Ransomware-as-a-Service — the darker side of the Colonial Pipeline hack

Ransomware-as-a-service

It would have been pretty hard to miss the news of the Colonial Pipeline hack. We wrote about it here to advise our enterprise clients what they needed to know about, and what it meant for their collective futures. It got play in outlets the media world over, and for good reason — when the pipeline that feeds the entire East Coast of petroleum products stops flowing… it’s a big freaking deal. Hidden in the bigger, headline-grabbing news about Colonial, though, is an arguably more insidious threat — Ransomware-as-a-Service. (I don’t know that the larger industry has taken to shortening it to RaaS, but for the purposes of this article, that’s what I mean when I type RaaS). The NY Times released an incredible feature about a month ago detailing how many of the crippling attacks we’re reading about aren’t some mastermind hacker picking a state-sponsored target very carefully… it’s an off-the-rack, RaaS incursion. And what’s most surprising — and dangerous for our clients — is that it isn’t just huge corporations or major cities falling prey to these attacks, but rather that small and mid-sized businesses the country over are too.

Ransomware-as-a-Service plays in Peoria

There’s an old saying in show business (that morphed into a political mantra): ‘Will it play in Peoria?’ The idea was that Peoria, Illinois had roughly the same demographics as an “average American city”, with Midwestern values. So, if something was successful (like a concert or TV show) in Peoria, it would fly in towns across America. This came to be true with political messaging and candidate packaging over time, too.

I bring all this up, because a lot of cybersecurity concerns are often viewed as big city, or big corporation problems. They’re the ones with all the money (and often cybersecurity insurance), they make for the lucrative targets, so that’s who hackers go for.

With the rampant proliferation of RaaS, though, industries from Peoria on down are in the crosshairs now, too.

To quote the NYT article:

Just weeks before the ransomware gang known as DarkSide attacked the owner of a major American pipeline, disrupting gasoline and jet fuel deliveries up and down the East Coast of the United States, the group was turning the screws on a small, family-owned publisher based in the American Midwest.

Working with a hacker who went by the name of Woris, DarkSide launched a series of attacks meant to shut down the websites of the publisher, which works mainly with clients in primary school education, if it refused to meet a $1.75 million ransom demand. It even threatened to contact the company’s clients to falsely warn them that it had obtained information the gang said could be used by pedophiles to make fake identification cards that would allow them to enter schools.

Woris thought this last ploy was a particularly nice touch.

“I laughed to the depth of my soul about the leaked IDs possibly being used by pedophiles to enter the school,” he said in Russian in a secret chat with DarkSide obtained by The New York Times. “I didn’t think it would scare them that much.”

DarkSide’s attack on the pipeline owner, Georgia-based Colonial Pipeline, did not just thrust the gang onto the international stage. It also cast a spotlight on a rapidly expanding criminal industry based primarily in Russia that has morphed from a specialty demanding highly sophisticated hacking skills into a conveyor-belt-like process. Now, even small-time criminal syndicates and hackers with mediocre computer capabilities can pose a potential national security threat.

The article is excellent in its entirety, and I recommend anyone even remotely worried about cybersecurity to read it. What I imagine most people took from it, though, is the rise of petty criminals using RaaS solutions to target infrastructure, etc. The almost throwaway anecdote quoted above, however, is what stuck out to me. It’s not just cities like Baltimore and companies like Colonial getting hacked — it’s small, regional, Midwestern publishers getting targeted with this stuff. The article doesn’t say which publisher, or which town (I doubt it’s actually Peoria). But, what it does show to me is that if you’re a small or mid-sized company, ransomware is a real and present danger. Your cybersecurity needs to be up to snuff yesterday.

If you don’t know exactly what that means for you, or if you are indeed ready for it, give us a ring. We’d love to do a consultation and show you how we can ensure your company’s security.