UCD assistant professor Dr Nima Afraz explores how blockchain know-how might be used in opposition to cyberattacks in addition to the potential hazard it poses.
In gentle of the recent ransomware attack on Eire’s Well being Service Govt (HSE), I’ve examined the potential position blockchain know-how can play in exacerbating but in addition stopping such assaults.
The race is now on between those that need to use blockchain for good and people who search to make use of it to create additional prison hurt.
Ransomware is an more and more frequent kind of cyberattack throughout which the sufferer’s laptop is infiltrated and their knowledge rendered inaccessible by encryption strategies. The sufferer is then pressured to pay a ransom to achieve entry to their very own knowledge.
A ransomware assault consists of a number of steps:
1. An infection/breach: Hackers use an assault vector to ship the contaminated software program or the ‘payload’ to the sufferer’s system.
2. The malware spreads: The malware spreads inside the sufferer’s community and shortly encrypts their information.
3. Negotiations start: The attacker exhibits an alert on the sufferer’s display screen or opens a communication channel with them and guarantees to unlock the encrypted knowledge when the ransom is paid.
Ransomware provide chain
The extra superior these assaults develop into, the extra specialisation every step requires. As an example, a complicated cryptographist able to designing essentially the most subtle multi-threaded encryption method just isn’t essentially a talented extortion-negotiator or an adept social engineer.
On the identical time, a cybercrime gang will danger extra hazard by recruiting extra folks. Therefore, a brand new idea has emerged to attach these cybercriminals with out exposing them to extra hazard. The current phenomenon is known as ransomware-as-a-service (RaaS).
RaaS platforms are sometimes outfitted with a step-by-step course of permitting the consumer (on this case, the attacker) to customize many features of the malicious software program, together with the assault vector, encryption technique, the kind of information focused (photos, PDF, or a particular file format), communication channel and messages.
Cybercriminals’ wrestle for belief
Unsurprisingly cybercriminals don’t belief one another. The marketplaces on the darkish internet the place such RaaS choices are bought are filled with opinions from opportunist novice criminals who heard about RaaS and thought they might get wealthy in a single day, solely to be scammed by different con artists.
Equally, the victims even have good causes to not belief the attackers, apart from them being criminals. For one, in response to Kaspersky, solely 1 / 4 of ransomware victims handle to totally get well their knowledge after paying the ransom. That is just because the attackers don’t make investments substantial money and time in creating the decryption software.
In the meantime, fairly often, even after receiving the ransom and exchanging the decryption keys, the grasping attackers threaten to leak the delicate knowledge acquired throughout the assault and proceed blackmailing the sufferer.
Subsequently, there isn’t a assure that after paying the ransom, the sufferer will get all their knowledge again.
This challenge seldom goes out of the realm of particular person belief and turns into a public cry for legitimacy. The collective of darkish internet hackers has lengthy loved the Robin Hood standing resulting from targeting big corporations and donating to charities or leaking labeled knowledge on the federal government and public determine corruption.
Like drug cartels’ popularity stunts throughout the pandemic, cybercriminals profit from the ‘coolness issue’ to recruit extra hackers and keep a status in public opinion.
Nonetheless, stopping a rustic’s most cancers sufferers from accessing chemotherapy and articles such as this just isn’t in step with the Robin Hood stature they yearn for. This is likely to be why the cybercriminals behind the current ransomware assault in opposition to HSE all of the sudden determined to publish the decryption tool on-line and at no cost.
The place does the blockchain are available?
Though the earliest documented ransomware assault dates back to 1989, the emergence of bitcoin and different cryptocurrencies has resulted in an enormous resurgence in ransomware assaults. That is primarily as a result of these cryptocurrencies permit attackers to extort giant sums of cash whereas remaining nameless and troublesome to hint.
The dangerous information is blockchain know-how may show to be the lacking hyperlink within the full automation of ransomware assaults. Cybercriminals have already made efforts in automating the method of customising and promoting ransomware. Nonetheless, the shortage of belief between cybercriminals remains to be a barrier to the total automation of this course of.
A sensible contract-based RaaS provide chain might domesticate extra worrying levels of operation. As an example, the cybercriminals might agree on a wise contract the place a ransomware developer would solely get a fee charge and provided that the ransomware is confirmed efficient. As soon as an settlement is written in a wise contract format, it’s immutable and unstoppable by both celebration.
From human-operated to automated assaults
Then again, blockchain might be utilized by the attackers to achieve the sufferer’s belief. Researchers have studied how blockchain-based semi-autonomous ransomware might take the dimensions of ransomware assaults to a completely new stage. Researchers are actually finding out new ransom cost paradigms enabled by blockchain know-how, together with the pay-per-decrypt technique.
Pay-per-decrypt is designed to achieve the sufferer’s belief by permitting them to pay separate ransom for every, or a subset of, encrypted information. It will treatment the shortage of belief between a sufferer who, moderately than a big lump sum cost with uncertainty, pays small quantities in return for assured decryption. One other benefit of pay-per-decrypt for the attacker is the extra cost choices they’ll program into the good contracts, akin to dynamic pricing of the information.
It isn’t all dangerous information
Blockchain know-how may work as a preventative measure to disarm ransomware.
In lots of instances, the primary drawback for victims is that just one copy of their knowledge was ever saved on the servers. If attackers goal this single level of failure, it’s sufficient to value a sufferer entry to their knowledge.
Suppose the sufferer was as an alternative retaining distributed information of their knowledge unfold throughout a number of servers hosted by impartial suppliers as an alternative of a single centralised copy. In that case, they might have remoted the contaminated machine and recovered all the information from the opposite copies.
Blockchain is without doubt one of the important applied sciences that permit such a distributed record-keeping with a number of immutable copies of the information accessible on demand with out counting on a central entity and, subsequently, no single level of failure.
On prime of that, different distributed file storage protocols akin to InterPlanetary File System (IPFS) might be utilized in parallel to blockchain to retailer bigger datasets.
As well as, our work on collaborative assault prevention additionally makes use of blockchain know-how to incentivise community entities to share assault info with one another and probably main to raised defence in opposition to ransomware.
By Dr Nima Afraz
Dr Nima Afraz is an assistant professor at College School Dublin and is related to the Join SFI analysis centre in Trinity School Dublin.