Ransomware has now become the largest cyber security threat to businesses.
With worldwide attention from attacks such as JBS, Colonial Pipeline and most recently, Kaseya VSA, it seems ransomware is making headlines every day.
However, these high profile attacks not only showcase how advanced ransomware has become, but also the extensive damage it can have.
Ransomware-as-a-service (RaaS) is also becoming more common. It enables the most adept cybercriminals to sell their sophisticated attacks to any buyer with cryptocurrency. As such, RaaS has not only expanded the reach of ransomware, it has also provided an alternative funding method for cyber criminals to fund their operations.
In this post we’ll explain how RaaS works, the current “market” of criminal players and finally, how your SMB can minimize the risk of being impacted.
What is RaaS?
Ransomware as a Service is designed along the lines of Software-as-a-Service (SaaS). RaaS allows subscribers to get access to ransomware tools by paying a subscription fee. The subscribers use the tools to enter a target’s system, encrypt files and demand a ransom.
There are two stakeholders in the RaaS model. First, there are the ransomware developers who design the tool to help malicious actors enter a target’s system and encrypt the files. Developers make these tools and other helpful resources available to malicious actors who intend to perform ransomware attacks on targets. The developers earn commissions or subscription fees in return from ransomware affiliates (malicious actors) for letting them use their resources.
RaaS eliminates the need for hackers to invest time in building their tools and has become increasingly popular in the cybercriminal community. Hackers can sign up on a RaaS portal and develop customized ransomware to perform attacks.
With RaaS, dangerous ransomware tools have become easily accessible to a large number of affiliates. Hackers or even inexperienced users can log on to the dark web, sign up on a RaaS website as an affiliate and start using the tools. Some RaaS developers also give support through forums and learning materials.
Just like a SaaS model, RaaS offers different subscription plans, called RaaS kits.
RaaS Portals and Kits: Enabling Anyone to Become a Cybercriminal
RaaS kits are packages that allow affiliates to develop their ransomware. Depending on the plan an affiliate signs up for, RaaS kits may include:
- 24/7 support
- Bundled packages
- Access to payment gateways
The most advanced RaaS portals go one step further and offer live tracking of a ransomware attack. Customers can view the number of files, the extent of the damage, use payment gateways, and other information about their target.
In broad terms, RaaS kits are similar to SaaS packages, with affiliates or users having the option to select the features they want in their kit. Different subscription models are offered by different RaaS platforms. Some of the biggest RaaS platforms are:
One can sign up for a monthly fee, affiliate program where commissions are paid, profit sharing or an upfront license fee on these portals.
The pricing for entry-level RaaS kits starts from $40 a month, running into many thousand dollars for more advanced kits. This is a trivial investment for attackers, given the fact that the average ransomware demand is around $170,000.
Why Is RaaS So Dangerous?
The risks of RaaS are the same as that of ransomware. However, what makes it scary is that it enables anyone to orchestrate a ransomware attack by removing the need of technical know-how from the equation.
A customer can create ransomware and mastermind an attack just by signing up on the RaaS portal. If they face problems, they can even use support forums to find solutions or get assistance in the same way you would reach out for support on any SaaS portal.
While features and support vary from RaaS platform to platform, the goal is the same, to allow anyone to use their product effectively in order to profit from successful ransom payments.
This ability used to be limited only to experienced ransomware attackers who had the knowledge to code and develop programs. With RaaS, the task has become diversified and professional, a well-oiled machine.
Ransomware developers work on improving their products, while affiliates drive revenue to them.This synergy has contributed to increasing cyber security attacks across the globe, posing a major challenge for technology-intensive organizations.
Cybercriminals always look for ways to make quick money. RaaS makes it simple. Every time a ransom is paid, the RaaS owners get richer, and their groups get larger.
Implementing security measures can help identify and prevent ransomware. Your organization also needs to educate employees on IT security, the dangers of ransomware, and how to respond in the event of an incident.
Why is RaaS Difficult to Stop?
To first stop a criminal, law enforcement agencies and cyber security experts need to identify one. The stealthy, digital ecosystem through which hackers operate makes it difficult for law enforcement agencies to track and shut them down.
The Colonial Pipeline was a recent example, and the US government believed hackers living in Russia executed the attack. In absence of jurisdiction and conclusive evidence, the government couldn’t do much to trace the hackers, or convince the Russian government to trace them.
RaaS networks also keep regrouping themselves to evade identification. Like most criminals, hackers lie low for a few months when things get heated. Several RaaS outfits like The DarkSide, Babuk and REvil also announce a rollback or restrict access to their ransomware forums. Reports suggest this is due to the law enforcement agencies shutting down the servers and bitcoin networks through which RaaS outfits operate.
While this may be good news, the threat still looms because RaaS groups like Babuk transfer their source code to another group. What this means is that hackers can always regroup, create new RaaS outfits and mastermind another strike on an unwitting organization.
How to Stay Informed on RaaS
There are multiple ways to stay informed about RaaS advancements, attacks, and news all over the world. While high profile attacks will often make the news, those are not the only attacks happening.
Thousands of SMB’s around the world suffer cyber attacks everyday, and they don’t make the headlines. A good place to start your education is keeping in close communication with an IT team, whether internal or outsourced.
Besides that, the Cybersecurity and Infrastructure Security Agency (CISA) is also a good place to stay informed about cyber security matters.
In order to be able to protect ourselves it is important to understand the threat and know who and what the enemy is. “Forewarned is forearmed,” and just as the saying suggests, if we know something bad is going to happen we can prepare and take precautions to minimize damage or avoid it altogether.
Ransomware can bring your entire business to a halt.
That's why it's important to implement layered IT security and train your staff on the latest cyber threats.
Have questions or concerns about ransomware and RaaS outfits? Contact CoreTech today. We're happy to address them.