Ransomeware As A Service
RANSOMWARE-AS-A-SERVICE WHAT IT IS AND WHY YOU SHOULD CARE
Ransomware-as-a-service brings cyber-crime to the less skilled cyber criminals, making extortion easy.
Ransomware is not a new threat. I feel that most people are familiar with Ransomware to some degree or another.
The first prominent case was back in 2016 when Hollywood Presbyterian Medical Center shelled out $17 000 in bitcoin after an attack took the hospital offline.
Since then Ransomware has only become more popular and in the US alone at least $176 million has been spent on costs relating to ransomware attacks, ranging from investigations, rebuilding networks, restoring backups, paying out the attackers and implementing preventative measures to avoid future attacks.
In the past, a certain amount of technical skill and prowess was required by the cybercriminal wanting to launch a ransomware attack, at a minimum they would require sufficient coding skills to write the ransomware application.
RaaS (Ransomware As A Service) has completely changed the game, and now basic computer literacy is all that is really required.
For those that are still a little confused as to what ransomware is, Ransomware is a malicious application specifically designed to encrypt all or parts of a system rendering it inoperable until a ransom fee is paid to the criminal.
Typically, the treat is twofold to ensure that payment is made with a time limit.
Attackers will generally give you 3 to 7 days to make payment after which they will release your confidential data on a public forum, all the while you are not able to access your own data.
When Big corporates like Nayana (South Korean web provider) pay up to $1 million in ransom, this should indicate the seriousness of these types of attacks.
AND THEN THERE WAS RaaS S
So if the above was not bad enough, now Ransomware as a criminal enterprise is open to all.
Gone are the days of your cyber-criminal needing to be tech-savvy and a grade above the rest of us, now Ransomware is available to any criminal that can type, and use google search effectively.
RaaS is sold on a cloud-based subscription model to anyone who can afford the subscription fee, It’s as simple as selecting the companies that you wish to target a couple of settings and clicking go.
The service will then do all the heavy lifting for you, all you have to do is sit and wait for your payday.
Some services don’t even cost a subscription and work on a percentage commission of the ransom pay-outs.
WHAT THIS MEANS S
If this scares you, it should. It’s not bad enough that major corporates are getting successfully hit with ransomware attacks, now even the most computer illiterate enterprising criminal can target you and your company.
These hackers are targeting your most vulnerable points as well, some going as far as to pay your own internal staff a salary to leak all sorts of information.
SO WHAT CAN WE DO??
You need to ensure that your company is protected from all angles, that there are no weak points. Always adopt a ZERO trust methodology.
External security with products like Bitdefender and GamaSec ensures that your company is protected from all external entry points.
Internal threat assessment with products like Zecurion DLP and UBA ensure that your users are not leaking out information whether intentionally or on purpose.
Data Protection and active Ransomware prevention with products like Acronis Cyber Protect.
And staff awareness and security training with products like MyCybercare to ensure that your staff are cyber security-conscious and aware.