The Rise of Ransomware as a Service (RaaS)

By Dr. Christine Izuakor

2019 Has been an interesting year for Ransomware thus far. After plaguing countless victims with dreaded ransom notes and bringing some pretty large corporations to their knees, the attack method built a strong reputation for inflicting cyber terror on consumers and businesses. As cyber criminals noticed increasing success from this method, the trends shifted towards more targeted enterprise attacks with the potential for more lucrative payouts. Furthermore, criminals saw the growing demands for these attacks on the Dark Web as a business opportunity to make attack kits more easily accessible. This new realm of service would essentially remove the burden of coding and crafting attacks from the criminals, thus reducing the difficulty of launching such attacks. What once required tons of planning and preparation, could now be purchased as a subscription or service – just as you would an email account or a video streaming service. Welcome to the rise of ransomware as a service.

What is ransomware?

Also termed digital extortion, Ransomware is a form of cyber – attack in which criminals block access to prized digital possessions or resources and demand payment for their release. There are many variations of ransomware attacks, but the common goal is usually to extort companies or users for money. For example, an attacker may encrypt all of your data and ask for payment in exchange for the decryption key. Without the key, your operations could end up being crippled.

What is Ransomware as a Service (RaaS)?

One of the biggest trends in technology over the last decade has been the growth of subscription-based service models and products. Examples include Software as a Service (SaaS), Platform as a Service (PaaS, Infrastructure as a Service (IaaS) and more. Instead of building software or installing software directly in corporate environments, these companies are providing customers with the ability to effectively rent access to the services they need without dealing with development, maintenance, and additional back end work. Given the high demand for Ransomware in this day and age, creative cyber-criminal entrepreneurs followed this tech industry trend and created ransomware as a service (RaaS) to ease the burden of cyber attackers having to develope their own attacks.

Using the services, cyber criminals are able to launch varying levels of novice to advanced attacks. The RaaS provider may then keep a percentage of the profits from the attack as a service fee. Run as legitimate service businesses, some of the services are so advanced that they include customer support, service level agreements, satisfaction guarantees, and more.

How does Ransomware as a Service (RaaS) work?

Ransomware as a service solutions include a variety of programs available to cyber criminals looking to launch these attacks. To start, hackers create the malware attacks, advertise them, and rent access to the exploit kit to other malicious attackers. They then provide the resources and instructions for operating the attack software. Once purchased, the “dark customer” launches the attack against the target, the malware encrypts the victim’s resources, and payment is requested in order to unlock the information. If the targeted organization folds and pays the ransom, the money is then split between the RaaS provider and the cyber criminal who purchased the service.

This set up is perfect for a cyber criminal who may not know how to code or create an attack. In addition, for a hacker who knows how to code but doesn’t want the direct exposure of launching attacks, they are able to profit from attacks without getting their hands dirty directly.  The products work so well because they are created for cyber criminals, by cyber criminals.

What’s an example of Ransomware As A Service (RaaS) provider?

There are countless variations of ransomware in existence today, and there are several Dark Web vendors who offer the service. One popular example of this is Jokeroo. According to an article on the provider, “unlike most ransomware-as-a-service offerings, in order to become an affiliate, a would-be criminal has to pay to join a particular membership package. These packages range from $90 USD, where the affiliate earns 85% of the ransom payments, to $300 and $600 packages where the affiliates keep all of the revenue and get extra perks such as Salsa20 encryption, different ransomware variants, and different payment cryptocurrency options.”

The software comes with visually appealing dashboards, analytics, an ability to view information about their attack victims, including whether or not they have paid their ransom.

Should businesses be worried about this growing trend?

Ransomware attacks against small businesses and large enterprises remain a concern. When done right, these attacks can cripple ill-prepared companies. Without adequate and tested backups, one of the key defenses against successful ransomware attacks, some companies have found themselves out of business for days or even weeks while scrambling to recover. Ransomware attacks get delivered through a variety of channels, the main one being via email. Business email compromise attacks are another legitimate concern in this space. These attacks can be hard to entirely avoid, especially in companies with large employee populations prone to click on harmful links from time to time. The bottom line is that it’s nearly impossible to avoid every single attack attempt. Thus companies must pay attention and ensure they are protected from this trend through a combination of people, process, and technology.

If RaaS impacts you, what can you do?

Generally speaking, layered security is critical here. For example, in the case of email compromise as a delivery vector for ransomware – layers can help. Email security technology that filters malware out and isolates links, limited access control to prevent elevated privileges being used for unauthorized tasks, disaster recovery programs to assist with the response to the incident should it occur, and more can all help mitigate the impact of a successful ransomware attack. Typical response actions include:

  • Restoring impacted systems from backup to help recover your information.
  • Though not recommended, paying the ransom may or may not get you access to your information.
  • Attempting to wipe the malware from the devices and decrypting the information using other tools where possible.

Check out our quick guide for responding to ransomware attacks here and learn more about how Veriato RansomSafe can help you here.

Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Dr. Christine Izuakor
Dr. Izuakor is the Senior Manager of Global Security Strategy and Awareness at United Airlines where she plays a critical part in embedding cyber security in United’s culture. She is an adjunct professor of cyber security at Robert Morris University, and independently helps corporations solve a diverse range of strategic cybersecurity challenges.

Productivity & Insider Risk Resources

Work From Home, Quiet Quitting, and How Insider Risk Has Changed

Work From Home, Quiet Quitting, and How Insider Risk Has Changed

March 2023 marks approximately three years since the world shut down at the beginning of the Covid-19 pandemic. Since then, organizations have seen their workforce change considerably. What was originally a short term plan to work from home has become ingrained in our...

Focusing On Productivity Helps Reduce Insider Risk

Focusing On Productivity Helps Reduce Insider Risk

Many companies are concerned by the uptick in insider risk that’s come with the work-from-home boom. By one estimate,  58% of office workers work from home at least one day a week. This trend creates blind spots for companies. Managers see their employees less often,...

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz RSAC 2023 Interview

Elizabeth Harz, CEO of Veriato, gave an interview to ISMG at this year's RSA Conference in San Francisco. In it, Elizabeth covers the challenges of maintaining data security in the remote or hybrid workforce environment and the rising cost of data breaches. She also...