We know of Software as a Service, where organisations outsource parts of their digital infrastructure to third parties for the sake of improved user experience or increased security, for instance. As a successful business model, it is actually not that shocking something similar is happening in the world of cyber-crime. The people who know how to build ransomware sell their software on the dark web and offer it as Ransomware as a Service (RaaS), turning even rookie cyber-criminals into money-making hackers. How does it work, exactly? And what can you do to protect your systems?
What is Ransomware?
First, let’s define ransomeware and explain what attackers try to achieve with it. Ransomware is a form of malware. Once it has nestled itself in your systems, it can encrypt parts of your data, or lock you out of your system altogether. The threat actors behind the attack then demand a ransom to give you the encryption key.
There have been cases where organisations have paid the ransom, and did retrieve their data. The threat actors calculate the ransom, making it a somewhat tempting option for their victim when compared to the cost and effort it takes to run a full digital forensic study and replace infected systems. This can easily take many weeks, and add up to a loss in the tens of millions, as it did for the company ISS World earlier this year.
However, there is no guarantee the criminals will actually give you the key, or that they haven’t installed more malware or some sort of back door.
Where does the ‘service’ come in?
Building the perfect ransomware is not easy. It takes time and skill to prepare, develop and weaponise the software. Instead of then carrying out the attack themselves, the developers also make money from offering the ransomware as a ready-made package on the dark web. This allows much more people to carry out a ransomware attack.
But that’s not all. The ‘S’ in RaaS comes from a newer development where people can subscribe to a cloud-based platform providing ransomware services. These subscribers spread the ransomware to their victims, while the developers control the software and execution of the attack.
Subscribers often pay a recurring fee for access to the service. The Intel 471 Malware Intelligence team writes that affiliates of RaaS provider REvil receive 60% to 70% of the ransom payment. The rest is kept by the ransomware group.
How to defend against a ransomware attack
The difficult thing is that a ransomware attack can come from so many different directions. Whether it’s a social engineering attack, phishing campaign, or straight-up hack; the impact is immense.
Here, as with so many digital risks, prevention is certainly better than remediation. Threat actors will try to abuse vulnerabilities in your systems to gain access. That means you need to know what digital assets in are at the biggest risk of being compromised.
The solution lies in a mix between understanding and predicting criminal activity online, and monitoring your own digital footprint to proactively prevent risks.
To get to the bottom of this threat, we organise a webinar together with Intel 471. We will take a deep dive into the underworld of ransomware and bring risks and solutions to the surface. Learn how to avoid falling victim to a ransomware attack. Register for the free webinar here.
Sebastiaan Bosman is Content Marketeer at Cybersprint.
With an educational background in Communications and Linguistics,
he is responsible for creating and editing most of the internal and external communication. He writes content such as blogs, whitepapers, and case studies, primarily based on Cybersprint’s own research data. Previously, Sebastiaan worked as Content & Communications Advisor at ING Global.