Ransomware-as-a-Service (RaaS) is an unusual type of Software-as-a-Service (SaaS) provided through the internet as a vendor platform. Among the different kind of SaaS provided by tech vendors, RaaS is different as it represents an offering used by criminals to lock down IT systems.

How does Ransomware-as-a-Service work?

In a RaaS situation, a vendor offers malicious hackers a platform for the goal of using ransomware to hold information, systems, or computer files hostage. Ransomware is a software that infects a computer to encrypt or lock down systems or files. Victims generally download ransomware by clicking a compromised pop-up or opening an infected mail attachment, prompting a malicious code. From there, an array of events unfold which locks down the victim’s system and displays a message listing demands which must be met for regaining access. Most commonly, the victims are asked to transfer a sum of money through Bitcoin or any other cryptocurrency to the attacker. It is also possible that the ransomware can spread far beyond the infected system, locking down the organization’s back-end systems and websites and halting normal business operations until the ransom is paid or the malware eliminated.

The RaaS process looks something like this:

• Step 1: Malware authors design a RaaS kit for a cybercrime group
• Step 2: The group then promotes the RaaS kit on the dark web and on other platforms
• Step 3: Buyers purchase the RaaS kit
• Step 4: Buyers distribute the RaaS kit either on their own or with the help of a dedicated distribution service
• Step 5: If successful, the targets get infected

What makes Ransomware-as-a-Service such a Threat?

The malware author provides the ransomware free of charge or for a small fee, often preferring to take a cut of each ransom. This incentivizes a greater volume of attacks and higher ransom requests. Ransomware is not only cheap to purchase and download; it is also easy to spread with every business being a target, considering the present digital lifestyle. The rise of the RaaS distribution model is allowing budding criminals an immensely easy way to start a cyber-extortion business with typically no technical expertise required, flooding the market with new ransomware strains. In fact, the growth in RaaS platforms is likely one of the primary reasons behind the huge spike in ransomware attacks. RaaS also produces a faster pay out than stealing personal information or credit card data. Perhaps most importantly, there is a lower risk of getting caught due to the anonymity of Bitcoin. During the last 12 months, we have witnessed the rise of ransomware, with hundreds of thousands of systems affected, countless money spent to recover lost files, investments to improve security measures, and adverse reputational damage. These factors make ransomware one of the most dangerous cyber-threats to both individual users and businesses.

Some Examples of Infamous Ransomware-as-a-Service

• Satan
• Cerber
• WannaCry
• Philadelphia
• MacRansom
• Atom
• Hostman
• FLUX

The Rise of Ransomware-as-a-Service

Ransomware progresses to be a major problem across the world, with 54% of the organizations surveyed hit in 2017 and a further 31% expecting to be victims of an attack in the future. It is no secret that ransomware attacks have exploded in popularity in recent times. In fact, as SonicWall (a manufacturer of network security and data protection products and solutions) reported that the number of ransomware attacks increased a startling 167 times over a single year, rising from 3.8 million in 2015 to 638 million in 2016. Other reports project nearly half of businesses fell victim to some cyber-ransom drive in 2016. Meanwhile, the average ransomware demand more than tripled, rising from US$294 in 2015 to US$1,077 in 2016. At the same time, the number of new ransomware families increased 752%, costing businesses US$1 B globally. The growing availability of RaaS platforms is largely to blame for this alarming trend.

There are various reasons for ransomware becoming as widespread as it is now. The first one is that the companies are negligent about the threats. There are several warnings about potential threats and quite a lot of information on protection from them. But users and companies do not protect their systems and servers the way they should and, as a result, get infected.
The second reason is more complicated – security researchers have to spend quite an amount of time to find a solution to the problem and decrypt affected data. And it is much easier for a lot of companies to just pay the ransom and continue with their operations than wait around.

A next blog in this series discussing the risks for businesses due to RaaS and how can organizations and individuals protect themselves from ransomware attacks will be published soon.

For more insights/updates on cybersecurity risks, check out Supply Wisdom Alerts. Take a free trial to see how we can help you stay up-to-date on latest trends and be more proactive about monitoring and managing risks across your global locations and suppliers.