If you were in the US this time last year, you won’t have forgotten, and you may even have been affected by, the ransomware attack on fuel-pumping company Colonial Pipeline.

The organisation was hit by ransomware injected into its network by so-called affiliates of a cybercrime crew known as DarkSide.

DarkSide is an example of what’s known as RaaS, short for ransomware-as-a-service, where a small core team of criminals create the malware and handle any extortion payments from victims, but don’t perform the actual network attacks where the malware gets unleashed.

Teams of “affiliates” (field technicians, you might say), sign up to carry out the attacks, usually in return for the lion’s share of any blackmail money extracted from victims.

The core criminals lurk less visibly in the background, running what is effectively a franchise operation in which they typically pocket 30% (or so they say) of every payment, almost as though they looked to legitimate online services such as Apple’s iTunes or Google Play for a percentage that the market was familiar with.

The front-line attack teams typically:

  • Perform reconnaissance to find targets they think they can breach.
  • Break in to selected companies with vulnerabilities they know how to exploit.
  • Wrangle their way to administrative powers so they are level with the official sysadmins.
  • Map out the network to find every desktop and server system they can.
  • Locate and often neutralise existing backups.
  • Exfiltrate confidential corporate data for extra blackmail leverage.
  • Open up network backdoors so they can sneak back quickly if they’re spotted this time.
  • Gently probe existing malware defences looking for weak or unprotected spots.
  • Turn off or reduce security settings that are getting in their way.
  • Pick a particularly troublesome time of day or night…

…and then they automatically unleash the ransomware code they were supplied with by the core gang members, sometimes scrambling all (or almost all) computers on the network within just a few minutes.

The Disaster Recovery Handbook: A Step-by-Step Plan to Ensure Business Continuity and Protect Vital Operations, Facilities, and Assets 

Business Continuity Planning & Disaster Recovery (ISO 22301)

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices