By now, you know that cybercriminals are smart and that they have become so adept and villainous they can force businesses to bow to their will. But did you know that they don’t even need hacking skills to do it? They simply buy software packs from criminal entities that have the skills — and then choose their targets. It’s called ransomware as a service (RaaS) and it’s one of the reasons cyber attacks continue to rise.

What Is Ransomware as a Service?

Ransomware is nothing more than software: malicious software to be sure. But at its core, it’s not unlike reputable softwares such as TurboTax or Zoom — software designed to perform a function and make it easy for the end user.  Most ransomware attacks are not, as some people imagine, criminals trying to hack into a system, writing new code and launching into networks. 

Today you don’t need to know how to hack. All you need is to buy a software license from the dark web. That’s ransomware as a service (RaaS) — ready-made ransomware software that just about anyone can buy and use.

The hurdles (like intelligence) that used to make it difficult for prospective cybercriminals to succeed have been, in effect, eliminated by the ransomware-as-a-service market. It came about when a pattern of cooperation developed between ransomware gangs and the adoption of double and triple extortion tactics. Now the likelihood that a victim will pay at least one ransom demand has increased exponentially. The more people pay, the more ransomware threats emerge.

According to Security Magazine, ransomware attacks rose by 92.7 percent in 2021 compared to 2020 levels, with 1,389 reported attacks in 2020 and 2,690 in 2021.

Attacks today depend on a human-response component to track, stop and eradicate threats.

Would you know what to do? Get the Ransomware Response Checklist.

RaaS Is Gaining in Popularity

Ransomware as a service has increased in popularity  because cybercriminals and groups don’t have to do the work themselves. They can’t because they don’t have the skills needed, hence a new RaaS exploitive industry has emerged. The new platforms include:

• Extortion websites, which can double and triple extortion components of ransomware groups.
• Renting an RaaS platform, which gives them a command and control platform.
• Hosted payment websites, which help customers pay ransoms.
• Marketplaces, where smaller groups post stolen data.
• Purchasing RaaS offerings, including exploitation kits and training on how to commit cybercrime.
• Updated lists daily of compromised data, including screenshots and company names.

These new RaaS opportunities teach the criminals: 

• How to “clean” bitcoins (or other digital currency) by using crypto tumblers that mix them with clean coins to make them harder to trace.
• How marketplaces offer an escrow: blind trust.
• How to collect currency within platforms.
• How the groups get the money and launder it.

Ransomware cartels have been coming together.  An RaaS provider is the same as a legitimate software provider:

• Customers log into the RaaS portal, create an account, pay with Bitcoin, enter details on the type of malware they wish to create and click the submit button. 
• If they work with some of the more sophisticated RaaS operators who offer portals, the “subscribers/aka hackers” see the status of infections, total payments, total files encrypted and other information about their targets.
• In addition to these portals, RaaS operators run marketing campaigns and have websites that look exactly like your own company’s campaigns and websites. They have videos, white papers and are active on social media. 
• They even prove their legitimacy with a screenshot or an example document contained within the victim data. 
• Because RaaS is just ransomware packaged for ease of use by anyone with ill intent, the steps to prevent a RaaS attack are the same as preventing any ransomware attack.
• The availability of international cloud infrastructure has grown exponentially, providing crime gangs from across the globe with scalable and standardized environments that can be accessed from anywhere. 

With little fear of extradition, this makes it possible for them to easily attack organizations within the United States and other countries using sophisticated cybersecurity programs.

Organizations, such as the DarkSide, REvil and others, franchise their ransomware-as-a-service (RaaS) capabilities to attackers. The attackers are responsible for penetrating the organizations, while the franchisers provide the encryption tools, communications, ransom collection, etc., all for a percentage of the ransom collected. For talented hackers, this RaaS model provides two streams of income. 

1. They can create and implement sophisticated attacks using proven tactics, techniques and procedures. 
2. They can outsource that attack using a commodity infrastructure proven in several years of ransomware attacks.

Are you covered? Get the Cyber Security Essentials Checklist

Countering RaaS and Other Threats

Understanding ransomware as a service is really about changing your thinking about cybercrime. As you can see from reading this article, it’s easy for criminals to get into the ransomware game so you cannot bury your head in the sand. Don’t think, “it can’t happen to me.” It can, and it will.

The good news is that countering RaaS attacks is the same as countering any  cyber attack or ransomware attack: Protect your systems by staying on top of the threat landscape, train your staff to recognize the “hooks,” initiate backup and recovery plans. Visibility is critical for success. Everyone, not just the managers, directors and CEO need training. Everyone in the company needs to know how to spot and mitigate vulnerabilities. 

The right IT partner can help. Not sure what to look for? Download our Choose IT Support Checklist.

If you’re an Internos Group client, you already have an inside track to the best cybersecurity prevention available today and tomorrow. We constantly monitor, 24/7/365, to stay up to date with these nefarious actors.  We provide all of our clients with a holistic approach to keeping data safe.Contact us or book a free no-obligation meeting. We’re happy to help.