RaaS: The hot revenue stream for bad actors

We all understand and embrace the easy, affordable, and convenient benefits of as-a-Service solutions.

And the baddies are no exception. They love as-a-Service solutions as much as the rest of us – but for all the wrong reasons.

Crime pays, big time

For as little as US$40 a month, cybercriminals can sign up to rent or buy a ready-to-use Ransomware as a Service (RaaS) kit on the dark web. And they have choices as to how they make money from it. They can commit to a monthly flat-rate subscription, join an affiliate program and send 20-30% of the profits to the ransomware developer, pay a one-time license fee, or opt for a pure profit-sharing model.

As with any good as-a-Service offering, subscribers can access portals to view dashboards showing how many targets have been infected, payments received and more. Also on offer is a support mechanism, an online community to engage with and swap war stories, how-to documentation, and new feature releases. All the as-a-Service bells and whistles you’d expect from a reputable business partner.

Competition is hot, too. RaaS operators run dedicated, targeted marketing campaigns to promote their ransomware packages. They even create promotional videos and white papers and use social media platforms to get their message out.

Given that in 2021, the average ransom demand was $6 million, it’s perhaps unsurprising that RaaS has become such a hot ticket item for the unscrupulous and greedy amongst us.

Ransomware – a modern-day disease

Statista reports that as of 2023, over 72% of businesses worldwide were affected by ransomware attacks, saying: “This figure represents an increase from the previous five years and was by far the highest figure reported. Overall, since 2018, more than half of the total survey respondents each year stated that their organizations had been victimized by ransomware.”

With Forbes (and every other credible source) rating ransomware as one of the most critical cybersecurity trends of 2023, it’s evident that few businesses will escape being targeted.

But that doesn’t mean we must accept the inevitable – far from it.

Prevention is easier (and cheaper) than cure

There can be no argument that recovering from a ransomware attack is difficult and costly. And you can also wipe out an average of 24 days due to the chaos created.

Stopping an attack by taking preventative measures is a far better strategy.

While the concept of RaaS is scary as it’s so well organised, it’s encouraging to remember that the steps to prevent a RaaS attack are the same as the ones you take to stop any ransomware attack in its tracks.

So, what are some of the best practice approaches to protecting your business from ransomware attacks?

Protect your endpoints – around the clock.

TechTarget says that an organisation succumbs to a ransomware attack every 11 seconds — and vulnerable endpoints are regularly the source of compromise. Making it essential to implement reliable, modern endpoint protection that uses advanced algorithms and works automatically in the background – 24/7.

Backup, backup, and backup again.

The time between backups directly impacts how long it takes to return to BAU and recreate the work lost by the attack. If backups are only performed every weekend, you risk losing up to a whole week’s work. If you back up changed or new data every two hours – then your risk profile is significantly smaller. Frequency and regularity are key.

Don’t put all your backup eggs in one basket.

Reduce risk by making multiple backups and storing them on separate devices in different locations.

Check up on your backups.

Avast says that the two biggest culprits for backup failure are hardware (40%) and human error (29%), 60% of backups are incomplete, and 50% of restores fail. The lesson in this? Test your backups regularly to ensure they can be retrieved when you need them most.

Prioritise patching.

According to InfoSec, ‘the average time to patch a vulnerability or patch (MTTP) is between 60 and 150 days, and security and IT teams tend to take at least 38 days to push out a patch.’ An unpatched vulnerability is an open door for attackers, so it’s critical to maintain a rigorous patch program to protect you from both known (publicly disclosed) and unknown (where the software vendor knows they have a flaw in their software but haven’t developed a patch for it) weaknesses.

Add ‘do not pass go’ roadblocks to your network.

Segment your network to slow down or stop the impact of a ransomware attack. This involves splitting the larger network into smaller network segments using firewalls, virtual local area networks (VLANs), and other techniques. You can also segment your network by function, such as separating finance from HR or data types.

Don’t fall foul of phishing.

Forbes reports, ‘Phishing is one of the most prevalent types of cybercrimes with over 500 million phishing attacks reported in 2022. For perspective, that’s over double the number of reported attacks in 2021—and not surprisingly so, as it’s one of the easiest types of scams to fall prey to.’ Often using email as the starting point, attackers can infiltrate your network and install ransomware, causing system outages and other disruptions. Advanced anti-phishing protection is essential – as is regular employee testing and education.

Test your ability to resist ransomware.

It’s one thing to have defences against ransomware, but it’s another to ensure they work. The only way to do this is by simulating a ransomware attack using penetration testing to ensure that your defences are up and verify that your security processes are working correctly.

Put your people first.

While often the weakest link, your people are also your strongest line of defence against the dark art of ransomware attacks. Invest in cultivating user awareness and delivering ongoing training (to counter the ever-changing strategies used by cybercriminals) and build a culture of security.

Rest easy about RaaS

Protecting their business from ransomware attacks is an acknowledged priority by most business leaders. And getting money off you is the primary aim of cyber criminals the world over.

But staying on top of ransomware (from protection to monitoring, containment and elimination, to repair) is difficult when you want to focus on growing your business. Amidata advocates a two-fold approach to keeping your business and data safe and secure – and in your hands. First, good backups, and second, effective and proven cybersecurity services.

We won’t let anyone hold you to ransom.

Read more tech news

Know thy enemy: Traversing the 2024 global threat landscape.

Sun Tzu (771–256 BC), a Chinese military general, strategist, and philosopher, showed remarkable prescience when he said, “Know thy enemy…...

Read more

Hybrid cloud data management – in search of that silver lining.

Hybrid cloud is here to stay. According to the recent Global Hybrid Cloud Trends Report, an impressive 82% of IT…...

Read more

Will AI stab your cybersecurity efforts in the back?

There’s no doubt that AI is going to be a powerful force for good in cybersecurity. But (and there is…...

Read more