On Aug. 4th, 2021 ERG, a leading European energy company, reported that a cyber attack caused minor disruptions to its Information and Communication Technology (ICT) infrastructure. The attack was perpetrated by the Lockbit 2.0 cyber gang using a relatively new model of cyberattacks--Ransomware as a Service (RaaS). Although ERG reported that no downtime was caused, and its services remained fully operational, this attack is of particular concern because it highlights the rising popularity--and dangerous threat to global information security--of the new RaaS business model.
One reason for this concern is that the attack comes hot on the heels of the Colonial Pipeline attack, the most famous RaaS cyberattack to date. A short 3 months ago, in May 2021, Darkside Group successfully breached Colonial Pipeline, a major US fuel pipeline operator. Colonial’s pipelines deliver nearly half of the Eastern seaboard’s fuel supply, and the breach forced them to completely shutdown all pipeline operations. In the resulting aftermath US gasoline prices jumped 20% in just one day, causing a major public outcry and fuel shortages across several states. The US government responded with a slew of new regulations aimed at curtailing ransomware activity and strengthening US cybersecurity defences.
The RaaS business model is a subscription-based model that works in a manner similar to Software as a Service (Saas) business models. Cybercriminals on dark web forums obtain subscriptions to advanced, sophisticated software that enables them to relatively easily execute ransomware attacks. These cybercriminals act as affiliates of the original ransomware developers, providing them with a percentage of their ill-gained earnings in exchange for the use of the ransomware.
RaaS is particularly concerning because it essentially commoditizes ransomware attacks. If previously high technical proficiency was a prerequisite to becoming a cyber criminal, RaaS has upended this equation. Now, even inexperienced cybercriminals with limited technical skills can target, penetrate and extort a company for ransom. This unsettling development in the cybersecurity landscape has the potential to exponentially increase the number of active cybercriminals looking to perpetrate ransomware attacks.
The recent rise of RaaS attacks is no coincidence. The accelerated pace of digitization and the proliferation of cryptocurrencies has substantially enlarged the number of targets while significantly simplifying the ransom collection process. Cybercriminals are all too aware that this reality dramatically increases their chances of successfully pulling off a ransomware attack without being detected. With much to gain and little risk of detection, cybercriminal gangs have grown in number and prowess, and their ransomware and extortion methods have become increasingly more sophisticated. The RaaS model is a natural extension of this process, just the latest evolution of their efforts.
This is a worrisome issue for organizations, their customers, the public and the economy at large. However, energy sector organizations dealing with critical infrastructure assets are particularly at risk. The inherent nature of the critical, life-saving services they provide means that they have absolutely zero tolerance for downtime; they’re willing to pay whatever it takes to ensure that their services remain uninterrupted. Cybercriminals are well-aware of this fact, and have made energy sector organizations dealing with critical infrastructure high priority targets.
Critical infrastructure operators must move quickly to shore up their defences against ransomware attacks. The adoption of new, modern cybersecurity approaches that embrace proactive measures should be expedited to minimize cyber risks. Ideally, they’ll prefer solutions that empower awareness of all vulnerable assets while increasing visibility into potential threats. That implement best-practices empowering zero-trust policies and proactive threat mitigation so that attackers are kept at bay.
Schedule a complimentary cybersecurity consultation call with one of our cybersecurity experts to plan your response to the new RaaS threat.