{"id":2587,"date":"2022-03-16T13:51:01","date_gmt":"2022-03-16T19:51:01","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=2587"},"modified":"2022-03-16T13:51:07","modified_gmt":"2022-03-16T19:51:07","slug":"netwalker-and-the-rise-of-raas","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/03\/16\/netwalker-and-the-rise-of-raas\/","title":{"rendered":"NetWalker and the rise of RaaS"},"content":{"rendered":"\n

Ransomware-as-a-service, or RaaS, is a business model in which developers sell ransomware to a network of affiliates who may lack the resources or experience to create their own malware. Profits are then split between the two groups. Although such services are typically accessed via the dark web, they operate similarly to legitimate software services, with marketing campaigns, help forums, and kits that allow even those with little technical knowledge to pose a serious threat. Bitcoin is the preferred method of payment, making criminal behavior even more difficult to track.[1]<\/sup> <\/p>\n\n\n\n

\"\"
Direct ransomware operations vs the RaaS model.<\/figcaption><\/figure><\/div>\n\n\n\n

RaaS coupled with more sophisticated extortion strategies are credited with the proliferation of ransomware attacks in recent years. Not only are the number of reported attacks on the rise, but the average ransom payment has increased (up approximately 82% from 2018 to 2020).[2]<\/sup> According to Cybersecurity Ventures, it is estimated that ransomware attacks occurred once every 11 seconds in 2021.<\/p>\n\n\n\n

Businesses of any size are at risk. While smaller businesses tend to have weaker security measures in place, larger businesses may be more willing to pay higher ransoms to minimize downtime.<\/p>\n\n\n\n

NetWalker\u2019s Notoriety<\/h3>\n\n\n\n

NetWalker, formerly called Mailto, was established by the cybercrime group Circus Spider in 2019 and transitioned to a closed-access RaaS model in 2020, meaning affiliates were screened before being granted access to customize the ransomware as they saw fit. In particular, NetWalker selected hacker gangs who specialized in high-precision network attacks against larger companies rather than mass-distribution methods targeting smaller entities.[3]<\/sup> The group\u2019s activity was at its peak in early 2020, attacking immigration agencies, schools, law enforcement centers, and hospitals.<\/p>\n\n\n\n

NetWalker\u2019s success can be attributed to the utilization of double-extortion techniques, leaking samples of the victim\u2019s data and threatening to release more if their demands were not met.[4]<\/sup> Healthcare facilities were particularly vulnerable, due to understaffed IT departments overwhelmed in the early days of the pandemic. Universities specializing in medical research also became prime targets.<\/p>\n\n\n\n

The Case<\/h3>\n\n\n\n

In January 2021, Sebastien Vachon-Desjardins, a former Canadian government employee, was arrested for his alleged involvement in the NetWalker ransomware attacks from April-December 2020. Canadian authorities seized approximately $28.1 million worth of bitcoin and $790,000 CAD, as well as 20 terabytes of data leading to the identification of 17 compromised Canadian companies.[5]<\/sup> Around the same time, the Bulgarian national police force disabled part of NetWalker\u2019s payment infrastructure that doubled as the group\u2019s leak site.[4]<\/sup><\/p>\n\n\n\n

\"\"
The NetWalker leaks site has since been taken down. Image Credits: TechCrunch (screenshot).<\/figcaption><\/figure><\/div>\n\n\n\n

Earlier this year, Vachon-Desjardins pled guilty to charges of participation in a criminal organization and unauthorized use of computer data. He has recently been extradited to the US and is now awaiting further charges.[6, 7]<\/sup><\/p>\n\n\n\n

Despite the increase in ransomware attacks, effective enforcement for cybercrime remains low for the simple reason that the law often does not cover situations in which the perpetrator originates in a different jurisdiction as the victim. The apprehension of Vachon-Desjardins proves that strong international collaboration is a vital tool in combating and deterring future attacks.<\/p>\n\n\n\n

References:<\/p>\n\n\n\n

  1. https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/ransomware-as-a-service-enabler-of-widespread-attacks<\/a><\/li>
  2. https:\/\/www.pandasecurity.com\/en\/mediacenter\/security\/ransomware-statistics\/#ransom<\/a><\/li>
  3. https:\/\/www.varonis.com\/blog\/netwalker-ransomware<\/a><\/li>
  4. https:\/\/threatpost.com\/netwalker-ransomware-suspect-charged\/163405\/<\/a><\/li>
  5. https:\/\/www.newswire.ca\/news-releases\/successful-collaboration-between-the-rcmp-and-the-fbi-leads-to-guilty-plea-and-forfeiture-of-over-34-million-in-assets-865266069.html<\/a><\/li>
  6. https:\/\/www.infosecurity-magazine.com\/news\/netwalker-suspect-extradited-to-us\/<\/a><\/li>
  7. https:\/\/techcrunch.com\/2022\/03\/11\/netwalker-extradited-bitcoin-seized\/<\/a><\/li><\/ol>\n\n\n\n


    <\/p>\n","protected":false},"excerpt":{"rendered":"

    Ransomware-as-a-service, or RaaS, is a business model in which developers sell ransomware to a network of affiliates who may lack the resources or experience to create their own malware. Profits are then split between the two groups. Although such services are typically accessed via the dark web, they operate similarly to legitimate software services, with … <\/p>\n

    Continue reading “NetWalker and the rise of RaaS”<\/span><\/a><\/p>\n","protected":false},"author":319,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[15],"tags":[48,47],"class_list":["post-2587","post","type-post","status-publish","format-standard","hentry","category-cpsc-329-602-w22","tag-netwalker","tag-ransomware","entry"],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Jules Hoepner","author_link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/author\/jules-hoepner\/"},"_links":{"self":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2587","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/users\/319"}],"replies":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/comments?post=2587"}],"version-history":[{"count":10,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2587\/revisions"}],"predecessor-version":[{"id":2642,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2587\/revisions\/2642"}],"wp:attachment":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/media?parent=2587"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/categories?post=2587"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/tags?post=2587"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}