What is Ransomware-as-a-Service (RaaS)?
Ransomware is not a new threat to the digital space. Its origins go back many years now. However, over time this threat has become only more prevalent and vicious.
Ransomware-as-a-Service (RaaS) seems to be following popular Everything-as-a-Service (XaaS) models, particularly the Software-as-a-Service (SaaS) service ideology.
This subscription-based cyber threat model allows even an inexperienced cybercriminal to launch ransomware and phishing attacks without having the need to code malware themselves.
As such, it is commonly used by cybercriminals who don’t have much technical knowledge of how to create ransomware. This malicious model allows anyone to become an “affiliate” of an established RaaS package or service. This means that this has the potential to go more widespread.
New Years Eve, Travelex & Sodinokibi (REvil)
On New Year’s Eve 2019, currency exchange Travelex discovered it had been infected with Sodinokibi ransomware, as hackers demanded $6 million for the return of customer data.
Sodinokibi,or REvil, is a ransomware-as-a-service (RaaS) model, discovered in April 2019.
It is used by the financially motivated Gold Southfield threat group, which distributes ransomware via exploit kits, scan-and-exploit techniques, Remote Desktop connection servers, and backdoored software installers.
Its multiple infection methods include exploiting known unpatched security vulnerabilities and phishing campaigns.
Sodinokibi encrypts a user’s files and can gain administrative access by exploiting a vulnerability in Oracle WebLogic.
It has received attention due to its similarities to GandCrab, another infamous RaaS campaign that allegedly retired in June 2019 after reportedly earning cybercriminals more than $2 billion.
“We are leaving for a well-deserved retirement,” they said. “We have proved that by doing evil deeds, retribution does not come.” – GrandCrab Authors.
How to protect your business from this threat ?
- Have a holistic cyber security in place:
- 24/7 monitoring tools
- Tested incident response processes
- Data backups:
- Ensure all critical information is backed up
- This includes any information stored in the Cloud, these services provide high availability but often not the ability to recover previous versions of files
- Keep all Software up-to-date, and perform regular vulnerability scans:
- Timely scheduling of software updates & patches
- Regular vulnerability scans and remediation
- Spot and report suspicious emails, links & attachments :
- Provide regular security awareness training to all staff
- Run educational phishing simulations
While Ransomware-as-a-Service (RaaS) is the latest threat concoction targeting digital users, it has become very important for businesses to take some preventive measures to protect themselves and educate employees against these malicious campaigns.
In addition to other basic security measures, you can also rely on advanced anti malware programs such as Malwarebytes to better secure you against this threat.
According to the NCSC, if you are an SME, then there’s around a 1 in 2 chance that you’ll experience a cyber security breach.
Conosco specialises in helping SMEs prevent, defend and protect against all manner of cyber threats. Our accredited security practitioners and consultants work closely with your teams to help safeguard your organisation’s data, assets, and reputation.
Meet Conosco’s Security Division:
- Leads Conosco’s Security Team
- Cyber Security Champion
- Highly accredited & certified across industry standards
- 15 + yrs experience implementing Security for organisations
- Email: email@example.com
- LinkedIn: @HyltonStewart
- Find out more about our Security services here.
Request for a complimentary Security Discovery Session with Hylton:
We offer four free Information Security Discoveries per month where we conduct a short workshop with your key stakeholders and provide you with a high-level assessment, giving you our recommendations for reducing risk within your business.
If you would be interested in receiving our free Information Security Discovery audit and report, register your interest using this form.
Ninja Form plugin removed, please replace with HubSpot form