The age of Ransomware-as-a-service
In today's Finshots we talk about the latest cyberattack on JBS and try to quantify the impact they might have on large businesses
The Story
On Sunday, JBS — the largest meatprocessing company in the world admitted that some of their servers and IT systems had been compromised. The cyberattack crippled the company’s operations in North America and Australia and the temporary disruption threatened to send meat prices soaring. However, the good news is that it seems a vast majority of their plants might be back up and running soon. So the damage wasn’t as bad as most people initially presumed. But it does pose an interesting question — How dangerous are these cyberattacks? And should corporations now be afraid of cybercriminals?
Well, to understand the true impact, it perhaps makes sense to figure out the specific nature of this cyberattack. According to US officials, the attack on JBS may have been a Ransomware exploit perpetrated by a group based out of Russia.
Think of Ransomware as computer code that encrypts (or locks) your data. If the code executes on your device successfully, then it’s quite possible you may never be able to retrieve your files. Unless that is, you had access to a special key — a key that will only be made available to you if you pay the ransom demanded by those holding your data hostage.
In some cases, the attackers will step it up a notch and threaten to publish sensitive data on the interweb if their demands aren’t met. At which point you have two options in front of you — either cede to their demands, pay the ransom and hope they decrypt the files for you, or simply risk dealing with the consequences yourself.
Last month, a hacker group called DarkSide unleashed a Ransomware attack on Colonial Pipelines — a company that operates the largest fuel pipeline infrastructure in the US. As soon as Colonial realized they were under attack, they were forced to shut down operations and evaluate the kind of damage they were dealing with. But when temporary disruptions soon gave way to fuel shortages across many parts of the US, the CEO was forced to pay the $4.4 million ransom because they weren’t really sure how much of their IT systems were at risk.
In fact, some reports suggest that DarkSide made close to $90 million through similar attacks on other victims. But that’s not the scary bit. The scary fact is that DarkSide operates much like a massive business conglomerate. They’ve deployed what is now being dubbed as the “Ransomware-as-a-service” model.
It works like this — DarkSide developers create custom ransomware code that can lock computers. They then work with affiliates who are willing to deploy the code on target computers (For instance, by sending an e-mail with a malicious link). The developers don’t interfere in this process, instead outsource their code to people who are willing to do the dirty work i.e. the affiliates. It’s these people who are then responsible for making the demands and collecting the ransom. The ransom is usually paid via cryptocurrencies and the affiliates share a small chunk of their proceeds with the original developers. Reports allege that “of the $90 million total haul, $15.5 million went to DarkSide’s developer while $74.7 million went to its affiliates.”
Wow!!!
And while this modus operandi, isn’t new, the scale at which the group operates, does make the whole enterprise look a lot more dangerous. They even have a code of ethics, where they explicitly state that they don’t work with affiliates who target critical and vulnerable bodies such as schools, hospitals, or even governments. Soon after the Colonial attack, they even published a note explaining how they were unaware their actions would disrupt civilian life. They are really trying to legitimize the whole scene.
The only good news perhaps is that DarkSide allegedly shut down operations recently citing pressure from law enforcement agencies in the US. However, with the latest attack on JBS, it doesn’t seem as if DarkSide is the only real threat out there. This could soon morph into a massive global problem and unless governments and corporations take cognisance of the changing digital landscape, we may continue to see cyberattacks such as these proliferate in scale and size.
Until then…
Don't forget to share this article on WhatsApp, LinkedIn and Twitter