Ransomware as a Service or RaaS is a business model offering pay-for-use ransomware. Affiliates pay malware developers/operators to create and launch malicious code and target a business- think of it like an evil cousin of the Software as a Service (SaaS) business model.
RaaS is especially dangerous because affiliates with the resources to pay for ransomware attacks but lacking the time or skill can now partake in cybercrimes. RaaS has become a competitive field with multiple operators offering various ransomware attack services. RaaS groups are easy to find on the dark web and are often advertised there.
How Does RaaS Work?
Here’s how RaaS works- first, a skilled ransomware developer will make expertly coded malware with high penetration chances. They display it on their portals- interested affiliates can enter details for the kind of malware they want and pay with crypto. After subscribing to existing ransomware tools and kits, affiliates also get documentation and support for the RaaS (much like a SaaS).
Affiliates can then carry out attacks using phishing emails. If a victim accidentally downloads the ransomware, their systems are infected, and files are made hostage by encryption. The extortion begins after this.
Services by RaaS
Ransomware authors can offer RaaS as a kit that people can use to carry out attacks, or they may operate the attack for someone, i.e., the operator will launch an attack, encrypt the stolen files, then pass them on.
RaaS services include ransomware and its source code, ransomware customization tools, custom ransom notes, control panel access, instructions to carry out the attack, technical support, infrastructure for managing the attack, and data extraction and encryption tools.
Major RaaS Threats
Ransomware operators and authors have found RaaS to be a lucrative field, one where they can scale their earnings without having to ask for ransom and make transactions themselves.
One of the most infamous RaaS operators is the DarkSide group, which launched the Colonial Pipeline attack and hacked their system with a VPN vulnerability. DoppelPaymer, Dharma Ransomware, and Maze are other major threats. LockBit (or the abcd virus) is a RaaS that propagates itself in a target network and is quite sought-after.
Ransomware kits like MacRansom are also offered as RaaS by authors, and users can carry out attacks using them with ease. Satan, Cerber, Netwalker, Tox, Philadelphia, Atom, Hostman, Egreor, Ryuk, Alpha Locker, REvil, Hidden Tear, Ransom3, ORX Locker, etc. are just a few names.
How to Protect Yourself from Ransomware
RaaS and ransomware attacks, in general, have seen a surge in popularity- the total revenue from the ransomware industry crossed $20 billion in 2020, with the attacks costing $812,000 on average for mid-sized businesses. Learning protocols to protect yourself from ransomware is the only way to not add to this growing number.
- Avoid clicking on unsafe links. Train your employees not to check spam messages or open suspicious links.
- Use encrypted communication channels. Hackers can hijack conversations and leave malicious attachments otherwise.
- Do not open attachments unless from a verified source.
- Never use suspicious USB sticks.
- Erase old data and keep the relevant files encrypted. Transfer encrypted versions of data.
- Keep your antivirus software and systems up to date with regular testing.
- Use cloud storage instead of legacy systems.
- Use trusted VPNs on public WiFi.
- Watch out for DNS spoofing, which can be used to infiltrate your network systems.
- Download software and apps from known sources only. Make sure the sites you download from use HTTPS over HTTP.
- Keep backups of your data, preferably on a separate network.
- Lastly, sketch out protocols with your cybersecurity team about how to deal with ransomware in the event you do get attacked.