Let’s be honest: There would not be so many ransomware attacks if cryptocurrency weren’t a thing. Just ask the U.S. Secret Service.
The Senate Judiciary Committee recently held a hearing on the epidemic of ransomware: hackers locking up data and making computer systems useless until they get paid a hefty fee. In his testimony, Secret Service Assistant Director Jeremy Sheridan listed three reasons why ransomware has gotten so bad. His first reason: “The swelling profitability of these attacks, in part as a result of the growth of cryptocurrencies as a form of extortion payment.”
Cryptocurrency is tough (definitely not impossible) to trace and it crosses borders with alacrity, and because of that, it gives cybercriminals a safer way to do bad things and get paid to stop. But what if cryptocurrencies’ handmaidens, blockchains, were also able to provide a new level of protection against this criminal industry?
We spoke to several leaders in decentralized data storage as well as a security expert to unpack ways in which distributed storage from projects like Arweave, Filecoin, Skynet and Storj might stymie ransomware attacks.
Large organizations tend to be “running on the zero-day patching treadmill,” said Federico Maggi, a senior researcher at TrendMicro, an international cybersecurity company.
In other words, they’re constantly making little fixes to protect legacy systems. That all breaks down, however, if the IT teams aren’t careful about the doorways directly in.
“Maybe they forget to properly segment the network so an employee who is not actually meant to access a storage or a database is actually the victim who will get an attacker in,” said Maggi, who’s been looking at ransomware for the last four years since his company developed its own system for fighting the scourge, called ShieldFS.
But that all changes if the “in” or the “where” essential data gets tucked away completely shifts.
Scattered storage
Decentralized storage, Maggi said, shifts the playing field. “It’s making the attack surface much more difficult to tackle from a bad guy’s perspective. It’s not like having a classic storage you can simply encrypt,” Maggi said.
When data is distributed or decentralized, it ends up in lots of places, either in copies or in pieces (or both). And it’s not just places, but entities. Many decentralized architectures enlist lots of organizations in storing data. This means an attacker would need to compromise multiple places with entirely different security protocols in many cases, which is a harder trick.
Then again, Maggi acknowledged, if there’s a vulnerability in the blockchain architecture itself, that could be the attack point.
There is no perfect security; it’s always going to be cat and mouse out there. Even if blockchain storage crushes ransomware as we know it, inevitably criminals will find ways to use it and launch a new attack. The cycle is endless.
But we aren’t in the future yet. It’s still today, and ransomware is the problem now.
So, Maggi said a decentralized approach “changes the game for the attackers in a sense because it’s not interesting for them to attack however [the victim stores] each copy because it’s too expensive,” Maggi explained.
Various different decentralized storage providers articulated different advantages for blockchain systems as a defense against ransomware. That said, it might not all be ready for prime time.
Juan Benet is probably the best-known entrepreneur in the decentralized file storage space. As the founder of Protocol Labs, he’s behind the interplanetary file system (IPFS), a gigantic open-source network of distributed storage. He also founded Filecoin, a system that gives people with excess data capacity a mechanism to put it on the Filecoin network and get paid for hosting encrypted data.
Decentralized storage is advantageous because “blockchain storage can afford significant protection against ransomware,” Benet wrote in an email. But he also noted that it’s early, adding, “The tooling for doing all this in user-friendly ways is early, not sure anyone is working on great UX [user experience] products that most IT departments can use yet, and would take a data team some time to get up to speed on how to use a decentralized storage network for this today.”
Still, looking down the road, here are some of the advantages of blockchain storage systems that could undermine ransomware.
Distributed copies
John Gleeson, the chief operating officer at Storj, said that it now has about 13,000 storage nodes distributed around the world, and each time anything is stored it’s going to be in a minimum of 80 different places.
“The blockchain decentralized aspect of it is that when you when you think about data, in the way it’s stored on decentralized networks, there also isn’t a single thing that you could go and compromise and take down with a ransomware attack, where the data, the availability or reliability of that data would be impacted,” Gleeson said.
From a base level, the whole design is built for trustlessness, which is an assumption that’s going to make an attacker’s life harder. Participants in the Storj network don’t know what they are storing and can’t look at it. They are simply getting paid to store it and prove its availability, but only the authorized users can decrypt it for use.
This default posture just puts Storj users on a safer footing from the beginning.
Storj also has the advantage of offering storage services at a significantly better price. The main customers it is getting are managed services providers (third parties that bundle IT services for companies), which are always looking for a little extra margin.
Flipping the script
For companies that don’t want to mine their users’ data, the Sia blockchain and the Skynet service built atop it offer a wildly more distributed approach.
Skynet gives applications a way to let each user control their data. Imagine, for example, if when you weren’t using Google Docs, Google did not have your text at all. With the Skynet approach, it would only be loaded up when you are actively editing and, when you weren’t, it would be tucked away on some other drive that you controlled, David Vorick, the lead developer at Skynet, explained.
“Users want control of their own data and corporations benefit from that because they reduce the liability. And it makes life difficult for attackers because you reduce the size of these giant honeypots,” Vorick said. “We completely kill the scalability of the attack model.”
Skynet also offers a way for companies to take this a step further and not even manage user credentials. Skynet has an authentication system like Google or Apple’s login system.
When applications use a third-party login, “the company doesn’t have a list of all their users and all their passwords,” Vorick explained.
Anyone who is even slightly cognizant of web security has probably heard of the site Have I Been Pwned?, which allows internet denizens to check their login credentials to see if their passwords have been leaked from some website that got hacked. If fewer websites are storing such credentials in-house, there are few opportunities to steal them.
Vorick said that for the company the experience of using Skynet is not particularly different than using one of the Big Tech login systems, but for the user it has the advantage of censorship resistance. Because the Skynet login runs on the Sia blockchain, there’s no one who can delete you if they decide they don’t like you.
“The biggest thing that we get used for today is almost like a WeTransfer competitor,” Vorick said. “There’s no good way on the centralized internet to send a 10GB file on the web.”
Immutable records
This one might leave people scratching their heads, but it’s just one of those things that computers can do well even though it seems crazy to human brains.
What if nothing ever got deleted?
What if nothing could get deleted?
That’s the approach taken by Arweave, a distributed storage system that offers permanent storage, even after the organization that paid to store it disappears.
“Arweave is basically a permanent hard drive,” explained Sam Williams, Arweave‘s co-founder and CEO.
Using a company called Ardrive, Arweave offers permanent storage of every single version of a file. Imagine if you were a non-fungible token (NFT) artist who made highly detailed, complex images that took days or weeks to put together. Every night you could save a version of it to Arweave and you’d have a permanent record of every time you’d saved it, forever.
Even if someone did manage to encrypt your local drive, they couldn’t encrypt your Arweave records. And even if they encrypted one, you could just revert to the prior version because it’s write-only.
If this sounds like a ton of data, it’s less than you think. Computer systems know how to just save the differences between two files as new data, which adds up to a lot less data in the end. When you open the file, you see the complete, singular version, but to the computer system itself it’s one file with a million additions and deletions which it works out behind the scenes.
Williams said Arweave’s uptake thus far has largely been for folks with sensitive data, for example users who might want to be able to prevent seizure of operational data in one jurisdiction by making it accessible in multiple locations.
Benet pointed out one more potential ransomware protection from blockchains: a system that keeps checking and rechecking that needed data is live.
“This gets way more interesting for super valuable cross-organization datasets,” Benet wrote, arguing that a blockchain storage system “can protect critical data by making it immutable and everyone can get periodic publicly verifiable proofs the data is stored.”