People tend to think of cyber criminals as hackers with deep knowledge and no social skills — the “guy in a black hoodie in the basement” stereotype. This bears little resemblance to modern cyber criminals. Today, people can buy ready-made programs that do the heavy lifting for them, no hacking skills needed. It’s called ransomware as a service (RaaS). It’s on the rise and a threat to your cyber security. As a business leader, it’s important to know about RaaS so that you can be on guard against it.
What Is Ransomware as a Service (RaaS)?
RaaS is software, malicious ready-made software that just about anyone can use. Users don’t need to know code, all they need is the money to buy the software — just like you don’t need to be a tax accountant to use TurboTax.
In 2021, ransomware demands increased 144 percent with average payments increasing 78 percent, according to Palo Alto Networks. Ransomware-as-a-service is a large part of the rise of ransomware.
Cybercrime Groups Leverage RaaS
RaaS is an industry, albeit an illegal and exploitative one. Cybercriminal groups leveraging RaaS is one of the primary reasons ransomware attacks have climbed significantly over the last few years. Bad actors no longer have to do it, they simply use available platforms and products that include:
- RaaS platforms, which give them a command and control platform.
- Extortion websites, which can double and triple extortion components of ransomware groups.
- Marketplaces to post stolen data.
- RaaS training products, literally “how-to” exploitation kits.
- Hosted payment websites, to receive ransom payments.
- Updated lists daily of compromised data — including screenshots and company names.
These new RaaS opportunities give the criminals the tools to learn:
- How to access ransom payments and launder the money.
- How marketplaces offer an escrow: blind trust.
- How to “clean” bitcoins (or other digital currency) to make them harder to trace.
An RaaS provider is like a legitimate software provider in that:
- They use the same legitimate software developers to lease RaaS products.
- The most sophisticated RaaS operators offer portals that let their subscribers see the status of infections, total payments, total files encrypted and other information about their targets.
- RaaS operators run marketing campaigns and have websites that look exactly like your own company’s campaigns and websites. They have white papers, videos and are active on Twitter.
- The purchase experience is the same: the buyer logs into the RaaS portal, creates an account, pays with Bitcoin, enters details on the type of malware they wish to create and clicks the submit button.
- The affiliate provides proof, such as a screenshot of an example document contained within the victim data.
Talented hackers turn their proven tactics, techniques and procedures into an RaaS product, creating two streams of income. First, from the initial attack and second from reselling that attack as RaaS.
A growing number of organizations, such as REvil, the DarkSide and others franchise their ransomware-as-a-service (RaaS) capabilities to attackers. It’s the attacker’s responsibility to penetrate an organization, while the franchisers provide the communications, encryption tools, ransom collection and more for a percentage of the ransom collected.
Because of the international cloud infrastructure, criminals can attack organizations within the United States and other countries from anywhere — with little fear of extradition.
Countering RaaS and Other Threats
Don’t think, “It can’t happen to me.” It absolutely can! And once you realize how easy it is for criminals to get these ransomware tools, you’ll also realize you have to change the way you think about cybercrime.
But there is good news: Countering RaaS attacks is the same as countering any cyber attack including a ransomware attack. You develop a comprehensive approach to protecting your systems by staying on top of the threat landscape, training your team and ensuring that backup and recovery planning can provide business continuity. Visibility is critical for success. Everyone in the company from the CEO down needs training in how to spot and mitigate vulnerabilities. Also make sure you have your cyber security essentials covered.
- Track and control all your endpoints and software, including data, network services and access points.
- Secure your configuration; default configurations are not designed for security.
- Review and manage all credentials to all systems.
- Continually assess and track vulnerabilities.
- Audit your logs for suspicious activity.
- Leverage next-gen antivirus and malware defense.
- Create and maintain a backup data and recovery plan (BDR).
- Monitor and defend your network so you are able to respond quickly to attacks,
- Evaluate your vendors to see who has access to what data and make sure they are following recommended security protocols as well.
These is just some of the security advice from the Center for Internet Security (CIS).
The right IT partner can help you make sure these essentials are in place as well as monitor and protect your network. If you’re a Convergence Networks client, you already are on the inside track to the best cybersecurity prevention available. Our 24/7/365 holistic approach constantly monitors the landscape and stays up to date with changes. We provide fixed-price, all-inclusive cyber security and IT services. Contact us to learn about our business IT support options.