Commoditising cybercrime: The rise of ransomware-as-a-service
Recent years have seen a growing number of high-profile ransomware attacks such as WannaCry hit the headlines for their ability to hijack a huge number of computers in a short space of time and extort victims into paying ransoms in order to get their information back. In the case of WannaCry, over 200,000 computers were infected across 150 countries in just four days, with the ransoms being demanded ranging from $300-$600 per computer. Estimates put the total damages caused anywhere from hundreds of millions to billions of dollars.
Ransomware can be enormously damaging to any organisation but until recently, the expertise required to create and release an effective attack prevented it from becoming too widespread. Now that’s changing. The emergence of new RaaS services on the dark web such as Satan (which was rebranded to DBGer in June 2018) has made ransomware toolkits widely available to criminals with no coding experience at all, ushering in a new era for this form of malware.
‘User friendly’ criminal subscription services
Available on the dark web, Satan offers easy access to high quality ransomware alongside user friendly toolkits that allow inexperienced criminals to quickly start executing potent malware attacks.
All users need to do is create an account, pay a subscription fee and agree to Satan’s 30% commission charge on all money received through its ransomware. In exchange, they get instant access to malicious executable files along with a range of ransom email templates, a list of handy tips and tricks for effective attacks, and even attack tracking via Google Maps. The service doesn’t stop there either. Users can quickly and easily set payment thresholds for victims and track them via unique victim IDs, with all ransom payments handled via the Satan platform.
As this demonstrates, the same user-friendly principles that have contributed to the success of popular mainstream services like Netflix and Spotify are now being applied to the criminal side of the internet. It seems that even on the Dark Web, the customer is king.
Defending against the growing threat
In the face of these new RaaS threats, what can businesses to do to avoid becoming the next victim? Fortunately, many of the recommended defensive steps are the same as those for protecting against other malware types and any security conscious business should be employing many of them already. Below are five key steps to consider:
- Train employees in security awareness: As with so many aspects of business, comprehensive employee training can make a significant difference. A well-trained employee will know how to spot suspicious phishing emails or social engineering attempts, greatly reducing their effectiveness. They will also understand the importance of promptly installing new system updates and patches, helping to reduce overall system vulnerabilities
- Maintain backups of all data: The most effective way to nullify any ransomware attack is through comprehensive backups of all business data. In the event of an attack, a company with backups in place can fully restore its data from those instead of having to pay a ransom to the attackers. Backing up data is quick, easy and cheap, meaning there’s very little excuse for not doing it regularly
- Disable auto run functionality on connected devices: Auto run may be convenient for users, but it also makes it much easier for malware to spread much faster in the event of a successful attack. Disabling it across all connected devices helps to contain infections faster, mitigating any damage caused
- Disable macros in Microsoft applications: In many cases, ransomware is spread via infected Microsoft Office documents containing malicious macros that will download and execute the malware once run. Disabling macros by default can help prevent compromises, even if an infected file is opened by a user
- Deploy effective security measures: Strategic investment in the right security measures can significantly boost protection against ransomware attacks. Antivirus software and firewalls help block known malware variants, but organisations that are serious about security should also consider endpoint detection and response (EDR) and advanced threat protection (ATP). These additional solutions optimise malware detection and block the execution of malicious code, creating a more robust defence. They can also be deployed alongside other, multi-layered security mechanisms such as data categorisation, network segmentation and behaviour monitoring to create a truly elevated security strategy
The rise of new, user friendly criminal tools like RaaS is changing the face of cybercrime forever. With technical skill no longer a barrier to entry, it has suddenly become much more accessible to hundreds, thousands, or even millions of would-be criminals. This is bad news for businesses, who could suddenly find themselves on the receiving end of significantly more attacks. However, by observing cyber security best practice and investing in the right security tools and solutions, they can create a robust, multi-layered defence that significantly reduces the chances of becoming the next victim.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.
- » The real deal on cybercrime, breach timelines, and mounting a proactive defence
- » How to prevent illness on your network - with the right medicine
- » Ransomware is the ‘number one’ threat for small and medium businesses, argues Datto
- » The evolving role of the CISO: How digitisation brings the fight to security threats