If you’ve been watching the news lately, you know that there has been a dramatic rise in ransomware attacks recently. This has been fueled in part by the disruption of the pandemic, but that’s only one of the factors driving the increase.
Another is the fact that attackers can make so much money with ransomware, potentially more than they can easily make with other types of cyberattacks. In the case of the recent ransomware attacks on Colonial Pipeline and JBS, attackers made off with $4.4 million from one company and $11 million from the other because both paid the ransom.
Approximately 56% of ransomware victims pay the ransom to their attackers.
Due to how lucrative ransomware attacks have become, large underground criminal organizations and state-sponsored hacking groups have adopted it as a business model. They’ve also improved upon it and expanded the concept so they can rake in even more money.
This has led to the invention of a dangerous new model called Ransomware as a Service (RaaS). RaaS is a major danger to any company’s IT security.
Shortly after cloud tools were introduced, a new concept emerged that has completely changed the way companies buy their software. It used to be that you would purchase a piece of software off the shelf, install it with a disk, put in the license key, and then use it locally on your computer.
If you wanted an upgrade, you had to wait until a new version was for sale and then purchase that newer version.
Software as a Service (SaaS) changed all that. Now, companies purchase the right to use cloud applications, some of which come with a version that also installs on your hard drive (like Microsoft 365). They pay monthly, instead of making a one-time purchase. As long as they continue paying the subscription, they can use the software and get ongoing version and feature upgrades.
RaaS takes this model and applies it to ransomware attacks. Novices or those that don’t have the time to put together their own sophisticated attacks can just purchase a subscription to use the “attack tools” that are all ready to go. This subscription-based model then will typically split a successful ransom payment between the RaaS service provider and the person that used the service to launch an attack.
The purchaser (also known as the affiliate) that buys the RaaS service can earn up to 80% of the ransomware payment. Other payment options are also offered that include a flat rate instead of a subscription.
These RaaS services are run very much like a professional SaaS subscription service. Hackers can get customer support on how to use the ransomware tools, read reviews, etc.
According to CrowdStike, it’s not unusual to see a similar listing of plan benefits as you do when purchasing a cloud software subscription. RaaS providers will advertise:
In 2020, ransomware attacks grew 485% and they continue on an upward trajectory. One of the reasons for the skyrocketing growth of this malware over all others is RaaS.
Attackers no longer need to have hacking skills to conduct a ransomware attack. So, anyone that doesn’t care about breaking the law and wants to try their hand at a big ransom score can just purchase a pre-built attack through RaaS. A payout of a few hundred thousand dollars, or in some cases, over a million, makes it very attractive.
Unfortunately, many companies are unprepared for a ransomware attack. That’s why over half end up paying the ransom. Once an attacker finds out they can get $100,000 from a victim, for the next attack they up the ante ask for $150,000, etc.
In the first quarter of 2021, the average ransom payment demand has already increased 43% to US$220,298 (CA$277,783).
SaaS providers are always optimizing their platforms and bringing out new features that will keep customers subscribed to their tools and attract new ones.
RaaS is no different. Now that ransomware is being run as a service business model, those organizations providing RaaS tools will continually improve the methods of attack, how fast they’re delivered, and develop new features that make it harder for companies to defend against.
This means that small, medium, and large companies will need to stay on guard and ensure they have strong cyber protections in place that are also continually updated to fight the newest ransomware threats.
Haxxess can help your Northern Ontario business with a full security audit to ensure you have protections in place to combat the rise of ransomware and RaaS.
Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.