Reports & Papers
from Belfer Center for Science and International Affairs, Harvard Kennedy School

New Risks in Ransomware: Supply Chain Attacks and Cryptocurrency

Download
hand pointing at a screen displaying a screenshot from Darkcode
FBI Supervisory Special Agent J. Keith Mularski displays a screenshot from Darkcode, an English language “marketplace for cybercriminals,” the largest-known “English speaking malware forum” in the world, authorities said, at the National Cyber-Forensics & Training Alliance in Pittsburgh, Tuesday, July 14, 2015.

Executive Summary

With the first attack dating back to 1989, ransomware is far from a new phenomenon. However, as of late, ransomware attacks have significantly changed in nature, becoming larger, more sophisticated, and more frequent. While once a rare and petty crime, ransomware has now proliferated and quickly matured into a lucrative business with the emergence of cryptocurrencies that have facilitated large, untraceable transactions. Now, organized and often state-backed hacking groups not only perpetuate sophisticated, targeted campaigns, but also franchise the infrastructure needed to carry such campaigns and sell it as Ransomware-as-a-Service (RaaS) on the dark web.

Just as concerning as the increased pace of ransomware is the emergence of a new delivery mechanism for malware that has been used in some of the most infamous ransomware attacks. As hacker groups have become increasingly sophisticated, modern software has become increasingly vulnerable to attack. Complex software must incorporate a multitude of pre-written code components from various sources, including open source code. Hacker groups can then target less secure software components, known as a supply chain attack, in order to extort a wide swath of companies or customers. Supply chain attacks are particularly dangerous if they establish a thread of control through an update package, such as the SolarWinds attack, which then provides hackers with the highest level of access to a machine’s resources.

This paper seeks to provide an overview of the current ransomware landscape, such as the rise of RaaS and the increase of supply chain attacks, while also gesturing towards potential emerging
solutions. While not an exhaustive list, promising solutions address the vulnerability of complex software reliant on outside code components, such as software bill of materials (SBOM) and vulnerability disclosure databases, or address the payout, such as stricter cryptocurrency regulations.

Recommended citation

Robinson , Amy, Casey Corcoran and James Waldo. “New Risks in Ransomware: Supply Chain Attacks and Cryptocurrency.” Belfer Center for Science and International Affairs, Harvard Kennedy School, May 16, 2022