by security providers - in this way to disrupt RaaS attacks before they cause damage. Servers that are known to be used by hackers are therefore automatically blocked by the DNS before the ransomware can be uploaded.

The biggest challenge to our resilience is not in 'state actors' or digital criminal masterminds. They have better things to do than look for tiny rewards. The problem is that companies are so squeamish about their cybersecurity that any small-time criminal willing to put a little bit of time and effort into the Dark Web can effortlessly shut down the whole thing before anyone even realizes what's happening.

It is the responsibility of the companies themselves to take at least the most basic measures. Of course, if a good hacker really wants it, he will get in everywhere. But the fact that we are currently seeing one nasty amateur after another cause enormous damage with means that have been known for a long time and can easily be parried, I think is even worse.

Edited by Luke Bellos

Related Articles

Wipro and Celonis Jointly Unveil Supply Chain Solution

By: Luke Bellos    12/8/2021

Wipro Limited and Celonis recently unveiled a new solution called Supply Chain Command Center, offering business customers the ability to instantly im…

Read More

2022 Technology Predictions from Veeam

By: Special Guest    12/6/2021

In 2021, global M&A activity reached new highs aided by low interest rates and high stock prices. In 2022, we will see that momentum shift. Larger acq…

Read More

9 Working Ways to Increase the Security of Your Apartment

By: Contributing Writer    12/2/2021

Many people are concerned about the question of how you can protect your apartment from theft. After all, you want to be calm and confident in the saf…

Read More

Jack Dorsey Says Farewell to Twitter, But Why?

By: Luke Bellos    11/30/2021

Twitter founder and CEO Jack Dorsey shocked the social media world by announcing he has stepped down from his leadership role.

Read More

Benefits of the Internet of Things (IoT) for Business

By: Contributing Writer    11/30/2021

The use of the Internet of Things (IoT) in businesses allows for the recording and transferring of data to track key processes, offer new insights, in…

Read More