<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
German website

RaaS: How Ransomware as a 'Service' Increases Your Attack Risk

by Sebastiaan Bosman Blog 16 Nov 2020

We know of Software as a Service, where organisations outsource parts of their digital infrastructure to third parties for the sake of improved user experience or increased security, for instance. As a successful business model, it is actually not that shocking something similar is happening in the world of cyber-crime. The people who know how to build ransomware sell their software on the dark web and offer it as Ransomware as a Service (RaaS), turning even rookie cyber-criminals into money-making hackers. How does it work, exactly? And what can you do to protect your systems?

What is Ransomware?

First, let’s define ransomeware and explain what attackers try to achieve with it. Ransomware is a form of malware. Once it has nestled itself in your systems, it can encrypt parts of your data, or lock you out of your system altogether. The threat actors behind the attack then demand a ransom to give you the encryption key.

There have been cases where organisations have paid the ransom, and did retrieve their data. The threat actors calculate the ransom, making it a somewhat tempting option for their victim when compared to the cost and effort it takes to run a full digital forensic study and replace infected systems. This can easily take many weeks, and add up to a loss in the tens of millions, as it did for the company ISS World earlier this year.

However, there is no guarantee the criminals will actually give you the key, or that they haven’t installed more malware or some sort of back door.

Where does the ‘service’ come in?

Building the perfect ransomware is not easy. It takes time and skill to prepare, develop and weaponise the software. Instead of then carrying out the attack themselves, the developers also make money from offering the ransomware as a ready-made package on the dark web. This allows much more people to carry out a ransomware attack.

But that’s not all. The ‘S’ in RaaS comes from a newer development where people can subscribe to a cloud-based platform providing ransomware services. These subscribers spread the ransomware to their victims, while the developers control the software and execution of the attack.

Subscribers often pay a recurring fee for access to the service. The Intel 471 Malware Intelligence team writes that affiliates of RaaS provider REvil receive 60% to 70% of the ransom payment. The rest is kept by the ransomware group. 

How to defend against a ransomware attack

The difficult thing is that a ransomware attack can come from so many different directions. Whether it’s a social engineering attack, phishing campaign, or straight-up hack; the impact is immense.

Here, as with so many digital risks, prevention is certainly better than remediation. Threat actors will try to abuse vulnerabilities in your systems to gain access. That means you need to know what digital assets in are at the biggest risk of being compromised.

The solution lies in a mix between understanding and predicting criminal activity online, and monitoring your own digital footprint to proactively prevent risks.

To get to the bottom of this threat, we organise a webinar together with Intel 471. We will take a deep dive into the underworld of ransomware and bring risks and solutions to the surface. Learn how to avoid falling victim to a ransomware attack. Register for the free webinar here.


pasfoto001Sebastiaan Bosman is Content Marketeer at Cybersprint.
With an educational background in Communications and Linguistics,
he is responsible for creating and editing most of the internal and external communication. He writes content such as blogs, whitepapers, and case studies, primarily based on Cybersprint’s own research data. Previously, Sebastiaan worked as Content & Communications Advisor at ING Global. 

Securing critical infrastructure: new regulations mandate control

The name itself says it already: organisations in the critical infrastructure are vital in the services they provide in society. Should something go wrong in their daily operations, it can have severe consequences and disrupt individual people and other companies. That doesn’t necessarily mean they are more often targeted in (cyber-)attacks, but it does pose an extra reason to prevent any successful attack. Such organisations have often been in charge of their own cybersecurity, guided by regulations. Now though, authorities in the EU are starting to intensify their watchful eyes with the RCE directive. What is the EU RCE? And how should critical infrastructure organisations prepare?

read more

Mandatory IT audits: risk scores don’t mean security

More organisations in the Netherlands recognise the need for an active approach to stay in control over their attack surfaces in order to mitigate risks. Every organisation is able to create their own IT security governance and processes. Now, though, a new standard might be introduced in the form of an annual, mandatory IT audit. Is this a development helping businesses further? Or one that doesn’t really add anything other than paperwork?

read more

Determining your cybersecurity maturity

How safe your organisation is from a cybersecurity point of view depends on a lot of factors. Not only should your private and confidential data be kept private and confidential through a plethora of technical defenses, there are also, among others, many processes such as for IT governance and incident response to consider. How your organisation deals with all these challenges determines its cybersecurity maturity. But why is determining this maturity level important?

read more

Do you have a question?

Our experts have the answers

Contact us