What Is Ransomware as a Service (RaaS) and Why Is it Fueling Nearly 2/3 of Attacks?
Ransomware is one of the most devastating forms of malware because it commonly stops all business operations, shutting companies down until they either pay the ransom or regain access to their data through removal and restoration.
It has become more dangerous in recent years due to the sharp rise in attacks. So far this year, there has been a 102% increase in ransomware attacks in Australia compared to the beginning of 2020. Since April of this year, IT security researchers have seen an average of over 1,000 businesses being hit with ransomware each week.
The rise of ransomware has made it even more important for companies to prioritise their cybersecurity measures and business continuity planning. Incorporating robust backup and recovery systems managed threat response, and ongoing employee security training are all critical safeguards.
What’s been fueling the rise in attack volume as well as average ransom demand? It’s been a new criminal business model called Ransomware as a Service (RaaS).
RaaS is now responsible for nearly two-thirds of all ransomware attacks.
What Is Ransomware as a Service (RaaS)?
Ransomware as a Service came about because of the success of ransomware for the criminal community. This type of attack brings a fast payout for hackers with less work to do. For example, they don’t have to sift through stolen data and then try to sell that on the Dark Web to make money.
With ransomware, a payout of thousands or millions of dollars can come just a few days after the attack. And that payout is more common than not because 57% of organisations hit with ransomware pay the ransom to the attacker.
Ransomware as a Service uses the software as a service (SaaS) business model. Underground criminal organisations and state-sponsored hacking groups set up platforms where anyone can subscribe to and purchase the tools and support necessary to conduct a ransomware attack.
These bundled “tools” will be things like:
- Ransomware code
- Phishing email campaigns
- Step-by-step instructions
- Video tutorials
- Help desk support (from other hackers)
- And more
This service has fueled the dramatic and ongoing increase in ransomware attacks because it has democratised them. Now, someone doesn’t even need to know the first thing about writing malware code or hacking to get the tools they need to conduct an attack.
So, many wannabe hackers have joined in on the ransomware bandwagon in hopes of getting rich quickly.
Flexible Payment Models
Just like SaaS platforms, RaaS offers the customer multiple payment options. These ransomware as a service sites are now competing with each other to gain business, much like cloud software providers do in the legitimate corners of the web.
It’s not unusual to see flexible payment options, some starting as zero investment on the criminal’s part. Some of the models offered include:
- Monthly subscription for a flat fee, starting as low as $40 per month
- Affiliate programs that include a lower monthly fee and a sharing of a percentage of the ransomware attack profits
- One-time licensing fee
- Pure profit sharing with no upfront fee
Anyone Can Pay to Conduct an Attack
With RaaS, now anyone can pay to conduct a ransomware attack, making the landscape more dangerous for businesses of all sizes.
The user just signs up and creates an account, pays the fee, then enters the type of malware they wish to create. They instantly gain access to multiple ransomware options. Some sites even have user ratings on them (much like online shopping sites).
They also gain access to things like:
- 24/7 support
- Community forums
- Feature updates
- And more
Total ransomware revenues for RaaS businesses were approximately $20 billion in 2020.
How to Protect Your Business from the Rise in Attacks
With ransomware attacks now being conducted by more people and large organisations running RaaS sites actively recruiting more customers, it’s important to properly protect your business.
This includes taking a two-pronged approach that emphasises both mitigation and fast recovery. Here are some of the best practices to deploy:
- Advanced threat protection (zero-trust security, robust anti-malware, etc.)
- Ongoing employee security awareness training
- Cloud security (multi-factor authentication, VPN, etc.)
- Reliable backup and disaster recovery solution
- Create an incident response plan
- Ongoing incident response drills, that includes data restoration
- Password best practices and use of a password manager
- 24/7 network monitoring for any threats
- Do a dark web scan for any compromised credentials, and change them
- Keep all systems up to date with patch & update management
Get Multiple Ransomware Protections in One Affordable Plan
GKM2 can help your Sydney area business deploy strong protections against ransomware and other online attacks. Our managed services plans bundle several helpful solutions into one worry-free package.
Contact us today to learn more. Call +61 2 9161 7171 or reach out online.