The Dark Web is targeting your company using ransomware – take the necessary steps to protect your data

As we continue to study cybersecurity trends, we shine a light on Ransomware as a Service (RaaS), a phenomenon that sees Ransomware kit being commercialised by actors on the Dark Web.

Ransomware has been a tool utilised by cybercriminals for decades to coax money out of firms in exchange for files that have been copied and deleted from their private networks. However, security experts were shocked to discover on the Dark Web that vendors were listing ransomware as a life-time service package for as low as $39. As the price suggests, the product (called Stampado) wasn’t particularly effective, but it created market which puts highly destructive digital tools into the hands of low-level, unskilled hackers.

These transactions are mutually beneficial since the ransomware developers minimise the work required of them in any cyberattack and minimise the risk of being traced, while the hackers (affiliates) avoid the cost of building their own malware and can focus on infecting devices in the networks they are targeting. Moreover, the ransom payment is generally split between the operator and the affiliate, with large companies able to demand up to 70% of the cut.

There are approximately 25 groups on the dark web selling RaaS and their products can cost up to $4000. Currently, some of the most popular strains include Phobos, Sodinokibi, Dharma and GlobeImposter. However, RaaS operators regularly rearrange the formats and provide updates.

Operators are remarkably open about their business – many even have their own Twitter pages! For most, business is booming. Ransomware costs companies $20 billion each year and this figure is expected rise to $265 billion by 2031.

Their victims usually fit a particular profile – some attackers might prioritise firms with higher revenues, others may target certain industries because they hold sensitive data so they can demand a higher ransom. Yet above all, cybercriminals prey on organisations with poor credential hygiene (weak passwords etc.) to find easy entry points. Files are obtained through email phishing or user accounts being compromised.

Once secured, the affiliates will declare which data has been collected and the price to delete the files, which is usually demanded in cryptocurrency since it is untraceable. Even if a company pays the ransom, it remains at the attacker’s mercy as they are under no obligation to fulfil their promise. It is therefore integral that companies take action to protect themselves from ransomware attacks.

It is impossible to completely eliminate ransomware since it infiltrates networks via emails and user accounts which cannot be removed so there will always will an element of risk, but there are several ways to minimise this threat. Here are some simple steps to protect your organisation:

  • Maintain and update software – Attackers can easily exploit out-of-date security measures
  • Perform regular data backups – It is much harder for hackers to access offline copies of data; hence companies should periodically store files in a device outside of the main network so they do not need to pay large sums to retrieve whatever data is stolen
  • Restrict administrative access on systems – Reducing the number of users with administrative access can create another barrier for hackers since having this power makes it easier to steal data
  • Educate workers – Employees should receive regular training on how to identify security threats and what procedure they should follow

In the current landscape, there are several services available to add endpoint protection to a firms’ networks against ransomware, anti-phishing software and patch programs to name just some. However, as technology evolves, the threats also develop and recently RaaS operators have begun forming cartels to share resources and improve the quality of their products. In response, security measures have stepped up and currently has the edge in its ability to use artificial intelligence to detect and eradicate ransomware attacks. Microsoft Security’s AI-powered Defender for Endpoint is among the tools that are helping companies around the world overcome this powerful threat.

Staying on top of all these advances, NWT is readily equipped with all the solutions your business needs to defend against the cybercriminals preying on your employees’ and clients’ data. To learn more about how we can help and enquire about enlisting our services, head to our Cyber Security page.