The number of ransomware attacks have been increasing in recent years, and this is partly linked to the rise of Ransomware-as-a-Service. But what is it and how does it work?
What is RaaS?
Ransomware-as-a-Service (RaaS) is a subscription-based business model used by some ransomware groups that enables affiliates – those who pay the subscription – to use their ransomware tools to launch attacks. These out-of-the-box tools can be used on an ongoing basis as long as the affiliates continue to pay for it.
RaaS is most commonly used to spread cyptomalware but, according to Kaspersky, since the end of 2019, many ransomware developers have also included data theft as part of the service with which they can threaten victims with its publication if the ransom is not paid.
Who are some of the main RaaS players?
According to CrowdStrike, the RaaS market is competitive, and you will often see ransomware groups running the operations like a legitimate business with marketing and sales strategies. And this is because they can make a lot of money. In 2020, total ransomware revenues were around $20 billion, up from $11.5 billion the previous year.
Some of the big players include REvil, DarkSide, Dharma and LockBit. One of the most prolific groups – Hive – was recently taken down by the FBI.
Why are RaaS attacks so dangerous?
RaaS enables bad actors to launch more targeted attacks because they are human operated. This means that they will take time to research their targets and can time the launch of the attack to do the most damage possible.
Will RaaS attacks continue?
The nature of RaaS makes it easier for people with fewer technical skills to get into the extortion business, which means more attacks are likely in future. It is also making it harder to stop, because law enforcement can no longer just focus on the group carrying out the attacks, they also need to stop it at the source.
RaaS makes it even more crucial for businesses to take their cybersecurity seriously. To prevent attacks, you should: back-up data consistently, keep software updated, maintain staff cybersecurity training and employ specific proactive detection and protection tools.