Ransomware As a Service (RaaS)

Ransomware. Are you sick of hearing about it?! As much as we’d like it to go away, it’s one of the fastest growing cybercrimes, not only in the U.S. but throughout the entire world. When you think of cybercriminals, you may think of the stereotypical loner who’s anti-social and lives with a bunch of cats (nothing against cats here), when in fact, it could be just the opposite.

Cybercriminals are good at disguising crime and making things appear legitimate. They don’t even have to be overly intelligent, “techie” or have “hacking” skills to steal information. A new trend growing in popularity is called Ransomware-as-a-service, or RaaS. One cybercriminal basically contacts a cybercriminal group, or RaaS operator, and then pays them to do all the dirty work.

Just as normal people pay for services such as dry cleaning, dog grooming, or others, cybercriminals pay hackers to get the job done for them. Available platforms and products may include:

  • RaaS platforms—gives them a command and control platform
  • Extortion websites—can potentially double and triple components of ransomware groups
  • Marketplaces—used to post stolen data
  • RaaS training kits—“how-to” exploitation kits
  • Hosted payment sites—used to receive ransom payments
  • Daily updated lists of stolen data—can include screenshots and company names

According to Palo Alto Networks, demands from ransomware increased 144 percent in 2021 with average payments increasing 78 percent. A large part of these increases is due to RaaS.

Cybercriminal Tactics

Unfortunately, there are many ways RaaS providers can disguise themselves and appear to be like other legitimate software providers:

  • They use social media for marketing campaigns and have legitimate looking websites.
  • Affiliates provide proof, such as screenshots containing victim’s data.
  • They use similar software developers to lease RaaS products.
  • High-end operators offer subscribers portals to check on the status of infections, payments, and other information regarding their targets.
  • Purchasing process is the same: buyers log in to a portal, create an account, pay with Bitcoin, enters details and clicks, “Submit.’

Some hackers have streamlined the process even more to where they receive two sources of income. The initial attack supplies them with the first and then, they sell the same attack as RaaS for the second. Because of the infrastructure behind ransomware, cybercriminals can attack companies anywhere in the world, without fear of getting caught.

So, now you’re probably feeling one of two ways—it can’t ever happen to you OR you’re completely afraid of it happening to you. While you don’t ever want to take cybercrime lightly, there are plenty of measures that you can take to help prevent it. With solid protection in place and adequate training for your staff members, you will be much better prepared if/when your company is faced with a ransomware attack.

How to Stay Protected

Here are some recommendations from the Center for Internet Security (CIS) to help safeguard your information:

  • Track and control endpoints and software
  • Secure configurations
  • Review and manage credentials for all systems
  • Constantly assess and track vulnerabilities
  • Audit logs for suspicious activity
  • Leverage antivirus and malware defense
  • Create and maintain a backup data & recovery plan
  • Monitor and defend your network to be able to respond quickly to attacks
  • Evaluate vendors to see what data they have access to and to ensure recommended security protocols are being followed

As with other forms of malware, careful action and the use of excellent security software executed by a trusted MSP are a step in the right direction when it comes to combatting ransomware or RaaS. If you have any questions or would like to discuss our services, you can contact Entre Technology Services.


Leave a Reply

You must be logged in to post a comment.