As we continue to study cybersecurity trends, we shine a light on Ransomware as a Service (RaaS), a phenomenon that sees Ransomware kit being commercialised by actors on the Dark Web.
Ransomware has been a tool utilised by cybercriminals for decades to coax money out of firms in exchange for files that have been copied and deleted from their private networks. However, security experts were shocked to discover on the Dark Web that vendors were listing ransomware as a life-time service package for as low as $39. As the price suggests, the product (called Stampado) wasn’t particularly effective, but it created market which puts highly destructive digital tools into the hands of low-level, unskilled hackers.
These transactions are mutually beneficial since the ransomware developers minimise the work required of them in any cyberattack and minimise the risk of being traced, while the hackers (affiliates) avoid the cost of building their own malware and can focus on infecting devices in the networks they are targeting. Moreover, the ransom payment is generally split between the operator and the affiliate, with large companies able to demand up to 70% of the cut.
There are approximately 25 groups on the dark web selling RaaS and their products can cost up to $4000. Currently, some of the most popular strains include Phobos, Sodinokibi, Dharma and GlobeImposter. However, RaaS operators regularly rearrange the formats and provide updates.
Operators are remarkably open about their business – many even have their own Twitter pages! For most, business is booming. Ransomware costs companies $20 billion each year and this figure is expected rise to $265 billion by 2031.
Their victims usually fit a particular profile – some attackers might prioritise firms with higher revenues, others may target certain industries because they hold sensitive data so they can demand a higher ransom. Yet above all, cybercriminals prey on organisations with poor credential hygiene (weak passwords etc.) to find easy entry points. Files are obtained through email phishing or user accounts being compromised.
Once secured, the affiliates will declare which data has been collected and the price to delete the files, which is usually demanded in cryptocurrency since it is untraceable. Even if a company pays the ransom, it remains at the attacker’s mercy as they are under no obligation to fulfil their promise. It is therefore integral that companies take action to protect themselves from ransomware attacks.
It is impossible to completely eliminate ransomware since it infiltrates networks via emails and user accounts which cannot be removed so there will always will an element of risk, but there are several ways to minimise this threat. Here are some simple steps to protect your organisation:
In the current landscape, there are several services available to add endpoint protection to a firms’ networks against ransomware, anti-phishing software and patch programs to name just some. However, as technology evolves, the threats also develop and recently RaaS operators have begun forming cartels to share resources and improve the quality of their products. In response, security measures have stepped up and currently has the edge in its ability to use artificial intelligence to detect and eradicate ransomware attacks. Microsoft Security’s AI-powered Defender for Endpoint is among the tools that are helping companies around the world overcome this powerful threat.
Staying on top of all these advances, NWT is readily equipped with all the solutions your business needs to defend against the cybercriminals preying on your employees’ and clients’ data. To learn more about how we can help and enquire about enlisting our services, head to our Cyber Security page.
Together, Anexinet and NWT are uniquely positioned to help clients streamline their journey to the Cloud in the face of the pandemic by designing, building, automating and managing their workloads and applications on Enterprise-Cloud or Cloud-Hyperscalers, including AWS, Alibaba, Google Cloud, and Microsoft Azure. The strategic partnership has already helped one established financial institution unlock significant value by accelerating the development and delivery of effective, integrated Cloud-based solutions. Anexinet’s proven Kickstart process and comprehensive set of tools and services deliver an Agile, scalable Cloud-based environment that embraces traditional IT as well as Private, Public, and Managed Cloud. Migrating applications and business systems to the Cloud is a daunting task for even the most mature organization. As a result, a Cloud-adoption strategy and roadmap often means the difference between successful deployment and failure to launch. Anexinet helps organizations determine their ideal strategic approach.