Ransomware as a Service…to Criminals?

Ransomware as a Service

Every new year brings new challenges to the world of cybersecurity, and this year is no exception. In fact, incredibly difficult issues have already surfaced in the last several months.

Ranging from Office 365 vulnerabilities to new hacking techniques, staying up-to-date is crucial for anyone tasked with ensuring cybersecurity.

Recently, a new area of concern is cropping up: the rise of Ransomware as a Service (RaaS).

As if ransomware alone weren’t dangerous enough, this new delivery model threatens to expand the field for attackers.

Essentially allowing anyone with ill intent to launch an attack, Ransomware as a Service is one of the most dangerous developments in the world of cybercrime.

Ransomware as a Service
Figure 1: Most Common Ransomware Variants. Image source: Coveware

What is Ransomware as a Service?

RaaS is best considered as a business model, not unlike legitimate business models you may be familiar with.

RaaS operates by allowing criminal hackers to access and use ransomware programs others have created.

Ransomware developers rent out their software, and criminal users pay subscription fees or a share a percentage of the profits. This is a similar model used by legitimate Software as a Service products offered by Microsoft or Google.

These ransomware programs range in price from relatively inexpensive, low-quality choices, to far more expensive and complex offerings.

Of course, as with most things, you get what you pay for. The priciest options are only available to carefully selected affiliates or users.

RaaS programs increase the technical capabilities of attackers, whether experienced ransomware operators or newcomers to the arena.

RaaS operators offer their products with web portals, chat features, customizable strains, and even pre-built templates for ransom notes. The sellers of these services even go so far as providing technical support to their buyers.

These highly developed business models lead to more sophisticated and dangerous products, and place them in the hands of more and more people.

Ransomware as a Service
Figure 2: RaaS User Portal. Image source: Recorded Future

Who is Being Targeted?

RaaS is a growing field, and everyone from organized crime groups to lone amateurs are now using these services.

Many people don’t realize that the dark web and cyber criminals operate just like legitimate businesses. Browsing the dark web reveals low-end RaaS offerings for as little as $40, and remote desktop credentials for as little as $16 to $24.

The easiest targets? Organizations lacking either proper cybersecurity funding or awareness of the risks involved.

And although many businesses assume they’re too small to become victims, research shows that simply isn’t the case. In fact, small businesses are especially vulnerable to this new model of ransomware.

This serves as incentive for all organizations to bolster their cybersecurity programs.

Regardless of how secure your systems seem, never be lulled into a false sense of security. RaaS users also go after large, high-value organizations, seeking large paydays.

No matter the size of your business, security of your data is vital; no business is immune from these types of attacks.

Ransomware as a Service
Figure 3: Average ransomware operator (left) and RaaS operations (right) Source: TrendMicro

How a Typical Attack Occurs

Each ransomware group uses different methods in their attacks.

Some focus on gaining access to Internet-facing Remote Desktop Protocol (RDP) platforms. This is done with stolen credentials or password spraying. Once they have access to the RDP system, toolkits then deploy ransomware.

Other groups employ phishing techniques to gain access to the environment, then spread their ransomware and tools.

The good news is that the typical methods used are known to cybersecurity firms as well, and many ways to deploy protection are available.

RaaS offerings leverage popular administrative tools to conduct their strikes, including Powershell, the PSexec toolkit, and Remote Desktop.

Attackers then create administrative accounts and install their own tools. Once a foothold is established, they begin searching for data worth stealing. Finally, they take the data and create zipped folders for extraction.

Each of these steps should be kept in mind when creating your security measures.

Mitigation Steps

The hacker community is constantly maturing, growing, and expanding.

This means that for the average organization, keeping pace with the latest threats is incredibly challenging without help.

The steps of a ransomware attack, whether the latest Ransomware as a Service or older versions, are well known. As a result, the following steps are recommended to reduce the risk of a ransomware attack:

  • Use strong multifactor authentication on any Internet facing login interfaces
  • Leverage effective anti-phishing technologies. Email security software and hardening any mail server configurations are excellent protective measures
  • Ensure that all users are aware of the risks. Train employees properly to reduce the risk of falling victim to a phishing email
  • Use VPN for remote access instead of RDP
  • Create and use a patching policy that keeps essential systems up to date
  • Enforce strong password policies and never allow the re-use of passwords

Here at Blue Bastion, we routinely help smaller business such as churches or small medical offices that suffer from ransomware attacks. We also work with bigger corporations as well, securing much larger systems and networks.

Blue Bastion will gladly help you reduce your risk of a RaaS attack and better secure your network.

Ready to secure your network? Complete the form below to get started today!

Secure Your Network with Blue Bastion. Contact Us Today!