Ransomware attacks are nothing new and they continue to be a growing threat for organizations globally. Ransomware is a type of malicious software (malware) that locks and encrypts the victim’s data and system, thereby blocking access. The attacker then demands a ransom in return to decrypt the data and restore access. In addition to blocking access to data, some ransomware attackers also threaten to publish the compromised data on to the dark web. This makes it a double-extortion ransomware attack.
Similar to Software as a Service (SaaS), Ransomware as a Service (RaaS) is a subscription-based business model. In this model, ransomware developers sell or lease their software to customers, also known as affiliates. These affiliates, typically cybercriminals, can now use this pre-developed ransomware malcode to launch their attacks. What’s even more dangerous about RaaS is that small-time hackers, even those without much technical expertise, can execute highly sophisticated cyberattacks. This is a win-win situation for both RaaS developers and affiliates alike.
RaaS decreases the risk factor for the developers, as they don’t have to carry out the attacks themselves, and it reduces the cost factor for the affiliates, as they don’t have to invest heavily on building their own ransomware. RaaS models are profitable to both parties—developers and affiliates—as they each get a share of the paid ransoms. The share of the ransoms each party gets mostly depends on the kind of subscription choice affiliates choose.
Similar to any SaaS applications, RaaS uses different revenue models, the most common ones being:
It starts off with skillful developers who write the malicious software. Well-coded ransomware offers high chances of penetration success along with low chances of discovery. The ransomware is then modified to enable a multi-end-user infrastructure so that it can be licensed or sold to multiple affiliates. These developers then look for affiliates who will sign up for the service. Typically, the developers post on different forums on the dark web looking to recruit affiliates. The recruited affiliates, once subscribed to their choice of RaaS model, can then launch
Phishing is one of the most common ways of launching a ransomware attack. Typically, a seemingly harmless email including a link is sent to the victims, and once they click on that link, it launches a cyberattack, often without the user knowing. The attacker can then escalate privileges, move laterally, and finally gain access to the victim’s data before holding it hostage. The attackers then send a ransom note demanding payment in exchange for a decryption key that enables the victims to access their data again. The ransom payments are usually made with cryptocurrency and sometimes through dark web browsers, making it difficult to trace.
You can take these precautionary measures to combat RaaS attacks:
You will receive regular updates on the latest news on cybersecurity.
© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.