Connect with us

Technology

Is blockchain a friend or foe in ransomware attacks?

Voice Of EU

Published

on

UCD assistant professor Dr Nima Afraz explores how blockchain technology could be used against cyberattacks as well as the potential danger it poses.

In light of the recent ransomware attack on Ireland’s Health Service Executive (HSE), I have examined the possible role blockchain technology can play in exacerbating but also preventing such attacks.

The race is now on between those who want to use blockchain for good and those who seek to use it to create further criminal harm.

Ransomware is an increasingly common type of cyberattack during which the victim’s computer is infiltrated and their data rendered inaccessible by encryption techniques. The victim is then forced to pay a ransom to gain access to their own data.

A ransomware attack consists of several steps:

1. Infection/breach: Hackers use an attack vector to deliver the infected software or the ‘payload’ to the victim’s device.

2. The malware spreads: The malware spreads within the victim’s network and quickly encrypts their files.

3. Negotiations begin: The attacker shows an alert on the victim’s screen or opens a communication channel with them and promises to unlock the encrypted data when the ransom is paid.

A ransomware victim’s computer screen with directions on how to pay the ransom.

A ransomware victim’s computer screen with directions on how to pay the ransom.

Ransomware supply chain

The more advanced these attacks become, the more specialisation each step requires. For instance, an advanced cryptographist capable of designing the most sophisticated multi-threaded encryption technique is not necessarily a skilled extortion-negotiator or an adept social engineer.

At the same time, a cybercrime gang will risk more danger by recruiting more people. Hence, a new concept has emerged to connect these cybercriminals without exposing them to more danger. The recent phenomenon is called ransomware-as-a-service (RaaS).

RaaS platforms are often equipped with a step-by-step process allowing the client (in this case, the attacker) to customise many aspects of the malicious software, including the attack vector, encryption method, the type of files targeted (images, PDF, or a specific file format), communication channel and messages.

A dark web marketplace ad claiming to sell a custom-made ransomware

A dark web marketplace ad claiming to sell a custom-made ransomware.

Cybercriminals’ struggle for trust

Unsurprisingly cybercriminals do not trust each other. The marketplaces on the dark web where such RaaS offerings are sold are full of reviews from opportunist novice criminals who heard about RaaS and thought they could get rich overnight, only to be scammed by other con artists.

Similarly, the victims also have good reasons not to trust the attackers, besides them being criminals. For one, according to Kaspersky, only a quarter of ransomware victims manage to fully recover their data after paying the ransom. This is simply because the attackers do not invest substantial time and money in developing the decryption tool.

Meanwhile, very often, even after receiving the ransom and exchanging the decryption keys, the greedy attackers threaten to leak the sensitive data acquired during the attack and continue blackmailing the victim.

Therefore, there is no guarantee that after paying the ransom, the victim will get all their data back.

This issue seldom goes out of the area of individual trust and becomes a public cry for legitimacy. The collective of dark web hackers has long enjoyed the Robin Hood status due to targeting big corporations and donating to charities or leaking classified data on the government and public figure corruption.

Support Silicon Republic

Like drug cartels’ popularity stunts during the pandemic, cybercriminals benefit from the ‘coolness factor’ to recruit more hackers and maintain a reputation in public opinion.

However, preventing a country’s cancer patients from accessing chemotherapy and articles such as this is not consistent with the Robin Hood stature they yearn for. This might be why the cybercriminals behind the recent ransomware attack against HSE suddenly decided to publish the decryption tool online and for free.

Where does the blockchain come in?

Although the earliest documented ransomware attack dates back to 1989, the emergence of bitcoin and other cryptocurrencies has resulted in a massive resurgence in ransomware attacks. This is mainly because these cryptocurrencies allow attackers to extort large sums of money while remaining anonymous and difficult to trace.

The bad news is blockchain technology might prove to be the missing link in the full automation of ransomware attacks. Cybercriminals have already made efforts in automating the process of customising and selling ransomware. However, the lack of trust between cybercriminals is still a barrier to the full automation of this process.

A smart contract-based RaaS supply chain could cultivate more worrying degrees of operation. For instance, the cybercriminals could agree on a smart contract where a ransomware developer would only get a commission fee and only if the ransomware is proven effective. Once an agreement is written in a smart contract format, it’s immutable and unstoppable by either party.

From human-operated to automated attacks

On the other hand, blockchain could be used by the attackers to gain the victim’s trust. Researchers have studied how blockchain-based semi-autonomous ransomware could take the scale of ransomware attacks to an entirely new level. Researchers are now studying new ransom payment paradigms enabled by blockchain technology, including the pay-per-decrypt method.

Pay-per-decrypt is designed to gain the victim’s trust by allowing them to pay separate ransom for each, or a subset of, encrypted files. This will remedy the lack of trust between a victim who, rather than a large lump sum payment with uncertainty, will pay small amounts in return for guaranteed decryption. Another advantage of pay-per-decrypt for the attacker is the additional payment options they can program into the smart contracts, such as dynamic pricing of the files.

It is not all bad news

Blockchain technology can also work as a preventative measure to disarm ransomware.

In many cases, the main problem for victims is that only one copy of their data was ever stored on the servers. If attackers target this single point of failure, it’s enough to cost a victim access to their data.

Suppose the victim was instead keeping distributed records of their data spread across multiple servers hosted by independent providers instead of a single centralised copy. In that case, they could have isolated the infected machine and recovered all the data from the other copies.

Blockchain is one of the main technologies that allow such a distributed record-keeping with multiple immutable copies of the data available on demand without relying on a central entity and, therefore, no single point of failure.

On top of that, other distributed file storage protocols such as InterPlanetary File System (IPFS) could be used in parallel to blockchain to store larger datasets.

In addition, our work on collaborative attack prevention also uses blockchain technology to incentivise network entities to share attack information with each other and potentially leading to better defence against ransomware.

By Dr Nima Afraz

Dr Nima Afraz is an assistant professor at University College Dublin and is associated with the Connect  SFI research centre in Trinity College Dublin.

Source link

Technology

How to keep a support contract • The Register

Voice Of EU

Published

on

On Call Let us take a little trip back to the days before the PC, when terminals ruled supreme, to find that the more things change the more they stay the same. Welcome to On Call.

Today’s story comes from “Keith” (not his name) and concerns the rage of a user whose expensive terminal would crash once a day, pretty much at the same time.

The terminal in question was a TAB 132/15. It was an impressive bit of kit for the time and was capable of displaying 132 characters of crisp, green text on a 15-inch CRT housed in a futuristic plastic case. Luxury for sure, unless one was the financial trader trying to use the device.

Once a day, at around 13:30, the terminal would hang. The user would have to reach behind it, power it off, wait a bit, and then fire it back up again. To placate the angry customer, a replacement was dispatched, and all was well. Until the problem started again. Another replacement was made. Another week or so went by with no complaints. And again, another call: the terminal was hanging. Same time. A few times a week.

“These terminals were in the thousand-dollar range,” Keith told us, so a monthly replacement cycle was not really an option. He even used one of the faulty units himself for a while and encountered no issues, which was odd in itself and, we reckon, planted a seed of suspicion.

As for the customer, he was raging by this point. “He was threatening to cancel our contract for his entire firm,” remembered Keith, which would hit the bottom line hard. A salesperson was sent out to see what was happening, but there was no failure.

A technician went out; again no failure. Was this a case of “Technician Syndrome”, where a problem cannot be replicated in front of service personnel? Maybe. Keith’s team were at their wit’s end while the customer had hit the end of his tether and gone beyond.

The solution to the problem was accidental. Keith was back on site, diagnosing an unrelated software issue, but could see the suspect terminal on the other side of the room. As he watched, the trader using the machine sat back for lunch, flipping through the pages of a financial newspaper. A phone call came through, and the trader slung the paper on top of the monitor, took the call, and then resumed work.

Oblivious to the newspaper.

A few minutes later there was uproar. The trader had stood and was slapping the side of the terminal, yelling all manner of not-safe-for-work oaths and casting aspersions upon the good name of Keith’s firm, the software, the programmers, and the computing industry in general. The cursing continued as the trader reached behind for the power switch, knocking the paper aside.

Keith had his solution. But was smart enough to know that a bland presentation of facts would probably not help. Instead, he arranged for his office to call the trader and tell him that a tech was on the way to help. He waited until the trader was distracted and sauntered over.

“Sure enough,” said Keith, “he said he was glad to see me but launched into a tirade again about the device’s many faults.”

He let the customer vent for a while, and surreptitiously placed the newspaper back on top over the heat vents on the terminal while pretending to examine the rear of the unit.

Now patience was needed. It wouldn’t take long – the terminal had, after all, only just recovered from its last overheating episode – and Keith encouraged the trader to unload all his woes and grievances.

The bug list was building as the screen suddenly flickered and locked up. “There! You see that?” exclaimed the user. Keith nodded and reached round the side of the terminal to cycle the power. Sure enough, it came back up.

Keith made a show of thanking the user for showing him the elusive bug and was staging a call with a co-worker, supposedly to prepare a replacement, when the terminal locked up again.

Keith wrinkled his forehead at the “mystery” before offering up an explanation.

“Ah!” he exclaimed, “Did you see how that flicker started from the top and moved to the down?”

Those familiar with the technology will know it was just following the raster pattern. The customer, on the other hand, did not.

“That is often a sign it is overheating,” said Keith, playing fast and loose with the truth, “but this office is cool?”

He pretended to be mystified until the penny dropped for the trader, who unleashed yet more expletives as he realised where he’d dropped his newspaper and snatched it away from the vents.

Feeling the volcanic heat spewing from the depths of the terminal, he turned to Keith, suddenly concerned: “Will it be OK?”

Of course it would. It had only been overheating for a short time every day. The apologies from the customer, who had “discovered” the problem, were profuse and copious. Keith excused himself, but not before rubbing a bit more salt into the wound by telling the user he needed to cancel the burn-in process of yet another expensive replacement.

As it turned out, rather than the customer cancelling the support contact, it ended up being extended.

“It was a good thing I’d let him ‘discover’ the fault,” said Keith. “If I had found it, he would have been very defensive and we still might have lost that contract.”

The minor bugs the user had reported while Keith had been waiting for the overheating to happen again were swiftly dealt with and the enhancement requests logged. Keith also reported back to his boss, who spent rather a lot of time laughing.

“It was a good day.”

Ever set the stage so the customer thinks they’re the hero of the hour? Or maybe you’ve wished all manner of unpleasantness upon your suppliers before realising the blame laid with you all along? Tell us about the time you picked up the phone with an email to On Call. ®

Source link

Continue Reading

Technology

NUIG to spend €5m on research to help address global issues

Voice Of EU

Published

on

Several key research areas have been identified by NUI Galway to work towards for 2026.

NUI Galway’s recently launched research and innovation strategy includes a €5m investment on support for its multi-disciplinary research teams as they grapple with several global issues.

The strategy, which lays out plans for the university’s next five years of research, focuses on six areas: antimicrobial resistance, decarbonisation, democracy and its future, food security, human-centred data and ocean and coastal health.

“As a public university, we have a special responsibility to direct our research toward the most pressing questions and the most difficult issues,” said to Prof Jim Livesey, VP for research and innovation at NUI Galway.

“As we look into the future, we face uncertainty about the number and nature of challenges we will face, but we know that we will rely on our research capacity as we work together to overcome them,” Livesey added.

The plan focuses on creating the conditions to intensify the quality, scale and scope of research in the university into the future. This includes identifying areas with genuine potential to achieve international recognition for NUI Galway. It also aims to continue to cultivate a supportive and diverse environment within its research community.

NUI Galway has research collaborations with 3,267 international institutions in 114 different countries. The university also has five research institutes on its Galway city campus, including the Data Science Institute, the Whitaker Institute for social change and innovation and the Ryan Institute for marine research.

Its research centres in the medtech area include Science Foundation Ireland’s Cúram and the Corrib Research Centre for Advanced Imaging and Core Lab.

The university will also continue to involve the public with its research and innovation plans through various education and outreach initiatives. It is leading the Public Patient Involvement Ignite network, which it claims, will “bring the public into the heart of research initiatives”.

Another key area identified in the strategy report is the development of partnerships with industry stakeholders. NUI Galway has spun out many successful companies in recent years, including medtechs such as AuriGen Medical, Atrian, Vetex Medical and Neurent.

According to MedTech Europe, Ireland has the highest number of medtech employees per capita in Europe along with Switzerland.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Technology

France hails victory as Facebook agrees to pay newspapers for content | France

Voice Of EU

Published

on

France has hailed a victory in its long-running quest for fairer action from tech companies after Facebook reached an agreement with a group of national and regional newspapers to pay for content shared by its users.

Facebook on Thursday announced a licensing agreement with the APIG alliance of French national and regional newspapers, which includes Le Parisien and Ouest-France as well as smaller titles. It said this meant “people on Facebook will be able to continue uploading and sharing news stories freely amongst their communities, whilst also ensuring that the copyright of our publishing partners is protected”.

France had been battling for two years to protect the publishing rights and revenue of its press and news agencies against what it termed the domination of powerful tech companies that share news content or show news stories in web searches.

In 2019 France became the first EU country to enact a directive on the publishing rights of media companies and news agencies, called “neighbouring rights”, which required large tech platforms to open talks with publishers seeking remuneration for use of news content. But it has taken long negotiations to reach agreements on paying publishers for content.

No detail was given of the exact amount agreed by Facebook and the APIG.

Pierre Louette, the head of the media group Les Echos-Le Parisien, led the alliance of newspapers who negotiated as a group with Facebook. He said the agreement was “the result of an outspoken and fruitful dialogue between publishers and a leading digital platform”. He said the terms agreed would allow Facebook to implement French law “while generating significant funding” for news publishers, notably the smallest ones.

Other newspapers, such as the national daily Le Monde, have negotiated their own deals in recent months. News agencies have also negotiated separately.

After the 2019 French directive to protect publishers’ rights, a copyright spat raged for more than a year in which French media groups sought to find common ground with international tech firms. Google initially refused to comply, saying media groups already benefited by receiving millions of visits to their websites. News outlets struggling with dwindling print subscriptions complained about not receiving a cut of the millions made from ads displayed alongside news stories, particularly on Google.

But this year Google announced it had reached a draft agreement with the APIG to pay publishers for a selection of content shown in its searches.

Facebook said that besides paying for French content, it would also launch a French news service, Facebook News, in January – a follow-up to similar services in the US and UK – to “give people a dedicated space to access content from trusted and reputable news sources”.

Facebook reached deals with most of Australia’s largest media companies earlier this year. Nine Entertainment, which includes the Sydney Morning Herald and the Age, said in its annual report that it was expecting “strong growth in the short-term” from its deals with Facebook and Google.

British newspapers including the Guardian signed up last year to a programme in which Facebook pays to license articles that appear on a dedicated news section on the social media site. Separately, in July Guardian Australia struck a deal with Facebook to license news content.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!