<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
search
close

RaaS: How Ransomware as a 'Service' Increases Your Attack Risk

by Sebastiaan Bosman Blog 16 Nov 2020

We know of Software as a Service, where organisations outsource parts of their digital infrastructure to third parties for the sake of improved user experience or increased security, for instance. As a successful business model, it is actually not that shocking something similar is happening in the world of cyber-crime. The people who know how to build ransomware sell their software on the dark web and offer it as Ransomware as a Service (RaaS), turning even rookie cyber-criminals into money-making hackers. How does it work, exactly? And what can you do to protect your systems?

What is Ransomware?

First, let’s define ransomeware and explain what attackers try to achieve with it. Ransomware is a form of malware. Once it has nestled itself in your systems, it can encrypt parts of your data, or lock you out of your system altogether. The threat actors behind the attack then demand a ransom to give you the encryption key.

There have been cases where organisations have paid the ransom, and did retrieve their data. The threat actors calculate the ransom, making it a somewhat tempting option for their victim when compared to the cost and effort it takes to run a full digital forensic study and replace infected systems. This can easily take many weeks, and add up to a loss in the tens of millions, as it did for the company ISS World earlier this year.

However, there is no guarantee the criminals will actually give you the key, or that they haven’t installed more malware or some sort of back door.

Where does the ‘service’ come in?

Building the perfect ransomware is not easy. It takes time and skill to prepare, develop and weaponise the software. Instead of then carrying out the attack themselves, the developers also make money from offering the ransomware as a ready-made package on the dark web. This allows much more people to carry out a ransomware attack.

But that’s not all. The ‘S’ in RaaS comes from a newer development where people can subscribe to a cloud-based platform providing ransomware services. These subscribers spread the ransomware to their victims, while the developers control the software and execution of the attack.

Subscribers often pay a recurring fee for access to the service. The Intel 471 Malware Intelligence team writes that affiliates of RaaS provider REvil receive 60% to 70% of the ransom payment. The rest is kept by the ransomware group. 

How to defend against a ransomware attack

The difficult thing is that a ransomware attack can come from so many different directions. Whether it’s a social engineering attack, phishing campaign, or straight-up hack; the impact is immense.

Here, as with so many digital risks, prevention is certainly better than remediation. Threat actors will try to abuse vulnerabilities in your systems to gain access. That means you need to know what digital assets in are at the biggest risk of being compromised.

The solution lies in a mix between understanding and predicting criminal activity online, and monitoring your own digital footprint to proactively prevent risks.

To get to the bottom of this threat, we organise a webinar together with Intel 471. We will take a deep dive into the underworld of ransomware and bring risks and solutions to the surface. Learn how to avoid falling victim to a ransomware attack. Register for the free webinar here.

Register


pasfoto001Sebastiaan Bosman is Content Marketeer at Cybersprint.
With an educational background in Communications and Linguistics,
he is responsible for creating and editing most of the internal and external communication. He writes content such as blogs, whitepapers, and case studies, primarily based on Cybersprint’s own research data. Previously, Sebastiaan worked as Content & Communications Advisor at ING Global. 

Digital Footprint compared to 5 security technologies

In this blog, we'll cover our Digital Footprint approach compared to five existing security approaches. What methods do they share? And where do they complement each other? We'll have a look at these techniques:  1. Asset discovery 2. Vulnerability management 3. Penetration testing 4. Red teaming 5. Supplier security governance Each has some touch points with Digital Footprint. For this comparison, we build on our earlier explanations of the concept. In the first blog, we gave our definition and summarised what drives the need for the solution. You can read our second blog to see how Digital Footprint is positioned with regards to External Threat Intelligence.

read more

Digital Footprint in External Threat Intelligence

Every IT Security team needs access to some sort of Threat Intelligence (TI). It is an umbrella term for the collection of information and data on security risks and the threat actors behind them. Together, this information helps to prevent or limit incoming threats, and provides insights when mitigating an incident or event in Incident Response scenarios. As a deepening of the topic, External Threat Intelligence (ETI) mainly focusses on the combination of internal risk data with threat intelligence originating from outside of the organisation.

read more

CEO insights: 3 trends for 2021's cybersecurity

The year 2020 has brought us many different events and experiences, all with varying levels of impact. Physical events have impacted the digital world, and cybersecurity incidents have had their effect on the way we live. Remember the Citrix incident early this year? That prohibited many from working remotely, resulting in massive rush hours traffic jams as everyone travelled to the office. Almost the exact opposite of what COVID-19 has done to our way of working. But what does this mean for 2021's cybersecurity? And what evolving threats should you prepare for? Three cybersecurity CEOs share their views, predictions, and tips. 

read more

Do you have a question?

Our experts have the answers

Contact us