Lincoln College, a historically Black liberal-arts school from rural Illinois, is closing up later this month, 157 years after its founding. The reason – is finances due to COVID-19 and a ransomware attack. The December attack shutdown systems for recruitment, retention, and fundraising were restored in March 2022… at which time, projections showed significant shortfalls.
And Costa Rica declared a national emergency on May 8 following a late April Conti ransomware attack. Conti published 97% of a 672GB dump of government data. The attack is across multiple agencies, including the Finance Ministry, the Ministry of Labor and Social Security, and the Social Development and Family Allowances Fund. The US State Department has announced a 10 million dollar bounty for information leading to the identification or location of the organizers.
Microsoft Security posted a blog detailing the changing world of ransomware. The post dives into the world of ransomware-as-a-service, as Microsoft is tracking 35 unique ransomware families and 250 threat actors across nation-state, ransomware, and criminal activities. RaaS, it says, is a gig economy involving multiple actors around three key pillars. Quoting ZDNet
“In the same way our traditional economy has shifted toward gig workers for efficiency, criminals are learning that there’s less work and less risk involved by renting or selling their tools for a portion of the profits than performing the attacks themselves,” Microsoft Security says in a blog post.
“This industrialization of the cybercrime economy has made it easier for attackers to use ready-made penetration testing and other tools to perform their attacks,” it said.
RaaS has forced Microsoft to look at attacks differently. It’s not one actor but many, meaning that identifying the ransomware family itself doesn’t give defenders the complete picture of threats on the network.
Stealing data from a target, for example, may be carried out by one group for double extortion. Still, another group is responsible for developing ransomware payloads, while other RaaS affiliates may deploy a given ransomware payload. In other words, knowing that you’ve fallen victim to one type of ransomware only tells half the picture, wasting defenders’ time chasing down the wrong signals.
Why do we care?
Two stories of massive impact. An entire college goes under without their systems, and a country is under siege. Those felt like hacks worth noting.
Even more enlightening is Microsoft’s analysis. Less risk and less work by outsourcing – an obvious move that points to continued rough security waters. This is a tax on businesses and, frankly, an entirely unwelcome one. At least with taxes, you can argue you get services in return. You simply have to pay the shakedown fees in mafia protection money. Be careful talking about security as an opportunity. It’s a drag on industry, not an enabler.

