In 2021, the threat posed by ransomware continued to grow. The most obvious trend is that ransomware groups are now targetting larger businesses and, in doing so, are able to ask for larger payments.
Another important trend, however, is the rise of Ransomware as a Service. Ransomware is no longer just an attack tool; it's also become a software product that can be rented out to others.
So what exactly is Ransomware as a Service? And how can businesses protect themselves from it?
What Is Ransomware as a Service?
Ransomware is a type of malicious software that encrypts data and makes it impossible to recover without an encryption key.
It's a highly profitable cyberattack tool because victims have no choice but to pay for the key if they ever want their files back.
Ransomware as a Service (otherwise known as RaaS) is a business model where ransomware is rented out to affiliates. It is derived from the Software as a Service model which is employed by many legitimate businesses.
The affiliates gain access to the most effective ransomware software. And the developers of the software typically ask for a percentage of any profits made from using it. Both parties make more money than they ever would working on their own.
How Does RaaS Work?
Ransomware is a piece of software like any other. It might be created by one person or a team.
The developers then have a choice. They can either use the software themselves, rent it out to others, or both.
If they opt for the RaaS model, they simply make the software easier to use and then advertise their "product" on the dark web.
The upside for the developers is that they can make money without worrying about finding victims. This is becoming harder to do as more businesses learn how to protect themselves.
It's also an attractive offer to any cybercriminal who would like to use ransomware but doesn't know how to make it. RaaS is profitable for developers because most cybercriminals are not computer experts.
Affiliates are typically asked to pay a percentage of any ransom that they receive. This figure is usually between 20 and 30 percent. Some developers also charge a monthly fee for access to their products.
Some RaaS organisations also have professional negotiators on staff. Once the affiliate manages to install ransomware on a victim's computer, they are able to contact the negotiator who will then handle everything else.
Many RaaS organisations also follow traditional businesse practices such as offering customer support, training documentation, and refund periods.
Is RaaS Such a Serious Threat?
Many of the biggest ransomware attacks that occurred during 2020-21 can be attributed to RaaS organizations.
The Colonial Pipeline attack, which caused widespread panic buying of gas, was carried out by an affiliate of DarkSide.
The JBS attack, which almost caused a meat shortage, was carried out by another RaaS organization, namely Revil. Revil were also responsible for the attack on Kaseya VSA which resulted in over 800 Swedish grocery stores being temporarily shut down.
Is RaaS Potentially More Dangerous Than Traditional Ransomware?
RaaS is a worrying trend for multiple reasons.
Ransomware alone is already highly profitable for its developers. RaaS provides an additional revenue stream and additional motivation for them to make their software as effective as possible.
Ransomware requires a certain amount of technical knowledge to develop. The average criminal doesn't have this knowledge. RaaS removes this barrier to entry. It makes ransomware available to anyone who visits a dark web marketplace.
The best ransomware developers are primarily focused on attacking large organizations. This makes it easier for smaller businesses and private individuals to avoid the problem. Smaller RaaS affiliates are likely to attack anyone.
How Do RaaS Attacks Happen?
Some ransomware attacks are highly sophisticated but most start with phishing emails. These are fraudulent messages that ask the recipient to either log in to a fake website or download an attachment.
If the recipient visits the fake website, their credentials are stolen. Or if they download an attachment, it's likely to be a Trojan or keylogger. Either option can provide access to an otherwise secure network.
Some of these emails are also very easy to fall for because they have been specifically tailored to the recipient.
Outdated software is another popular attack vector. Whenever a vulnerability is found in a popular software product, an update is released to patch it. But many businesses don't update their software fast enough.
Hackers are aware of this and they specifically look for businesses that are using outdated software. Once they locate one, finding a way to plant ransomware isn't difficult.
How to Protect Against RaaS
All businesses should have policies in place to protect against ransomware.
Keep Software Updated
All software should be kept updated at all times. Software updates are often avoided due to fear that something will break. While this is always possible, the cost of a successful ransomware attack is significantly higher.
Provide Security Training
All staff should be provided with cybersecurity training. Ideally, employees should be able to recognize malicious emails. But specific email protocols should also be established such as never clicking on links or downloading attachments.
Employees should also be required to use both strong passwords and password managers.
Divide All Networks Into Segments
If an intruder gains access to a network, their ability to do damage depends largely on where they are able to go from there.
All networks should therefore be divided into segments and each member of staff should only have the level of access required to do their job. The most important data should obviously be kept separate from everything else.
Perform Regular Backups
It's impossible to completely protect against ransomware. All businesses should therefore be performing regular backups and storing them offline.
It's worth noting that many attackers are now employing double extortion. This means that they not only encrypt your data, they also threaten to publish anything confidential.
Because of this, backups no longer protect against ransomware entirely.
Use Antivirus Suites
All network connected devices should have antivirus software installed.
Sophisticated hackers are usually able to hide from such software. But many ransomware attacks rely on software that a reputable antivirus suite will both flag and prevent from running.
Should You Be Worried About RaaS?
One advantage of the evolution of ransomware is that private individuals are now less likely to encounter it.
If you're a business owner, however, ransomware has never been a bigger threat. And as more ransomware developers switch to the RaaS business model, the problem is only likely to get worse.
All business owners should therefore have policies in place to protect against this threat. While such policies can be expensive to implement, they are cheaper than the alternative.
