By George Popa
The importance of technology in our daily lives is so undeniable that it has become an integral element in every segment of human organisation, ranging from communication, economy, access to information, healthcare, government and so on. This article will focus on the problems raised by ransomware software, and describes how blockchain technology can negate its effects.
The problem is that many aspects of our lives can act as a double-edged sword, and technology is no exception. It can be argued that it has been the main reason why humanity has seen an unfathomable level of progress during the 20th century, but at the same time, it has acted as a means to achieve selfish and destructive goals. Technology is a wide umbrella term that refers to the application of scientific knowledge for practical purposes, machinery, and equipment developed from the application of scientific knowledge, as well as the branch of knowledge which deals with engineering or applied sciences.
What is ransomware?
Ransomware or ransom malware is a type of malicious software that prevents users from accessing their system or personal files and demands a ransom payment in order to regain access. Over the past decade, ransomware has become one of the most prolific criminal business models in the world, due to the fact that cyber-criminals usually target high profile individuals, corporations and even governmental institutions.
Ransomware works by locking a victim’s computer through encryption and demanding a substantial sum of money, usually in cryptocurrency form, most notably Bitcoin (because it is the most valuable crypto and because it maintains a level of pseudonymity) for the decryption key necessary to decrypt the data. Failure to comply with the demands leads to a permanent loss of the data. Ransomware propagates through malicious email attachments, infected software apps, infected external storage devices, and compromised websites. There have also been cases where attackers used remote desktop protocol and other approaches that do not rely on any form of user interaction.
Over the past decade, ransomware has become one of the most prolific criminal business models in the world
Types of ransomware
Scareware refers to rogue security software and tech support scams, where users receive pop-up notifications which state that malware has been detected in the system and that the only way to remove it is to pay up. As the name implies, scareware tries to coerce users to pay up by relying on fear. In most cases, if users don’t take actions, they will still be bombarded with pop-ups, but their files will not be harmed.
Screen lockers, commonly known as lockers are a type of ransomware designed to lock a user out of their computer. When the victim starts their computer, they usually see what looks to be an official governmental seal or the logo of the police department or institution responsible for sanctioning cyber misconduct. The target is informed that unlicensed software or illegal web content has been found on their computer, and is given instructions for how to pay an electronic fine. However, governmental institutions will never lock a user out of their computer, or demand payment for illegal activities. If someone is suspected of piracy or other types of cybercrimes, authorities will only take action through the appropriate legal channels.
Encryption ransomware, also known as data kidnapping attacks are a type of ransomware where attackers gain access to a user’s data, encrypt it and ask for payment to unlock the data. This type of ransomware is more dangerous because once cybercriminals get a hold of a user’s data, no security software or system restore can return them unless they pay the ransom. The problem is that even if users pay up, there is no guarantee that the attackers will undo the damage.
Mobile ransomware specifically targets mobile devices. Attackers use mobile ransomware to steal data from a phone or to lock it. As with the encryption ransomware, the victim needs to pay a ransom to get their data back or to unlock the device.
Incidences of ransomware
On May 7, 2019, Baltimore, USA, discovered that the city’s government computer systems were infected with an aggressive ransomware called RobbinHood which encrypted a large number of critical files. The city was forced to take the system offline to keep the ransomware from spreading, but not before the malware managed to infect voice mail, email, a parking fines database, and a system used to pay water bills, property taxes, and vehicle citations. As a result of the attack, at least 1 500 pending home sales have been delayed. The city’s water billing system was also affected, so residents are faced with larger than usual water bills, and parking or speeding fines could only be paid using paper tickets instead of electronic methods. A copy of the digital ransom note, states that the city can recover the infected files for a price: three Bitcoins per system or 13 Bitcoins for them all. It is estimated that the aftermath of the attack will cost the city USD 10 million, in addition to the USD 8 million lost while the city was unable to process payments.
On a similar note, Riviera Beach, a city from Florida, USA, had its computer systems held hostage by a ransomware which disabled emails, emergency response systems, water pump stations, while also forcing staff to use paper-based admin systems. The city council initially refused to give in to the demands of the attackers and pay the ransom of USD 600,000 in Bitcoin, but were forced to rethink their position, as the estimated cost of replacing the computer systems was USD 941,000.
The events from the US are not isolated cases. On June 20, 2019, multiple hospitals from Romania had their computer systems targeted by ransomware. As a result of the cyber attack, hospital activities such as admissions, discharges, and issuing of receipts were more difficult to perform. The Romanian National Computer Security Incident Response Team together with Cyberint and Bitdefender concluded that the hospitals were attacked with Maoloa and Phobos malware.
Maoloa is a relatively new strain of malware which first appeared in February 2019. Maloa is inspired by and shares common characteristics with a family of ransomware known as GlobeImposter. Maoloa spreads through emails with infected attachments, or through hackers who access unprotected Remote Desktop Protocol instances. Once a system has been infected, Maoloa encrypts files created with the Office suite, OpenOffice, PDF documents, text files, databases, and multimedia files.
Phobos is one of the many variants of the prolific Crysys ransomware family. Phobos spreads mainly through manual infections that hackers initiate after entering the organisation through exposed instances of the Remote Desktop Protocol. After the documents are encrypted, the victim is asked to send a message to an anonymous email address to receive the decryption price, which varies depending on the company profile and estimated turnover.
These recent attacks suggest that the ransomware phenomenon unfolds on a global magnitude and that many organisations and institutions, including governments, still rely on legacy systems which do not employ proper security measures. Moreover, ransomware kits are now available on the deep web (a large segment of the Internet that is inaccessible to conventional search engines) which enables cybercriminals to use software tools purposely designed to create ransomware with specific capabilities. This way, hackers can generate malware for their own distribution. Recent advances in software development have made it possible for non-technical individuals to access custom-built software, according to their specifications.
This is also the case for ransomware. Ransomware as a service (RaaS) enables people with no background in tech to order relatively inexpensive ransomware and launch attacks with minimal effort. For example, in a RaaS scenario, the ransomware provider collects the ransom payments and deducts a percentage before distributing the rest of the proceeds to the service user.
Blockchain, a solution for ransomware
Bitcoin has become the go-to cryptocurrency for cybercriminals, but blockchain, the underlying technology behind Bitcoin, can provide an answer to ransomware. This is because blockchain – if used properly – has the potential to completely reshape our perspective on data storage and data manipulation.
Blockchain is a digital, distributed and decentralised ledger of transaction which stores transaction data in structures called blocks. Each block contains transaction data and metadata (a set of data which provides information about the respective block), the advantage of this structure is that each block is constructed upon the previous block, in a chain-like structure (hence the name blockchain), by calculating the hash of the previous block and combining it with the hash of the second block of transactions. This complex design is what gives the data introduced in the blockchain its immutability and integrity. If a malicious actor attempts to alter the data from a block, every change will be immediately noticed by the system and every other network participant, because it will render all the following blocks invalid. These design choices make blockchain ideal for data storage because it is an append-only structure, which means that data can only be introduced into the system, it can never be completely deleted. Any changes made are stored further down the chain, but an admin can always see that when the changes occurred, who made them as well as the previous version of the data.
Blockchain – if used properly – has the potential to completely reshape our perspective on data storage and data manipulation.
Decentralisation and distribution are core features which further increase blockchain’s tolerance to attacks. Decentralisation means that the network does not rely on a central server to host all the data, but distributes it across every network participants, also known as nodes. There are many types of nodes in a blockchain network, full nodes for example store a copy of the entire blockchain. As a result, the entire system doesn’t have a single point of failure. If a node is compromised, admins just have to address the vulnerability which allowed the malicious user to access the network and restore the node to its previous version, or they can simply cut out the node from the network. In case of encryption by ransomware, the attacker would find it impossible to hold all the data hostage, because the entire network is distributed among thousands of users (even more depending on the size of the blockchain), and even if they manage to encrypt a node, admins close the proverbial backdoor through which the attacker entered and restore the node to its previous version.
It is safe to assume that a blockchain powered database can be an ideal solution to ransomware or other types of data hijacking. In healthcare, this type of system can empower patients by making them the true owners of their health records. The creation of portable user-owned data means that each patient can choose who has access to their data, move to another health care institution without the risk of losing any data, and give instant access to a physician to their entire medical history. Meanwhile, hospitals benefit from an increase in health data interoperability, integrity, and security. Blockchain streamlines clinical device knowledge operations integration and its security capabilities could ease the monitoring and management of millions of medical equipment, and streamline the drug supply chain management. These changes also translate to huge financial savings. In the case of Florida and Baltimore, and many other similar cases, a blockchain powered system would have completely mitigated the damages resulted from the ransomware, by simply restoring the data records to their previous versions.
Modex Blockchain Database (BCDB) was designed to help people without a background in tech, access the benefits of blockchain technology and remove the dangers posed by the loss of sensitive data.
Currently, the majority of blockchain solutions present on the market are oriented towards blockchain as a service, limiting themselves to a rigid view and application of the technology. A company or the CTO of a company can come to the realisation, after a bit of study that their business can solve several issues and streamline back-end processes by implementing blockchain. The problem is that in order for a company to implement blockchain technology only through its own tech team, they need to invest a significant amount of time and resources to study what type of blockchain is most suited for their needs, and commence a lengthy process of learning the development specificity of the respective blockchain, as well as scouting for developers proficient in the technology.
Modex BCDB is a new take on blockchain technology which removes the need to invest resources in blockchain training and facilitates fast adoption of the technology in businesses. The solution proposed by Modex is a middleware which fuses a blockchain with a database to create a structure which is easy to use and understand by developers with no prior knowledge in blockchain development. As a result, any developer who knows to work with a database system can operate with this solution, without needing to change their programming style or learn blockchain.
Modex BCDB is a new take on blockchain technology which removes the need to invest resources in blockchain training and facilitates fast adoption of the technology in businesses
Through our blockchain component Modex BCDB is able to transform with minimal changes any type of database into a decentralised database which holds the same valuable characteristics inherent to blockchain technology: transparency, increased security, data immutability, and integrity.
Every enterprise is reserved and unwilling to make changes to its database, and for good reason, as data loss or data corruption constitute major risks. Modex BCDB doesn’t work by deleting the existing database, or data entries. The database is maintained intact throughout the process, data integrity is ensured by calculating the metadata of the records and storing it on the blockchain. Moreover, the system does not restrict access to the blockchain or to the database, so when a developer needs to make a reporting or ETL transformations, they can always perform warehouse analytics by accessing the database directly. This is because Modex BCDB has been purposely designed to be agnostic. With our solution, clients are able to set up a network, regardless of the type of database employed. In a consortium, each company can maintain what type of database they prefer (Oracle, Microsoft, IBM, Mogo DB), and connect them through a blockchain powered network to ensure cohesion, availability while protecting corporate interests.