Ransomware

Module 13 explores ransomware and as a form of malware used to extort companies and/or services. A brief overview of the nature and extent of ransomware is provided. In addition, ransomware as a service (RaaS) as an emerging criminal business is reviewed.

Learning Objectives

After completing this module, you should be able to:

  • Define ransomware
  • Describe differences between types of ransomware
  • Identify suitable targets for ransomware
  • Discuss ways that individuals and business can protect themselves from the growing threat of ransomware
  • Analyze how ransomware is used to extort for profit

Summary

Ransomware is a type of malicious software designed to block access to a computer system or files until a sum of money, or ransom, is paid to the attacker. It has become a significant and widespread cybersecurity threat, affecting individuals, businesses, and even government organizations.

Ransomware typically enters a system through phishing emails, malicious attachments, or compromised websites. Once inside, it encrypts files on the infected system, rendering them inaccessible without the decryption key.

Attackers use ransomware for financial gain. Victims are coerced into paying the ransom to regain access to their files. Cryptocurrencies, such as Bitcoin, are often demanded as payment due to their pseudonymous nature, making it more challenging to trace the transactions.

Ransomware comes in various forms, including crypto-ransomware, which encrypts files; locker ransomware, which locks the system; and doxware, which threatens to expose sensitive information. Notable ransomware strains include WannaCry, Ryuk, NotPetya, and Maze.

While individuals can be victims, businesses and institutions are often prime targets due to the potential for larger payouts and the critical nature of their data. Regularly updating software and systems can help patch vulnerabilities that ransomware exploits. Employing robust cybersecurity measures, such as firewalls and antivirus software, can help detect and prevent ransomware attacks. Regularly backing up data and storing it in a secure, offline location can mitigate the impact of an attack.

Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. Critical infrastructure, such as healthcare systems or government services, can be particularly vulnerable, with potential life-threatening implications.

Paying the ransom is a controversial topic. Some argue that paying encourages further attacks, while others argue that it may be the only way for some organizations to recover their data. Governments and law enforcement agencies work to track down and prosecute ransomware operators, but the international and decentralized nature of such attacks makes it challenging.

Ransomware tactics continue to evolve. Attackers may now engage in double extortion, where they not only encrypt files but also threaten to release sensitive information. Ransomware-as-a-Service (RaaS) allows less technically proficient individuals to launch ransomware attacks, further increasing the threat landscape.

Addressing the ransomware threat requires a multi-faceted approach involving technological defenses, user education, and international collaboration to track and prosecute cybercriminals. Organizations and individuals should remain vigilant to minimize the risk of falling victim to ransomware attacks.

Key Terms/Concepts

Cyber risk assessment
Crypto ransomware
Double extortion
Leakage or "extortionware"
Locker ransomware
Mobile device ransomware
Negotiators
Non-encrypting ransomware
Ransomware
Ransomware as a Service (RaaS)
Risk management

Read, Review, Watch and Listen

  1. Read Ransomware 101 (CISA, 2022)
  2. Read Preparing for a Cyber Incident: Preparing for a Cyber Incident – A Guide to Ransomware v 1.1 (U.S. Secret Service Cybercrime Investigations, 2022)
  3. Review Ransomware Guide: CISA_MS-ISAC_Ransomware Guide_S508C_ (CISA / MS-ISAC, 2022)
  4. Review Ransomware Statistics, Trends and Facts for 2022 and Beyond (Cloudwards, March 2022)
  5. Watch What is Ransomware, How it Works and What You Can Do to Stay Protected:  (kasperskylab, Dec. 2016) [also embedded below]
  6. Watch Ransomware is booming as a business model: “It’s like eBay”  (CBS News, May 2021)
  7. Listen to Government Collaboration Needed To Prevent Ransomware Attacks

 

 

 

Read, Review, Watch and Listen to all listed materials by the due date listed within the course LMS site.

Contact the professor with any course-related questions. Report any broken links to Dr. Ramirez-Thompson (thompsne@cod.edu).

Assigned for Fall 2023 classes
ACTIVITY 13 – Ransomware as a Service (RaaS)
Note: This is a copy of the module’s activity that students find within Blackboard. For that reason, refer to the Activities page to submit your work for review.

Purpose

The purpose of this activity is to explore ransomware as a service (RaaS) and strengthen the student’s understanding of how it works.

Overview

Ransomware as a Service (RaaS) is a business model between ransomware operators and affiliates in which affiliates pay to launch ransomware attacks developed by operators. Ransomware as a Service (RaaS) is an adoption of the Software as a Service (SaaS) business model. In the past, coding erudition was a requirement for all successful hackers. But now, with the introduction of the RaaS model, this technical prerequisite has been completely diluted.

Instructions

  1. Read Ransomware as a Service: Enabler of Widespread Attacks  (TendMicro, Oct. 2021)
  2. Read WHAT IS RANSOMWARE AS A SERVICE (RAAS) AND HOW DOES IT WORK?  (BEFORECRYPT, last accessed May 2022)
  3. Watch DarkSide and other gangs exploit companies that aren’t prepared for ransomware attacks  (TechRepublic, July 2021) [also embedded below]

Answer the following questions:

  • Explain how RaaS makes it easier for those lacking technical skills to engage in a ransomware attack.
  • In your own words, explain why is the RaaS Business Model so popular?
  • Describe factors that might discourage ransomware operators from attacking certain targets.

Key Terms/Concepts

Negotiators in the context of ransomware as a service (RaaS), are those who act as negotiators between hackers and victims

Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.

Ransomware as a service (RaaS) equips prospective attackers, even those who possess minimal technical skills and knowledge, with the ammunition they need to launch attacks. This in turn helps ransomware spread quickly to more targets. What exactly is RaaS, and which ransomware families and techniques are associated with it?

Refer to the course learning management system (LMS); that is Blackboard (BB), for the correct due date. In addition, submit your work via BB for grading.

Supplemental Resources

What should I accomplish by the end of Week 13?

Check items off as you complete them!

□ Read, Review, Watch, and Listen (Module 13) – Ransomware

□ Complete Exam 3 (Modules 8-12)

□ Complete Module 13 Quiz

□ Complete Activity 13 – Ransomware as a Service (RaaS)

□ Explore Module 13 resources

□ NOTE: The topical paper is due within four weeks; that is, Sunday, Dec. 3th

Unless otherwise stated, everything listed on this checklist is due by Sunday, Nov 19 @ 11:59PM

Contact Dr. Ramirez-Thompson (thompson@cod.edu of via Remind) with any course-related questions.

definition

License

Icon for the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Computers and Criminal Justice Copyright © 2021 by Eric R. Ramirez-Thompson, PhD is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, except where otherwise noted.

Share This Book