The Rise Of Ransomware As A Service

cybercrime

After years of forecasts of such an event, cybercriminals finally grabbed a vital piece of in infrastructure that they are refusing to unhand until someone pays them. The cybercrime gang known as DarkSide has reportedly shut down a vital U.S. pipeline, now in its fourth day of being unusable in what is being reported as the worst cyberattack to date on critical U.S. infrastructure to date.

The Georgia-based Colonial Pipeline carries gasoline and other fuel from Texas to the Northeast, delivering roughly 45 percent of fuel consumed on the East Coast. Or at least that is what it delivers when not being held hostage in a ransomware attack. At present it is delivering exactly zero percent of the fuel consumed anywhere, as Dark Side has infiltrated the network, encrypted the necessary data to run it and says it won’t hit the unscramble button until such time as a large bitcoin ransom has been paid.

And while there is no official confirmation yet, anonymous individuals close to the investigation cited by the AP confirm the hack is the work of cybercrime gang DarkSide — one of many ransomware gangs said to be “professionalizing” the cybercrime industry. DarkSide itself is known for its supposed Robin Hood twist on cybercrime — it claims to donate a portion of its takes to charity and to have “rules” for what it will and won’t attack, with hospitals, nursing homes, schools and government targets reportedly off limits. Critical infrastructure, however, is apparently very much on the menu.

DarkSide’s attempts at sounding high-minded to the side, the more interesting fact that is emerging is how mercenary the group is in its tactics. According to Boston-based security firm Cybereason, DarkSide hackers develop and market ransomware hacking tools, and sell them to other criminals who then carry out attacks leveraging them. DarkSide, it seems, is one of the pioneers of a whole new business opportunity on the dark web — ransomware as a service (RaaS). And while it does post rules for potential customers, outlining who and what targets are acceptable to attack, how rigorously those rules are enforced remains unanswered.

In this case, however, it seems DarkSide is confirming at least its involvement in the pipeline shutdown — Cybereason provided CNBC with a new statement from a hacking collective that comments on the pipeline shutdown and its role in it. DarkSide claims it’s not political and only wants to make money without causing problems for society.

“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,” the statement said. “Our goal is to make money, and not create problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

Growing Threat

But even if DarkSide is committed to avoid social consequence in earnest, it is far from the only player in the field taking advantage of this new business opportunity to rob people — an opportunity that is expanding.

Because while the scale and scope of the latest target is somewhat new, the rising problem is not. In 2019 hackers captured the City of New Orleans computers and held them for ransom, schools have been a favored target of hackers for the last several years and one of the unforeseen consequences of the switch to teleworking is a corresponding rise in corporate ransomware payments.

And every time those criminal ransomware gangs successfully get paid out — by a local government, individual users or a business just looking to get access to its files back — those ransomware gangs get a bit richer, a bit more sophisticated and a bit more able to take on bigger, badder and more impactful targets.

Hence a pipeline that supplies nearly half the nation’s access to a critical commodity is shut down and an “all-hands-on deck” effort is now underway to get the critical infrastructure decrypted and usable once again.

But the issue, Commerce Secretary Gina Raimondo said over the weekend, is the rapid rise of ransomware appearing everywhere and anywhere, often hitting the unprepared and unaware.

“Unfortunately, these sorts of attacks are becoming more frequent,” Raimondo said on Face The Nation.

“We have to work in partnership with businesses to secure networks to defend ourselves against these attacks. It’s an all-hands-on-deck effort right now, and we are working closely with the company, state and local officials to make sure that they get back up to normal operations as quickly as possible and there aren’t disruptions in supply.”

But even though it seems likely that the current pipeline problem will be resolved, the bigger issue perhaps is how much other critical infrastructure is still sitting out there — electric lines, water treatment plants, traffic lights, etc. — vulnerable to the next clever hacker looking to tag the unprepared and hold their systems hostage.

Attacks in the last year have hit hospitals, schools, local police forces and city governments, forcing delays in cancer treatment at hospitals, interrupting schooling and paralyzing police and city governments. The price of getting tagged by ransomware users is going up: the average ransom paid in the U.S. increased threefold to more than $310,000.

The hackers, it seems, are getting better and more ambitious — and it seems a lot of big players have a lot of investing to do to get ahead of them, lest they be the ones tagged.

Read More On Cybersecurity: