Does Ransomware-as-a-Service Enable More Cyber-Criminals?

Written by

Ransomware is continuing to dominate the headlines, with attacks like WannaCry and NotPetya causing chaos. In fact, last year, over 50% of organizations where hit by ransomware, and on average they were struck twice, according to Sophos research.

Therefore, it’s no surprise to see that there has been an increase in RaaS (Ransomware-as-a-service) on the dark web as people look to make a quick buck at the expense of others

As you may be aware, Ransomware is software that is downloaded onto your device or network which blocks access to computer systems and valuable files. This results in the victims having to pay sometimes extortionate amounts to get their valuable files back, with no guarantee that they will once payment is complete.

Businesses of all shapes and sizes are falling victim to this increasingly aggressive and brutal style of attack. Furthermore, ransomware attackers don’t discriminate against who they target - they are all vulnerable.

What is RaaS?
Cyber-criminals are always inventing into more sophisticated attacks, yet it has now become even simpler for amateur cyber-criminals to jump on board the ransomware train. Ready-made solutions, known as ‘Ransomware-as-a-Service’ (RaaS), are now incredibly easy to obtain through the Dark Web.

This means any amateur cyber-criminal can quickly stage, execute, and reap the rewards of an attack. One of the RaaS products researched by SophosLabs in detail is Philadelphia, brought to the market by ‘The Rainmaker Labs’ – a sophisticated kit that allows least technically savvy among us to perform a cyber-attack.

Vast improvements in social engineering have also taken over, making it more challenging for potential victims to spot a malicious email. This means that the previously noticeable misspelling, incorrect business logos or poor grammar that once gave away a malicious email is no longer the norm.

We can therefore expect more people to fall victim to ransomware attacks than ever before. More users are also going to be recognizing the risks of ransomware via emails, so cyber-criminals are looking to explore other methods of infection.

Some are starting to use built-in tools or even no executable malware at all, to avoid detection by endpoint protection code that focus on executable files.

What’s more concerning is the pace at which ransomware has transformed. It is only a question of time before we see things beyond data being ransomed. Although it is perhaps a while off before we have a sufficient mass of internet-enabled cars or homes, but this still begs the question: how long before the first car or house is held for ransom by a cyber-criminal? 

How to stay safe?
With Sophos research revealing that ransomware attacks cost organizations $133,000 last year on average, it is critical that businesses be prepared. To ensure that you and your business stays out of harm’s way, here are some top tips to ensure your business is as safe as can be from ransomware:

Backup regularly and keep a recent backup copy off-line and off-site
There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.

Enable file extensions
The default Windows setting is to have file extensions disabled, meaning you must rely on the file thumbnail to identify it. Enabling extensions makes it much easier to spot file types that wouldn’t commonly be sent to you and your users, such as JavaScript. Ensure these are always switched on. 

Don’t enable macros in document attachments received via email
Microsoft deliberately turned off auto-execution of macros by default as a security measure. A lot of infections rely on persuading you to turn macros back on - don’t fall for this! 

Be cautious about unsolicited attachments
The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt leave it out.

Patch early, patch often
Malware that doesn’t come in via a document often relies on security bugs in popular applications, including Microsoft Office, your browser, Flash and more. The sooner you patch, the fewer holes there are to be exploited.

Stay up-to-date with new security features in your business applications
For example, Office 2016 now includes a control called “Block macros from running in Office files from the internet”, which helps protect against external malicious content without stopping you using macros internally. 

Explore Anti-Ransomware Technology
Consider using a security vendor which has implemented advanced anti-ransomware technology into its products, providing an extra layer of security and offering peace of mind. 

What’s hot on Infosecurity Magazine?