Okuqukethwe[Fihla][Bonisa]
I-Ransomware ayilona neze usongo olusha ku-inthanethi. Izimpande zawo zibuyela emuva eminyakeni eminingi. Lesi sigameko sesivele saba yingozi kakhulu futhi sinonya ngokuhamba kwesikhathi.
Igama elithi “ransomware” selithole ukuqashelwa kabanzi ngenxa yokuhlaselwa ngamabhomu kokuhlasela kwe-inthanethi okwenze amabhizinisi amaningi angasebenziseki eminyakeni yamuva.
Wonke amafayela aku-PC yakho alandiwe futhi abethelwa, bese isikrini sakho siba mnyama bese kuvela umlayezo ngesiNgisi esikhubekayo.
Ykufanele ukhokhe isihlengo kuma-cybercriminals wezigqoko ezimnyama ku-Bitcoin noma amanye ama-cryptocurrencies angenakulandeleka ukuze uthole ukhiye wokukhipha ukubethela noma uvimbele idatha yakho ebucayi ekukhishweni kuwebhu emnyama.
Kodwa abambalwa bangase bazi nge-ransomware-as-a-Service, imodeli yebhizinisi engaphansi komhlaba ehleleke kahle engakwazi ukwenza lezi zinhlobo zokuhlasela (noma i-RaaS).
Esikhundleni sokuhlasela ngokwabo, abadali be-ransomware baqashisa amagciwane abo abizayo ezigebengwini ze-inthanethi ezinokuhlangenwe nakho okuncane ezilungele ukuzifaka engozini ehambisana nokuqhuba imisebenzi ye-ransomware.
Kusebenza kanjani konke kodwa? Ubani ohola ubuholi futhi obani abasebenza njengabaphakathi? Futhi mhlawumbe okubaluleke kakhulu, ungalivikela kanjani ibhizinisi lakho kanye nawe kulokhu kuhlasela okulimazayo?
Qhubeka ufunda ukuze ufunde kabanzi mayelana ne-RaaS.
Iyini i-Ransomware njengesevisi (i-RaaS)?
I-Ransomware-as-a-service (RaaS) imodeli yebhizinisi lobugebengu evumela noma ubani ukuthi ajoyine futhi asebenzise amathuluzi okuqalisa ukuhlasela kwe-ransomware.
Abasebenzisi be-RaaS, njengalabo abasebenzisa amanye amamodeli njengesevisi njenge-software-as-a-service (SaaS) noma i-platform-as-a-service (PaaS), baqashisa kunokuba babe nezinsiza ze-ransomware.
Kuyikhodi ephansi, i-software-as-a-service attack vector eyenza izigebengu zithenge isofthiwe ye-ransomware kuwebhu emnyama futhi zenze ukuhlasela kwe-ransomware ngaphandle kokwazi ukuthi kufakwa kanjani ikhodi.
Izikimu zobugebengu bokweba imininingwane ebucayi nge-imeyili ziyi-vector yokuhlasela evamile yokuba sengozini kwe-RaaS.
Uma isisulu sichofoza isixhumanisi esinonya ku-imeyili yomhlaseli, i-ransomware iyalanda futhi isakazeke kuwo wonke umshini othintekile, ikhubaze izindonga zokuvikela kanye nesofthiwe yokuvikela amagciwane.
Isofthiwe ye-RaaS ingakwazi ukuzingela izindlela zokukhuphula amalungelo uma izivikelo ze-perimeter yesisulu seziphuliwe, futhi ekugcineni ibambe yonke inhlangano ngokubhala ngekhodi amafayela kuze kube yilapho engafinyeleleki khona.
Uma isisulu sesazisiwe ngokuhlaselwa, uhlelo luzomnikeza iziyalezo zendlela yokukhokha isihlengo futhi (okufanele) athole ukhiye olungile we-cryptographic wokukhipha ukubethela.
Nakuba ubungozi be-RaaS kanye ne-ransomware bungekho emthethweni, izigebengu ezenza lolu hlobo lokuhlasela zingaba inselele ikakhulukazi ukubamba ngoba zisebenzisa iziphequluli ze-Tor (ezaziwa nangokuthi ama-onion routers) ukuze zifinyelele izisulu zazo futhi zifune izinkokhelo ze-bitcoin yesihlengo.
I-FBI ithi abadali abaningi bohlelo olungayilungele ikhompuyutha basakaza izinhlelo zabo eziyingozi ze-LCNC (ikhodi ephansi/ayikho ikhodi) ukuze bathole ukuncishiswa kwemali etholwayo.
Isebenza kanjani imodeli ye-RaaS?
Onjiniyela kanye Nezinkampani Ezisebenzisanayo bayasebenzisana ukwenza ukuhlasela kwe-RaaS okusebenzayo. Onjiniyela yibona abaphethe ukubhala i-ransomware malware eyisipesheli, kamuva edayiselwa inkampani ephethwe.
Ikhodi ye-ransomware nemiyalo yokuqalisa ukuhlasela kunikezwa onjiniyela. I-RaaS ilula ukuyisebenzisa futhi idinga ulwazi oluncane lwezobuchwepheshe.
Noma ubani okwazi ukufinyelela iwebhu emnyama angangena kuphothali, ajoyine njengenxusa, futhi aqalise ukuhlasela ngokuchofoza kanye. Abasebenzisana nabo bakhetha uhlobo lwegciwane abafuna ukulisabalalisa bese benza inkokhelo besebenzisa i-cryptocurrency, ngokuvamile i-Bitcoin, ukuze baqalise.
Unjiniyela kanye nenxusa bahlukanisa imali etholwayo lapho imali yesihlengo ikhokhiwe futhi ukuhlasela kuphumelela. Uhlobo lwemodeli yemali engenayo lunquma ukuthi izimali zabiwa kanjani.
Ake sihlole ambalwa ala masu ebhizinisi angekho emthethweni.
I-Affiliate RaaS
Ngenxa yezici ezihlukahlukene, okuhlanganisa ukuqwashisa ngomkhiqizo weqembu le-ransomware, amanani empumelelo yemikhankaso, kanye nezinga nenhlobonhlobo yezinsizakalo ezinikezwayo, izinhlelo ezingaphansi komhlaba ezingaphansi komhlaba seziphenduke enye yezindlela ezaziwa kakhulu ze-RaaS.
Izinhlangano zobugebengu zivame ukubheka abagebengu abangangena kumanethiwekhi ebhizinisi ngokwabo ukuze bagcine ikhodi yabo ye-ransomware ngaphakathi kweqembu lezigelekeqe. Bese besebenzisa igciwane kanye nosizo ukuze baqalise ukuhlasela.
Kodwa-ke, isigebengu singase singakudingi lokhu uma sibheka ukwanda kwakamuva kokufinyelela ukuze kudayiswe kwenethiwekhi yebhizinisi kuwebhu emnyama ukuze kwanelise lezi zindlela zokunquma.
Izigebengu ezisekelwa kahle, nezingenalwazi kangako ziqala ukuhlasela okuyingozi enkulu ukuze bathole isabelo senzuzo kunokukhokha inkokhiso yanyanga zonke noma yonyaka ukuze basebenzise ikhodi ye-ransomware (kodwa ngezinye izikhathi abaxhumana nabo kungase kudingeke bakhokhe ukuze badlale).
Isikhathi esiningi, amaqembu ezigebengu ze-ransomware afuna abagebengu abanolwazi olwanele lokugqekeza inethiwekhi yenkampani futhi babe nesibindi sokwenza isiteleka.
Kulolu hlelo, inkampani esebenzisana nayo ivamise ukuthola phakathi kuka-60% no-70% wesihlengo, bese kuthi okusele okungu-30% kuya ku-40% kuthunyelwe ku-opharetha we-RaaS.
I-RaaS esekelwe kokubhaliselwe
Kuleli qhinga, abakhwabanisi bakhokha imali yobulungu njalo ukuze babe nokufinyelela ku-ransomware, usekelo lobuchwepheshe, nezibuyekezo zegciwane. Amamodeli amaningi wesevisi yokubhalisa okusekelwe kuwebhu, njengeNetflix, Spotify, noma i-Microsoft Office 365, ayaqhathaniswa nalokhu.
Imvamisa, izephula-mthetho ze-ransomware zizigcinela u-100% wemali engenayo evela ezinkokhelweni zesihlengo uma zikhokhela insiza kusengaphambili, okungase kubize u-$50 kuya kumakhulu amadola inyanga ngayinye, kuye ngomphakeli we-RaaS.
Lezi zimali zobulungu zimelela ukutshalwa kwezimali okuncane uma kuqhathaniswa nenkokhelo yesihlengo evamile engaba ngu-$220,000. Impela, izinhlelo ezisebenzisanayo zingaphinda zihlanganise into ekhokha ukuze udlale, into esuselwe kokubhaliselwe ezinhlelweni zabo.
Imvume yokuphila konke
Umkhiqizi wohlelo olungayilungele ikhompuyutha anganquma ukunikeza amaphakheji enkokhelo yesikhathi esisodwa futhi agweme ukuthatha ithuba lokuhileleka ngokuqondile ekuhlaselweni kwe-inthanethi esikhundleni sokuzuza imali ephindelelayo ngokubhalisa nokwabelana ngenzuzo.
Izigebengu ze-inthanethi kuleli cala zikhokha inkokhiso yesikhathi esisodwa ukuze zithole ukufinyelela impilo yonke kukhithi ye-ransomware, ezingasebenzisa noma iyiphi indlela eziyibona ifanelekile.
Ezinye izigebengu ze-inthanethi ezisezingeni eliphansi zingakhetha ukuthenga kanye nje ngisho noma kubiza kakhulu (amashumi ezinkulungwane zamadola kumakhithi ayinkimbinkimbi) njengoba kungaba nzima kakhulu ukuthi baxhume ku-opharetha we-RaaS uma u-opharetha ebanjwa.
Ubambiswano lwe-RaaS
Ama-Cyberattack asebenzisa i-ransomware adinga ukuthi isigebengu se-inthanethi ngasinye esihilelekile sibe nesethi yamakhono ahlukile.
Kulesi simo, iqembu lalizohlangana futhi linikeze iminikelo ehlukahlukene kulo msebenzi. Kudingeka umthuthukisi wekhodi ye-ransomware, izigebengu zenethiwekhi yezinkampani, kanye nengxoxo yesihlengo ekhuluma isiNgisi ukuze uqalise.
Kuye ngendima yabo nokubaluleka kumkhankaso, umhlanganyeli ngamunye, noma uzakwethu, angavuma ukuhlukanisa umholo.
Ungakubona kanjani ukuhlasela kwe-RaaS?
Ngokuvamile, asikho isivikelo sokuhlasela se-ransomware esisebenza ngo-100%. Kodwa-ke, ama-imeyili obugebengu bokweba imininingwane ebucayi ahlala eyindlela eyinhloko esetshenziswa ukwenza ukuhlasela kwe-ransomware.
Ngakho-ke, inkampani kufanele inikeze ukuqeqeshwa kokuqwashisa ngobugebengu bokweba imininingwane ebucayi ukuze iqinisekise ukuthi abasebenzi banokuqonda okungcono kakhulu kokubona ama-imeyili obugebengu bokweba imininingwane ebucayi.
Ezingeni lobuchwepheshe, amabhizinisi angase abe nethimba elikhethekile le-cybersecurity elinikezwe umsebenzi wokuzingela usongo. Ukuzingela okusongelayo kuyindlela ephumelela kakhulu yokuthola nokuvimbela ukuhlaselwa kwe-ransomware.
Ithiyori iyakhiwa kule nqubo kusetshenziswa ulwazi lwama-vector okuhlasela. I-hunch nedatha iyasiza ekwakhiweni kohlelo olungase luhlonze ngokushesha imbangela yokuhlasela futhi likumise.
Ukuze uhlale ubhekile ukubulawa kwefayela okungalindelekile, ukuziphatha okusolisayo, njll. kunethiwekhi, amathuluzi okuzingela okusongela asetshenziswa. Ukuhlonza imizamo yokuhlaselwa kwe-ransomware, basebenzisa iwashi le-Indicators of Compromise (IOCs).
Ukwengeza, kusetshenziswa amamodeli amaningi wokuzingela okusongela izimo, ngalinye elenzelwe imboni yenhlangano okuhlosiwe.
Izibonelo ze-RaaS
Ababhali be-ransomware basanda kubona ukuthi kunenzuzo kangakanani ukwakha ibhizinisi le-RaaS. Ukwengeza, kube nezinhlangano zabalingisi abambalwa abasabisayo ezisungula imisebenzi ye-RaaS ukusabalalisa i-ransomware cishe kuwo wonke amabhizinisi. Lezi ezimbalwa zezinhlangano ze-RaaS:
- Isayidi elimnyama: Ingomunye wabahlinzeki be-RaaS abadume kabi. Ngokwemibiko, leli qembu lezigebengu yilona elahlasela i-Colonial Pipeline ngoMeyi 2021. Kukholakala ukuthi i-DarkSide yaqala ngo-Agasti ka-2020 futhi yanda kakhulu ngezinyanga ezimbalwa zokuqala zika-2021.
- Dharma: I-Dharma Ransomware yaqala ukubonakala ngo-2016 ngaphansi kwegama elithi CrySis. Yize kube nokuhlukahluka okuningana kwe-Dharma Ransomware kuyo yonke le minyaka, i-Dharma yaqala ukuvela ngefomethi ye-RaaS ngo-2020.
- Maze: Njengabanye abahlinzeki abaningi be-RaaS, i-Maze iqale ngo-2019. Ngaphezu kokubethela idatha yomsebenzisi, inhlangano ye-RaaS yesabise ngokukhipha idatha esidlangalaleni ngomzamo wokululaza izisulu. I-Maze RaaS yavalwa ngokusemthethweni ngoNovemba 2020, yize izizathu zalokhu zisalufifi ngandlela thile. Nokho, ezinye izifundiswa zikholelwa ukuthi izigebengu ezifanayo ziye zaphikelela ngaphansi kwamagama ahlukahlukene, njengo-Egregor.
- I-DoppelPaymer: Ixhunywe ezenzakalweni eziningi, okuhlanganisa nowonyaka ka-2020 ngokumelene nesibhedlela saseJalimane esathatha ukuphila kwesiguli.
- IsiRyuk: Nakuba i-RaaS ibisebenza kakhulu ngo-2019, kukholakala ukuthi ibikhona okungenani ngo-2017. Izinkampani eziningi zokuphepha, ezihlanganisa i-CrowdStrike ne-FireEye, ziziphikile izimangalo ezenziwe abacwaningi abathile zokuthi ingubo itholakala eNyakatho Korea.
- I-LockBit: Njengesandiso sefayela, inhlangano isebenzisa ukubethela amafayela ezisulu, “.abcd virus,” yaqala ukuvela ngo-September 2019. Amandla e-LockBit okusabalalisa ngokuzenzakalelayo phezu kwenethiwekhi eqondiwe angenye yezici zayo. Kwabangaba abahlaseli, lokhu kuyenza i-RaaS efiselekayo.
- Okubi: Nakuba kunabahlinzeki be-RaaS abambalwa, ibivame kakhulu ngo-2021. Ukuhlasela kwe-Kaseya, okwenzeka ngoJulayi 2021 futhi kwaba nomthelela ezinkampanini okungenani ezingu-1,500, kwakuxhunywe ku-REvil RaaS. Le nhlangano kucatshangwa ukuthi yaba yimbangela yokuhlaselwa kukaJuni 2021 kumkhiqizi wenyama i-JBS USA, lapho isisulu kwadingeka ukuthi sikhokhe isihlengo esingu-$11 million. Kuphinde kwatholakala ukuthi inecala lokuhlaselwa kwe-ransomware kumhlinzeki womshwalense we-cyber CNA Financial ngoMashi 2021.
Ungakuvimbela kanjani ukuhlaselwa kwe-RaaS?
Abaduni be-RaaS bavamise ukusebenzisa ama-imeyili obugebengu bokweba imininingwane ebucayi adalwe ngobuchule ukuze abonakale eyiqiniso ukusabalalisa uhlelo olungayilungele ikhompuyutha. Indlela eqinile yokulawula ubungozi esekela ukuqeqeshwa okuqhubekayo kokuqwashisa ngokuphepha kubasebenzisi bokugcina iyadingeka ukuze kuvikelwe ekuxhashazweni kwe-RaaS.
Isivikelo sokuqala nesingcono kakhulu ukudala isiko lebhizinisi elazisa abasebenzisi bokugcina mayelana namasu akamuva kakhulu obugebengu bokweba imininingwane ebucayi kanye nezingozi ukuhlaselwa kwe-ransomware kuzimelela ezezimali nesithunzi sabo. Izinyathelo mayelana nalokhu zihlanganisa:
- Ukuvuselelwa kwesoftware: Amasistimu okusebenza nezinhlelo zokusebenza zivame ukuxhashazwa yi-ransomware. Ukusiza ukumisa ukuhlaselwa kwe-ransomware, kubalulekile ukubuyekeza isofthiwe lapho kukhishwa amapeshi nezibuyekezo.
- Qaphela ukwenza ikhophi yasenqolobaneni futhi ubuyisele idatha yakho: Ukusungula ikhophi yasenqolobaneni yedatha necebo lokuthola kabusha kuyisinyathelo sokuqala, mhlawumbe esibaluleke kakhulu. Idatha iba yinto engasebenziseki kubasebenzisi ngemuva kokubethelwa nge-ransomware. Umthelela wokubethelwa kwedatha ngumhlaseli ungancishiswa uma inkampani inezipele zamanje ezingasetshenziswa enqubweni yokutakula.
- Ukuvimbela ubugebengu bokweba imininingwane ebucayi: Ubugebengu bokweba imininingwane ebucayi ngama-imeyili kuyindlela evamile yokuhlasela i-ransomware. Ukuhlaselwa kwe-RaaS kungavinjelwa uma kukhona uhlobo oluthile lokuvikelwa kwe-imeyili okulwa nobugebengu bokweba imininingwane ebucayi endaweni.
- Ukuqinisekiswa kwezinto eziningi: Abanye abahlaseli be-ransomware basebenzisa ukufaka imininingwane, okubandakanya ukusebenzisa amaphasiwedi antshontshiwe kusuka kusayithi elilodwa kwenye. Ngenxa yokuthi isici sesibili sisadingeka ukuze uthole ukufinyelela, ukuqinisekiswa kwe-multifactor kunciphisa umthelela wephasiwedi eyodwa esetshenziswa ngokweqile.
- Ukuphepha kwezindawo zokugcina ze-XDR: Ukuphepha kwe-Endpoint nobuchwepheshe bokuzingela okusongelayo, njenge-XDR, kunikeza isendlalelo esibalulekile sokuzivikela ngokumelene ne-ransomware. Lokhu kunikeza amakhono athuthukisiwe okuthola nokuphendula asiza ukwehlisa ubungozi be-ransomware.
- Umkhawulo we-DNS: I-Ransomware ivamise ukusebenzisa uhlobo oluthile lomyalo nokulawula (C2) iseva ukuze ixhumane nenkundla yesisebenzisi se-RaaS. Umbuzo we-DNS ucishe uhlale uhililekile ekuxhumaneni okusuka emshinini onegciwane kuya kuseva ye-C2. Izinhlangano zingakwazi ukubona lapho i-ransomware izama ukusebenzisana ne-RaaS C2 futhi ivimbele ukuxhumana ngosizo lwesixazululo sezokuphepha sokuhlunga i-DNS. Lokhu kungasebenza njengohlobo lokuvimbela ukutheleleka.
Ikusasa le-RaaS
Ukuhlasela kwe-RaaS kuzokwanda kakhulu futhi kuthandwe kakhulu kubaduni ngokuzayo. Ngaphezulu kwama-60% akho konke ukuhlasela kwe-inthanethi ezinyangeni eziyi-18 ezedlule, ngokombiko wakamuva, bekususelwa ku-RaaS.
I-RaaS iya ngokuya iduma ngenxa yokuthi kulula kangakanani ukuyisebenzisa kanye neqiniso lokuthi alukho ulwazi lobuchwepheshe oludingekayo. Ukwengeza, kufanele silungiselele ukwanda kokuhlaselwa kwe-RaaS okuqondiswe kwingqalasizinda ebalulekile.
Lokhu kuhlanganisa imikhakha yezokunakekelwa kwempilo, ezokuphatha, ezokuthutha, namandla. Abaduni babheka lezi zimboni ezibalulekile nezikhungo njengezidalulwe kakhulu kunangaphambili, zibeka izinhlangano ezinjengezibhedlela nezitshalo zikagesi endaweni yokuhlaselwa kweRaaS njenge ukuthengiswa kwezinto izindaba ziyaqhubeka kuze kube ngu-2022.
Isiphetho
Sengiphetha, noma ngabe i-Ransomware-as-a-Service (i-RaaS) iyindalo futhi enye yezingozi zakamuva kakhulu ezitholakala kubasebenzisi bedijithali, kubalulekile ukuthatha izinyathelo ezithile zokuvimbela ukulwa nalolu songo.
Ngokungeziwe kwezinye izinyathelo zokuphepha ezibalulekile, ungaphinda uthembele kumathuluzi asezingeni eliphezulu e-antimalware ukuze uthuthuke ekuvikeleni kulolu songo. Ngokudabukisayo, i-RaaS ibonakala ilapha ukuze ihlale okwamanje.
Uzodinga ubuchwepheshe obuphelele nohlelo lwe-cybersecurity ukuze uvikele ekuhlaselweni kwe-RaaS ukuze unciphise amathuba okuhlasela kwe-RaaS okuyimpumelelo.
shiya impendulo