Is blockchain a friend or foe in ransomware attacks?

In light of the recent ransomware attack on Ireland’s Health Service Executive (HSE), I have examined the possible role blockchain technology can play in exacerbating but also preventing such attacks.

The race is now on between those who want to use blockchain for good and those who seek to use it to create further criminal harm.

Ransomware is an increasingly common type of cyberattack during which the victim’s computer is infiltrated and their data rendered inaccessible by encryption techniques. The victim is then forced to pay a ransom to gain access to their own data.

A ransomware attack consists of several steps:

  1. Infection/breach: Hackers use an attack vector to deliver the infected software or the ‘payload’ to the victim’s device
  2. The malware spreads: The malware spreads within the victim’s network and quickly encrypts their files
  3. Negotiations begin: The attacker shows an alert on the victim’s screen or opens a communication channel with them and promises to unlock the encrypted data when the ransom is paid
A ransomware victim’s computer screen with directions on how to pay the ransom.

A ransomware victim’s computer screen with directions on how to pay the ransom.

Ransomware supply chain

The more advanced these attacks become, the more specialisation each step requires. For instance, an advanced cryptographist capable of designing the most sophisticated multi-threaded encryption technique is not necessarily a skilled extortion-negotiator or an adept social engineer.

At the same time, a cybercrime gang will risk more danger by recruiting more people. Hence, a new concept has emerged to connect these cybercriminals without exposing them to more danger. The recent phenomenon is called ransomware-as-a-service (RaaS).

RaaS platforms are often equipped with a step-by-step process allowing the client (in this case, the attacker) to customise many aspects of the malicious software, including the attack vector, encryption method, the type of files targeted (images, PDF, or a specific file format), communication ...

-----
To keep reading, please go to the original article at:
Silicon Republiccryptocurrency – Silicon Republic

Comments (No)

Leave a Reply