Ransomware-As-A-Service: The New Organized Crime
by Serena Raymond on May 10, 2020 12:00:00 AM
You’ve likely heard of ransomware. It’s one of the major cybersecurity threats out there. Unfortunately, it’s a growing threat as government agencies, hospitals, and police departments become more vulnerable to these types of attacks. And that’s one reason ransomware-as-a-service (or RaaS) is a growing trend.
What is ransomware?
Ransomware is a very specific type of malware attack. When activated on a person’s computer, it encrypts all of the files and applications on the device or network. This prevents end users from being able to access critical information and personal files.
After encryption, the user will see a message demanding payment in order to restore the computer. These messages will often impersonate other organizations, such as police departments or antivirus software, claiming that some sort of payment is necessary.
The payment can range in size, and ultimately depends on the ransomware that was downloaded and the organization that is targeted. Large enterprises that have downloaded ransomware that has infected an entire network or multiple computers on a network will likely have a larger ransom than smaller organizations.
Ransomware attacks are deployed in a variety of ways, including phishing attacks or as a malicious download on a compromised website. Other methods include exploiting existing security vulnerabilities; these methods are much more technical and do not rely on deceiving the user in order to get the ransomware on a computer.
How does Ransomware-As-A-Service work?
Ransomware-as-a-service is the new organized crime. They provide a service for those who have a desire to hack people and make money doing it, but none of the skills to code ransomware on their own.
Those using RaaS are total hacker novices and need a handy, prebuilt tool in order to start their life of cybercrime.
Think of those who supply ransomware-as-a-service as a mafia boss. Mafiosos don’t do favors without getting something in return. So just as a mafia boss will get a kickback from the person doing the dirty work and making the money directly, these ransomware-as-a-service “vendors” get a nice percentage of whatever the novice hackers bring in.
With this model, skilled hackers at the top of the food chain no longer need to do the work of deploying their attacks. They can work on the code, creating new variations of ransomware attacks, and let their distribution channels take care of planting the attacks across the internet— a lot like placing low-level mafia soldiers on street corners to collect payments for the captain who’s working on putting the contracts together.
Ransomware-as-a-service can be big business for the RaaS “vendors”. They provide technical support and best practices for their users. And in a way, operating a “business” in this way insulates the experienced hackers from getting discovered through poor deployment techniques that end in the attacks getting traced back to the original computer. And for the novice hackers deploying RaaS, they don’t need to be very technical to make money off of ransomware.
For these reasons, ransomware-as-a-service is becoming more popular.
Who’s at the greatest risk?
When hackers get involved in ransomware-as-a-service schemes, they want to make sure there’s going to be a big enough payout to justify the work. That’s why the victims of ransomware are often essential businesses or organizations, such as hospitals or police departments.
It’s critical that these businesses get up-and-running as soon as possible. So if they get hit by something as debilitating as a ransomware attack that removes their ability to use their systems, they will do whatever they need to, to get systems back up. When the attack is a ransomware attack, that results in hackers getting cash.
Other organizations that are at risk include ones that are likely to be shorthanded when it comes to cybersecurity (universities or small businesses), businesses that house sensitive data (banks or law firms), and large enterprises with a lot of cash available.
When you boil it down, that’s a huge chunk of businesses. The businesses that actually give into ransom demands are the ones who have the funds to pay and who will suffer the most if their information is either leaked or rendered useless because of hacker manipulation.
But there’s a greater risk to paying the ransom than you might think. After all, even if you pay up, you might not get your information back.
How do you prevent ransomware attacks?
Comprehensive cybersecurity is a necessity to ward off ransomware attacks, especially DNS protection. DNS protection blocks malicious websites that might house ransomware, and it also prevents you from being able to open malicious links within emails where ransomware attacks might be deployed.
When researchers talk about DNS security, they often refer to anything that protects DNS infrastructure. Although protective DNS and DNS security fall under the cybersecurity umbrella, protective DNS takes a different approach to cybersecurity than standard DNS security. Both security strategies are important for the stability of your business, but protective DNS reduces risks from your weakest link–human error. Protective DNS is critical for you...
The impending Cisco Umbrella RC End-of-Life has many Umbrella users concerned about their next steps and questioning which protective DNS solution might be able to fill the gap for their organization.
Industry State of the Art
This month there was a high level of focus on compliance issues spanning several focus areas from governments and oversight agencies around the world. And while there were actions taken with regard to specific vulnerabilities, a larger spotlight was placed on bigger picture security considerations in a more general context.