Article by Varonis.
Ransomware as a service (RaaS) is a major threat to all cybersecurity data and systems. Similar to software as a service (SaaS), RaaS provides easy subscription-based access to ransomware to those with little-to-no programming expertise.
With the popularity of RaaS growing, companies and organisations of all shapes and sizes should be well-versed in reducing the chances they’ll be victimised by a RaaS attack. We’ll cover what RaaS is, how the business model and technology works, and how to prevent attacks.
What is ransomware as a service?
RaaS is a subscription-based model that enables users, also known as affiliates, to use ransomware tools to execute attacks. As opposed to normal ransomware, RaaS is a provider of out-of-the-box ransomware tools to subscribers who pay to be an affiliate of the program. Stemming from SaaS, RaaS affiliates are paying for the ongoing use of malicious software.
Some affiliates pay less than $100 per month, while others pay upwards of $1,000. Regardless of the subscription cost, affiliates earn a percentage of each successful ransom payment following an attack. RaaS enables malicious attacks with lucrative rewards to be collected effortlessly, even by users with no prior knowledge or experience in the field. Cerber is one example of a popular RaaS on the market.
How does ransomware as a service work?
Two parties work together to execute a successful RaaS attack: Developers and Affiliates. Developers are responsible for creating a specific code within the ransomware which is then sold to an affiliate. Developers provide the ransomware code along with instructions on how to launch the attack. RaaS is user-friendly and requires minimal technical expertise. Any individual with access to the dark web can log into the portal, become an affiliate, and initiate attacks at the click of a button.
To get started, affiliates select the type of malware they wish to spread and pay with some form of cryptocurrency, typically Bitcoin. Once the attack is successful and ransom money is received, the profits are split between the developer and the affiliate. How the money is divided is dependent upon the type of revenue model.
The four RaaS revenue models
Most RaaS arrangements fall under one of the four following revenue models:
Monthly Subscription: Users pay a flat fee every month and earn a small percentage of each successful ransom.
Affiliate Programs: A small percentage of profits go to the RaaS operator to run a more efficient service and increase profits.
One-time License Fee: As the name of the model indicates, users pay a one-time fee with no profit sharing. Affiliates then have access in perpetuity.
Pure Profit Sharing: Profits are divided among users and operators with pre-determined percentages upon the license purchase.
Once you familiarise yourself with how RaaS works and the various profit models, you should begin formulating a defence plan.
How to prevent RaaS attacks
Advances in technology have made it easier for code developers and affiliates to infiltrate systems and extract lucrative ransoms from organisations. Ransomware attacks have increased by 33 per cent since 2019, with affiliates making up to 80 per cent from each payment. To prevent yourself from becoming one of these statistics, here are four must-know tips to prevent RaaS attacks.
1. Backup data consistently
Confidential and private data is typically the main target of a RaaS attack. Hackers compromise your systems or data then threaten to steal or release it if the ransom isn’t met. By backing up data, RaaS attackers won’t have the same leverage as they would if they’re in sole possession. So don’t solely rely on cloud storage, backup your data on external hard drives as a preventative measure against RaaS.
2. Keep software updated
Another efficient way to prevent RaaS attacks is to keep your system software up to date. This includes your anti-virus measures. Systems using older versions are an apparent weakness that cyber-criminals are keen to exploit. Software updates also increase network security by patching vulnerabilities and ensuring bug fixes. Also, maintain a rigorous patch program to protect from known vulnerabilities and potential new RaaS technologies.
3. Ongoing employee training
RaaS attackers often trick victims with phishing emails that contain malicious links and attachments. If the message is from an unknown sender or raises scepticism, personnel should already know to avoid it immediately. Train users on how to identify, quarantine, and report malicious messages to avoid unnecessary damage. Conduct regular and updated training on common RaaS tactics like phishing and social engineering.
4. Proactive detection & protection
In addition to keeping your cybersecurity software updated, you’ll want to employ technology that focuses on endpoint protection and threat detection. You’ll want your defences running on an ongoing, 24/7 basis to protect against RaaS. There are many programs to consider that implement various smart tools to detect and remove ransomware threats. For example, DatAlert notifies companies of potential threats and provides insights into suspicious activity and events across multiple data points
The future of RaaS
RaaS attacks are only going to increase in frequency and popularity amongst cybercriminals. One recent survey found that over 60 per cent of all cyberattacks in the past 18 months were RaaS. The ease of use – and the fact that no technical experience is required – is only broadening the appeal of RaaS.
We can also expect an uptick in RaaS attacks focusing on critical infrastructure. This includes healthcare, government, transportation, and energy. As supply chain difficulties persist through 2022, hackers see these key sectors and institutions as more vulnerable than ever, putting things like hospitals and power plants in the crosshairs of RaaS attackers.
One of the more popular RaaS platforms on the market, Netwalker, has been specifically targeting healthcare and educational institutions. And to defend against these types of RaaS efforts, it’s likely that organisations will invest even more heavily in proactive threat detection and employee training to reduce human error as a point of failure.
The unfortunate reality is that RaaS looks like it’s here to stay for the time being. To safeguard against RaaS attacks, you’ll need a holistic technology and cybersecurity strategy to minimise the chances of a successful RaaS attack. You’ll also want to strongly consider enlisting an experienced ransomware prevention partner to keep your defences up around the clock and avoid paying hefty sums of Bitcoin to get your critical data and systems back.