I-Ransomware ayisosisongelo esitsha kwi-intanethi. Iingcambu zawo zibuyela emva kwiminyaka emininzi eyadlulayo. Lo mngcipheko uye waba yingozi ngakumbi kwaye ukhohlakele ngokuhamba kwexesha.
Igama elithi “ransomware” lifumene ukuqondwa ngokubanzi ngenxa yohlaselo lwe-cyberattacks oluye lwabangela ukuba amashishini amaninzi angasebenziseki kwiminyaka yakutshanje.
Zonke iifayile ezikwiPC yakho zikhutshiwe kwaye zifihliwe, emva koko isikrini sakho simnyama kwaye umyalezo okwisiNgesi okhubekisayo uyavela.
YKufuneka uhlawule intlawulelo kubaphuli-mthetho abantsundu kwi-cybercriminals kwi-Bitcoin okanye ezinye ii-cryptocurrencies ezingafumanekiyo ukuze ufumane isitshixo se-decryption okanye uthintele idatha yakho ebuthathaka ukuba ikhululwe kwiwebhu emnyama.
Kodwa bambalwa abanokwazi nge-ransomware-as-a-Service, imodeli yoshishino ephantsi komhlaba elungelelaniswe kakuhle enokuthi iqhube ezi ntlobo zohlaselo (okanye iRaaS).
Esikhundleni sokwenza uhlaselo ngokwabo, abaqulunqi be-ransomware barenta iintsholongwane zabo ezibiza kakhulu kubaphuli-mthetho abanamava angaphantsi kwamava abakulungeleyo ukuzifaka emngciphekweni onxulumene nokuqhuba imisebenzi ye-ransomware.
Isebenza njani yonke kodwa? Ngubani okhokela ulawulo kwaye ngubani osebenza njengabaphakathi? Kwaye mhlawumbi kubaluleke kakhulu, ungalikhusela njani ishishini lakho kunye nawe kolu hlaselo lukhubazayo?
Qhubeka ufunda ukuze ufunde ngakumbi malunga neRaaS.
Yintoni iRansomware njengeNkonzo (RaaS)?
I-Ransomware-as-a-service (i-RaaS) yimodeli yeshishini lolwaphulo-mthetho evumela nabani na ukuba azibandakanye kwaye asebenzise izixhobo zokusungula uhlaselo lwe-ransomware.
Abasebenzisi beRaaS, njengabo basebenzisa ezinye iimodeli zenkonzo njengesoftware-njengenkonzo (i-SaaS) okanye iqonga-njengenkonzo (i-PaaS), irenti kuneenkonzo ze-ransomware.
Yikhowudi ephantsi, isoftware-njenge-inkonzo yokuhlasela iVector eyenza abaphuli-mthetho bathenge isoftware ye-ransomware kwiwebhu emnyama kwaye baqhube uhlaselo lwe-ransomware bengazi ukuba bayikhowudi njani.
I-imeyile ye-phishing schemes yinto eqhelekileyo yohlaselo lwe-RaaS yobuthathaka.
Xa ixhoba licofa ikhonkco elibi kwi-imeyile yomhlaseli, i-ransomware ikhuphela kwaye isasazeke kuwo wonke umatshini ochaphazelekayo, ikhubaza i-firewall kunye nesofthiwe ye-antivirus.
I-software ye-RaaS inokuzingela iindlela zokuphakamisa amalungelo emva kokuba i-perimeter yokukhusela ixhoba iphulwe, kwaye ekugqibeleni ibambe umbutho wonke ngokubhala iifayile ukuya kwindawo apho zingenakufikeleleka khona.
Emva kokuba ixhoba lixelelwe ngohlaselo, inkqubo iya kubanika imiyalelo malunga nendlela yokuhlawula intlawulelo kwaye (ngokufanelekileyo) ufumane isitshixo esilungileyo se-cryptographic for decryption.
Nangona i-RaaS kunye nokuba sesichengeni se-ransomware akukho semthethweni, abaphuli-mthetho abenza olu hlobo lohlaselo banokuba ngumceli mngeni ngakumbi ukubamba kuba basebenzisa iibrowser zeTor (ekwabizwa ngokuba zii-onion routers) ukufikelela kumaxhoba abo kwaye bafune intlawulo yentlawulelo ye-bitcoin.
I-FBI ibango lokuba abadali be-malware abaninzi ngakumbi basasaza iinkqubo zabo ezinobungozi ze-LCNC (ikhowudi ephantsi / akukho khowudi) ngokutshintshiselana nokunqunyulwa kwenkqubo yokuphanga.
Isebenza njani imodeli yeRaaS?
Abaphuhlisi kunye nabaManyano bayasebenzisana ukwenza uhlaselo olusebenzayo lweRaaS. Abaphuhlisi bajongene nokubhala i-malware ekhethekileyo ye-ransomware, ethi emva koko ithengiselwe i-affiliate.
Ikhowudi ye-ransomware kunye nemiyalelo yokuqalisa uhlaselo inikezelwa ngabaphuhlisi. I-RaaS ilula ukuyisebenzisa kwaye ifuna ulwazi oluncinci lwetekhnoloji.
Nabani na onokufikelela kwiwebhu emnyama unokungena kwi-portal, ajoyine njenge-affiliate, kwaye aqalise uhlaselo ngokucofa kanye. Abaxhasi bakhetha uhlobo lwentsholongwane abafuna ukusasaza kwaye benze intlawulo besebenzisa i-cryptocurrency, eqhelekileyo i-Bitcoin, ukuqalisa.
Umphuhlisi kunye ne-affiliate yahlula umvuzo xa imali yentlawulelo ihlawulwe kwaye uhlaselo luphumelele. Uhlobo lwemodeli yengeniso lumisela indlela eyabiwa ngayo imali.
Makhe sihlolisise ezimbalwa zezi zicwangciso zoshishino ezingekho mthethweni.
Affiliate RaaS
Ngenxa yezinto ezahlukeneyo, kubandakanywa ulwazi lophawu lweqela le-ransomware, amazinga okuphumelela amaphulo, kunye ne-caliber kunye neentlobo zeenkonzo ezinikezelwayo, iinkqubo eziphantsi komhlaba ezihlangeneyo ziye zaba zezona ndlela zaziwa kakhulu ze-RaaS.
Imibutho yezaphuli-mthetho ihlala ijonge abagebenga abanokungena kuthungelwano lweshishini bebodwa ukuze bagcine ikhowudi yabo ye-ransomware ngaphakathi kwiqela lemigulukudu. Emva koko basebenzisa intsholongwane kunye noncedo ukuqalisa uhlaselo.
Nangona kunjalo, i-hacker isenokungayifuni le nto inikwe ukunyuka kwamva nje kwenethiwekhi yoshishino yokufikelela kwintengiso kwiwebhu emnyama ukwanelisa ezi nqobo.
Abaxhasi abaxhaswe kakuhle, abanamava abancinci baqalisa uhlaselo oluphezulu lomngcipheko ngokutshintshiselana nesabelo senzuzo kunokuhlawula umrhumo wenyanga okanye wonyaka ukuze basebenzise ikhowudi ye-ransomware (kodwa ngamanye amaxesha amaqabane anokuhlawula ukudlala).
Uninzi lwexesha, amaqela emigulukudu ye-ransomware afuna abaqweqwedisi abanezakhono ngokwaneleyo ukuba bangene kuthungelwano lwenkampani kwaye babe nesibindi ngokwaneleyo sokuqhuba ugwayimbo.
Kule nkqubo, i-affiliate ihlala ifumana phakathi kwe-60% kunye ne-70% yentlawulelo, kunye ne-30% eseleyo ukuya kwi-40% ithunyelwa kumqhubi we-RaaS.
Urhumo olusekelwe kwiRaaS
Kweli qhinga, abakhohlisi bahlawula umrhumo wobulungu rhoqo ukuze babe nokufikelela kwi-ransomware, inkxaso yobugcisa, kunye nohlaziyo lwentsholongwane. Iimodeli ezininzi zenkonzo yobhaliso esekwe kwiwebhu, njengeNetflix, iSpotify, okanye iMicrosoft Office 365, iyathelekiseka noku.
Ngokuqhelekileyo, aboni be-ransomware bagcina i-100% yengeniso evela kwiintlawulo zentlawulelo ngokwabo ukuba bahlawulela inkonzo ngaphambili, enokubiza i-$ 50 ukuya kumakhulu eedola ngenyanga nganye, kuxhomekeke kumthengisi we-RaaS.
Le ntlawulo yobulungu imele utyalo-mali oluthobekileyo xa kuthelekiswa nentlawulo yentlawulelo eqhelekileyo emalunga ne-220,000 yeedola. Ewe kunjalo, iinkqubo ezidibeneyo zinokubandakanya intlawulo-yokudlala, into esekwe kubhaliso kwizicwangciso zabo.
Imvume yobomi bonke
Umvelisi we-malware unokugqiba ukunika iipakethi zentlawulo yexesha elilodwa kwaye agweme ukuthatha ithuba lokubandakanyeka ngokuthe ngqo kwi-cyberattacks endaweni yokufumana imali ephindaphindiweyo ngokubhaliselwa kunye nokwabelana ngenzuzo.
Izigebengu ze-Cybercriminal kule meko zihlawula intlawulo yexesha elilodwa ukuze bafumane ukufikelela ubomi bonke kwikhithi ye-ransomware, abanokusebenzisa nayiphi na indlela abayibona ifanelekile.
Abanye abakwa-cybercriminals abakumgangatho ophantsi banokukhetha ukuthenga into enye nokuba kubiza kakhulu (amashumi amawaka eedola kwiikiti ezintsonkothileyo) kuba kuya kuba nzima kakhulu kubo ukunxibelelana nomsebenzisi we-RaaS ukuba umqhubi uyabanjwa.
Intsebenziswano yeRaaS
I-Cyberattacks isebenzisa i-ransomware idinga ukuba i-hacker nganye echaphazelekayo ibe neseti yezakhono ezizodwa.
Kule meko, iqela liya kuhlanganisana kwaye libonelele ngeminikelo eyahlukeneyo kulo msebenzi. Umphuhlisi wekhowudi ye-ransomware, abahlaseli bothungelwano lwequmrhu, kunye nenegotiator yentlawulelo ethetha isiNgesi bayafuneka ukuze uqalise.
Ngokuxhomekeke kwindima yabo kunye nokubaluleka kwephulo, umthathi-nxaxheba ngamnye, okanye iqabane, liya kuvuma ukwahlula umvuzo.
Indlela yokubona uhlaselo lweRaaS?
Ngokuqhelekileyo, akukho khuseleko lohlaselo lwe-ransomware olusebenza nge-100%. Nangona kunjalo, ii-imeyile zokukhohlisa zihlala ziyeyona ndlela iphambili esetyenziswayo ukwenza uhlaselo lwe-ransomware.
Ke ngoko, inkampani kufuneka ibonelele ngoqeqesho lokwazisa ngobuqhetseba ukuze kuqinisekiswe ukuba abasebenzi banolwazi olungcono kakhulu lokuzibona ii-imeyile zokukhohlisa.
Kwinqanaba lobuchwephesha, amashishini anokuba neqela elikhethekileyo le-cybersecurity elinikwe umsebenzi wokuzingela izigrogriso. Ukuzingela isoyikiso yindlela ephumelele kakhulu yokufumanisa kunye nokuthintela uhlaselo lwe-ransomware.
Ithiyori iyadalwa kule nkqubo kusetyenziswa ulwazi malunga nama-vectors ohlaselo. I-hunch kunye nedatha yoncedo ekudalweni kwenkqubo enokuchonga ngokukhawuleza unobangela wohlaselo kwaye ilumise.
Ukugcina iliso malunga nokubulawa kwefayile engalindelekanga, ukuziphatha okukrokrisayo, njl njl kwinethiwekhi, izixhobo zokuzingela isoyikiso zisetyenziswa. Ukuchonga iinzame zohlaselo lwe-ransomware, basebenzisa iwotshi yeZalathi zokuLawula (IOCs).
Ukongeza, iimodeli ezininzi zokuzingela ezisongela imeko ziyasetyenziswa, nganye yazo ilungiselelwe ishishini lombutho ekujoliswe kuwo.
Imizekelo yeRaaS
Ababhali be-ransomware baye baqonda ukuba kunenzuzo kangakanani ukwakha ishishini leRaaS. Ukongeza, kuye kwakho imibutho eyoyikisayo emininzi eseka imisebenzi yeRaaS ukusasaza iransomware phantse kulo lonke ishishini. Le yimibutho embalwa yeRaaS:
- Icala elimnyama: Ngomnye wababoneleli beRaaS abadumileyo. Ngokweengxelo, eli genge lalisemva kohlaselo lwePipeline yaseKoloni ngoMeyi ka-2021. I-DarkSide ikholelwa ukuba iqale ngo-Agasti ka-2020 kwaye yanda emsebenzini kwiinyanga ezimbalwa zokuqala ze-2021.
- Dharma: I-Dharma Ransomware yaqala ukubonakala kwi-2016 phantsi kwegama elithi CrySis. Nangona bekukho iinguqulelo ezininzi zeDharma Ransomware kuyo yonke le minyaka, uDharma waqala ukuvela ngefomathi yeRaaS ngo-2020.
- maze: Njengabanye abaninzi ababoneleli be-RaaS, i-Maze yaqala ngo-2019. Ukongeza kwi-encrypting data yomsebenzisi, umbutho we-RaaS wasongela ukukhulula idatha esidlangalaleni kwimizamo yokuhlazisa amaxhoba. I-Maze RaaS yavalwa ngokusesikweni ngoNovemba ka-2020, nangona izizathu zoku zisemnyama. Ezinye izifundiswa, nangona kunjalo, zikholelwa ukuba abaphuli-mthetho abafanayo baye bazingisa phantsi kwamagama ahlukeneyo, njengo-Egregor.
- I-DoppelPaymer: Idityaniswe neziganeko ezininzi, kuquka nesinye sika-2020 esichasene nesibhedlele saseJamani esathi sasuba ubomi besigulana.
- Ryuk: Nangona i-RaaS yayisebenza ngakumbi kwi-2019, kukholelwa ukuba ikhona ubuncinane kwi-2017. Iinkampani ezininzi zokhuseleko, kuquka i-CrowdStrike kunye ne-FireEye, ziye zaphika amabango awenziwe ngabaphandi abathile ukuba impahla itholakala eNyakatho Korea.
- I-LockBit: Njengokwandiswa kwefayile, umbutho uqeshe ukubethela iifayile zexhoba, ".abcd virus," yaqala ukubonakala ngoSeptemba 2019. Umthamo we-LockBit ukusabalalisa ngokuzimeleyo kwinethiwekhi ekujoliswe kuyo yenye yeempawu zayo. Kubantu abaza kuba ngabahlaseli, oku kuyenza ibe yiRaaS enqwenelekayo.
- Bubi: Nangona kukho ababoneleli abaninzi be-RaaS, kwakuxhaphake kakhulu kwi-2021. Ukuhlaselwa kweKaseya, okwenzeka ngoJulayi 2021 kwaye kwaba nefuthe ubuncinane kwiinkampani ze-1,500, zadibaniswa ne-REvil RaaS. Umbutho kucingelwa ukuba wawusemva kohlaselo lukaJuni ka-2021 kumenzi wenyama i-JBS USA, apho ixhoba kwafuneka lihlawule i-11 yezigidi zeedola. Kwakhona kwafunyaniswa ukuba unoxanduva lohlaselo lwe-ransomware kumnikezeli we-inshurensi ye-cyber CNA Financial ngoMatshi ka-2021.
Ukuthintela njani ukuhlaselwa kweRaaS?
Abaduni beRaaS bahlala besebenzisa ii-imeyile ezintsonkothileyo zokukhohlisa ngomkhonto ezenziwe ngobuchule ukuba zibonakale ziyinyani ukusasaza i-malware. Indlela eqinileyo yokulawula umngcipheko exhasa uqeqesho oluqhubekayo lokwazisa ngokhuseleko kubasebenzisi bokugqibela luyimfuneko ukukhusela ngokuchasene nokuxhaphaza iRaaS.
Eyokuqala kunye neyona ndlela ikhuselekileyo yokukhusela kukudala inkcubeko yezoshishino eyazisa abasebenzisi bokugqibela malunga neendlela zamva nje zokukhohlisa kunye neengozi ezihlaselwa yi-ransomware kwimali kunye nodumo lwabo. Amalinge malunga noku aquka:
- Ukuphuculwa kwesoftware: Iinkqubo ezisebenzayo kunye neeapps zihlala zisetyenziswa yiransomware. Ukunceda ukumisa uhlaselo lwe-ransomware, kubalulekile ukuhlaziya isoftware xa iipetshi kunye nohlaziyo lukhutshwa.
- Yenza i-backup kwaye ubuyisele idatha yakho: Ukuseka i-backup data kunye neqhinga lokubuyisela leyokuqala kwaye, mhlawumbi, inyathelo elibalulekileyo. Idatha iba yinto engasebenzisekiyo kubasebenzisi emva koguqulelo oluntsonkothileyo ngeransomware. Impembelelo ye-encryption yedatha ngumhlaseli inokuncitshiswa ukuba inkampani ine-backups yangoku enokuthi isetyenziswe kwinkqubo yokubuyisela.
- Ukuthintelwa kobuqhetseba: Ukuphisa nge-imeyile yindlela eqhelekileyo yohlaselo lwe-ransomware. Ukuhlaselwa kwe-RaaS kunokuthintelwa ukuba kukho uhlobo oluthile lokukhusela i-imeyile echasene ne-phishing endaweni.
- Uqinisekiso lwezinto ezininzi: Abanye abahlaseli be-ransomware basebenzisa ukufaka iinkcukacha, okubandakanya ukusebenzisa amagama ayimfihlo abiweyo kwindawo ethile kwenye. Kuba into yesibini isafuneka ukufumana ufikelelo, ungqinisiso lwe-multifactor lunciphisa impembelelo yegama eligqithisiweyo elinye elisetyenziswa kakhulu.
- Ukhuseleko lweendawo zokuphela ze-XDR: I-Endpoint yokhuseleko kunye netekhnoloji yokuzingela isoyikiso, njenge-XDR, ibonelela ngolunye ukhuseleko olubalulekileyo kwi-ransomware. Oku kubonelela ngezakhono ezongeziweyo zokubona kunye nokuphendula ezinceda ukunciphisa ubungozi be-ransomware.
- Uthintelo lwe-DNS: I-Ransomware isebenzisa rhoqo uhlobo oluthile lomyalelo kunye nolawulo (C2) umncedisi ujongano kunye neqonga lomsebenzisi weRaaS. Umbuzo we-DNS usoloko ubandakanyeka kunxibelelwano olusuka kumatshini owosulelekileyo ukuya kumncedisi we-C2. Imibutho inokubona xa i-ransomware izama ukusebenzisana ne-RaaS C2 kunye nokuthintela unxibelelwano ngoncedo lwesisombululo sokhuseleko lokucoca i-DNS. Oku kunokusebenza njengohlobo lothintelo losulelo.
Ikamva leRaaS
Uhlaselo lweRaaS luya kuxhaphaka kwaye luthandwe kakuhle phakathi kwabahlaseli kwixesha elizayo. Ngaphezulu kwe-60% yazo zonke ii-cyberattacks kwiinyanga ezili-18 ezidlulileyo, ngokwengxelo yamva nje, yayisekelwe kwi-RaaS.
I-RaaS iya ithandwa ngakumbi ngenxa yendlela elula ukuyisebenzisa kunye nenyaniso yokuba akukho lwazi lobugcisa oluyimfuneko. Ukongeza, kufuneka silungiselele ukwanda kohlaselo lweRaaS olujolise kwiziseko ezingundoqo ezibalulekileyo.
Oku kubandakanya ukhathalelo lwempilo, ulawulo, ezothutho kunye namandla. Abaduni bajonga la mashishini abalulekileyo kunye namaziko njengavezwe ngakumbi kunanini na ngaphambili, ebeka amaziko afana nezibhedlele kunye nezityalo zamandla kwindawo yokuhlaselwa kweRaaS njenge. itsheyini yonikezo imiba iyaqhubeka de kube ngu-2022.
isiphelo
Ukuqukumbela, nokuba i-Ransomware-as-a-Service (i-RaaS) iyindalo kwaye enye yeengozi zamva nje zokuba ngamaxhoba kubasebenzisi bedijithali, kubalulekile ukuthatha amanyathelo athile okuthintela ukulwa nesi soyikiso.
Ukongeza kwezinye izilumkiso ezisisiseko zokhuseleko, unokuthembela kwizixhobo ezinqandayo ze-antimalware ukukukhusela ngakumbi kwesi sisongelo. Ngelishwa, iRaaS ibonakala ilapha ukuze ihlale okwangoku.
Uya kudinga itekhnoloji ebanzi kunye nesicwangciso se-cybersecurity ukukhusela kuhlaselo lweRaaS ukunciphisa ukubakho kohlaselo lweRaaS oluyimpumelelo.
Shiya iMpendulo