Recent research suggests ransomware attacks have increased 140% in the past year alone. On average, a ransom demand is $178,000, but an organization’s overall loss could exceed $1 million. The surge in attacks is primarily a result of Ransomware-as-a-Service (RaaS). This dark web business model allows sophisticated cybercriminals to sell ransomware software to willing buyers (usually less skilled cybercriminals) who then launch an attack that compromises a device(s) and demand a significant payment to restore the victim’s technology.
Review the following guidance to understand RaaS’ impact and best practices for addressing RaaS concerns.
What Is RaaS?
The RaaS model operates as a normal business model but with the intent to distribute a harmful product. Initially, a knowledgeable ransomware developer generates malicious software that is highly penetrable and low risk for discovery.
Once the software is ready for distribution, it is launched as a multi-end user infrastructure. RaaS developers seek potential customers through traditional marketing methods, including dark web advertisements and forums. Some developers are more cautious and require customers to demonstrate their technical skills and cybersecurity knowledge prior to purchase.
An approved buyer is provided with access to the ransomware software and product portal. The portal may include detailed software implementation instructions, user reviews, support forums and special discounts or offers for future purchases. Customer software access can be permanent or for an allotted amount of time.
Varying by developer, RaaS purchases can be a one-time sale or a monthly subscription service. Some RaaS developers recruit other cybercriminals to sell their software in exchange for a percentage of the ransom payment. This commission-based partnership is known as an affiliate program.
Once cybercriminals receive the developer's software, they can execute ransomware attacks that result in widespread disruption, damaged or destroyed data, reputational repercussions, and significant financial fallout for the affected organizations. Well-known RaaS incidents include WannaCry, Cerber, MacRansom, Philadelphia, Atom, Hostman and FLUX.
The Impact of RaaS
RaaS poses a serious increased threat to organizations, regardless of size, because it allows less skilled cybercriminals to execute ransomware attacks with a simple purchase. It has increased ransomware frequency and event cost, which compounds the consequences affected organizations face. Further, RaaS model cybercriminals are extremely confident in their malicious software’s strength and motivated to escalate ransom payment demands. This is especially true of RaaS affiliate programs, as higher payment demands provide larger profits.
Addressing RaaS Concerns
Making ransomware prevention and response measures a top priority for your organization is the best option to minimize the growing threat of RaaS. Ransomware attacks are commonly deployed through phishing emails, deceptive links, dangerous websites, harmful attachments and malicious programs.
Review these best practices for combatting ransomware attacks.
Secure your systems
Establish steps to protect your organizational IT infrastructure from potential ransomware exposures, including:
- Utilizing a virtual private network (VPN) for all internet-based activities
- Installing antivirus software on all workplace technology
- Implementing a firewall to block cybercriminals from accessing your organization’s VPN
- Restricting employees’ access to unsecure websites
- Establishing email filters to block phishing messages from employees’ inboxes
- Encrypting and routinely backing up sensitive data on all organizational devices
- Limiting employee administrative controls to prevent inexperienced staff from downloading a malicious program
- Regularly updating all organizational devices and security programs to ensure effectiveness
- Developing a cyber incident response plan that considers ransomware scenarios
Educate your employees
Train your employees how to prevent and respond to a ransomware attack. Provide your workforce with these tips:
- Avoid opening or responding to emails from unknown individuals or organizations. Verify an identity from a trusted source by double-checking the address.
- Never open suspicious emails, website links or pop-ups. Avoid downloading attachments or software programs from unknown sources or locations.
- Only browse safe and secure websites on organizational devices. Refrain from personal browsing on workplace devices.
- Contact your manager or IT department if you suspect a ransomware attack.
We're Here to Help
Understanding the risks ransomware can create for your organization and knowing how to reduce those risks can be daunting. Connect with a member of our team for additional cyber risk management guidance and insurance solutions.