If you are familiar with Software-as-a-service (SaaS), then you probably understand what ransomware-as-a-Service (RaaS) is. As the name suggests, RaaS is simply ransomware on steroids. It's a way in which criminals develop ransomware and customize it as a service or tool used for unleashing ransomware attacks. To help you gain in-depth knowledge about RaaS, first, let's begin by responding to the most fundamental question:
What is RaaS, and How Does it Work?
Simply put, ransomware is software designed to limit or block access to your computer system. Today, ransomware is peddled online, often on the dark web. Once the software infects your computer, it automatically demands payment or ransom before you can access your files.
Ransomware can be developed as user-friendly software so that even those with no prior knowledge of cyber security can use it. That means script kiddies can download the virus at a small fee, trick targets into downloading it, and then announce a ransom, and they are good to go.
Similar to many viruses, ransomware infects a computer when a user clicks on a link that appears to be trustworthy and unknowingly downloads the malware. If the victim settles, the original developer receives a cut (between 5 and 20 percent), and the script kiddie who launched the attack gets the remaining amount.
Examples and Recent Incidents of Ransomware-as-a-Service
On the dark web, there are different varieties of RaaS. A new and improved version of this malicious software is created and released every now and then. The following are examples of infamous ransomware that spread via the RaaS model:
Egregor was launched in September 2020 and is thought to have been a replacement for Maze RaaS, a company that shut down around the same time. It operates on an affiliate system, with affiliates receiving 70 – 80% of the payments/ransom while the rest goes to the developers. Several French companies, including Ouest France, Ubisoft, and Gefco, fell prey to Egregor last year. In France, there have been some recent arrests related to the extortion of Egregor.
Developers of REvil RaaS are allegedly very picky, i.e., applicants must prove their prior hacking experience before being accepted into the program. According to Cyber Talk, REvil makes approximately $100 million a year. REvil uses a little different approach; the group not only requests a ransom but also makes threats to leak information and further extort victims. The REvil Group has driven the largest buyout demand to date. It demanded $50 million in ransom from electronics maker Acer in March 2021
Dharma has been active in the RaaS community since 2017. It replaces files with the dharma extension. Compared to other RaaS, Dharma's ransom demands are typically lower, averaging $9,000 on average. According to some researchers, this is because the RaaS provider allows hackers that are inexperienced to join as affiliates.
How Do You Protect Yourself from RaaS?
The two most popular entry points for ransomware – email and websites – cannot be entirely blocked. Therefore, it is essential to take precautions to safeguard your system from ransomware attacks. Here's how:
- Train your employees – Your staff and incident response teams should receive ransomware response training. Ransomware can easily infect your system through email attachments, downloads, and web browsing; therefore, regular training will help your employees avoid common malware pitfalls.
- Frequently back up your data – Back up all of your sensitive data and critical business information. Keep your backup data safe by storing them off site or offline so your network doesn't have direct access to it.
- Limit system and administrative access – Some ransomware strains created to use a system administrator account to perform their operations can encounter an additional barrier when you limit system and administrative access. You can achieve this using a zero-trust security model and implementing a principle of least privilege. Educating system admins about the importance of cyber security and how to avoid common and emerging cyberattacks is also crucial.
- Update and maintain your software – To avoid (or ensure early detection of) ransomware, pay close attention to your security, antivirus, and anti-malware software. Use only reputed/licensed software, and update it regularly to the newest version. If you don't have an in-house IT and cybersecurity staff, ensure you partner with experienced cybersecurity professionals.
- Restrict execution of code – Ransomware intended to run from temporary and data folders won't be able to access these folders when you restrict access control. This can be your last line of defense in the fight against ransomware-as-a-service attacks.
Ransomware-as-a-Service (RaaS) adds to the latest motivating factors for cybercrime. Unfortunately, it seems like RaaS will be here to stay. To keep safe in the increasingly digital world, you must take precautions to address this issue. Some reasons for the rise in RaaS attacks are its affordability and simplicity of deployment for both experienced and novice hackers. Implement the tips above, and you'll be ahead of most ransomware-as-a-service attacks.