The Rise of Ransomware as a Service and 7 Simple Ways to Protect Your Organization

Ransomware attacks are increasing rapidly, and one of the key reasons for this spike in attacks is ransomware as a service. According to SonicWall, ransomware attacks increased 63% between Q1 and Q2 0f 2021 to reach 188.9 million attacks. In the SonicWall report, the company shared, “Even if we don’t record a single ransomware attempt in the entire second half (which is irrationally optimistic), 2021 will already go down as the worst year for ransomware SonicWall has ever recorded.”

Ransomware-as-a-Service may be driving this trend. Researchers at Group-IB found that almost two-thirds of the ransomware attacks they analyzed in 2020 came from ransomware groups that were using the ransomware as a service model.  Let’s explore what ransomware as a service is, and then we’ll share some simple ways you can protect your organization.

What is Ransomware as a Service?

Ransomware as a Service (RaaS) is a criminal version of the business franchise or affiliate model. As with any franchise model, there can be varying levels of guidance, tools and materials involved, but the result is the same – it ensures criminals no longer need to be skilled developers to launch successful ransomware attacks.

In the ransomware as a service model, a crime group (the “operator”) provides software, services and tools to facilitate a ransomware attack. These often include an easy-to-use dashboard for tracking victims, a chat portal for negotiating with victims, the ransomware itself, and playbooks for the criminals to follow. The “affiliates” execute the attacks and pay a subscription fee or agree to split the profits in exchange.

CrowdStrike shared that ransomware operators  that use the affiliate model may retain 30 – 40% of the revenue when one of their affiliates receives a ransom. According to Palo Alto, the average ransom payment climbed 82% in the second half of 2021 to reach $570,000. This translates into a lucrative payday for both the ransomware as a service operator and the affiliate.  No wonder some of the most active strains of ransomware – REvil, Phobos, Conti and LockBit – have adopted the ransomware as a service model!

How Can you Protect Your Organization?

Now that conducting ransomware attacks is a point-and-click exercise for criminals, it’s even more important than ever to ensure you are taking steps protect your organization. Here are some simple tips to help reduce your risks:

1. Use multi-factor authentication (MFA). This is one of the foundational actions your organization can use to decrease the risks of MANY different types of cyberattacks. MFA is a simple way to verify your identity and thwart hackers. Most MFA programs use two out of three of the following factors:
   1. Something you know – such as a username or password
   2. Something you have – a physical token or authenticator app, for example
   3. Something you are – such as a fingerprint or retinal scan

The extra MFA factor is a simple way to keep hackers out of your account, even in the event that a cybercriminals has stolen your password. These days, MFA is available on most major cloud platforms, and also a built-in option for many mobile devices such as iPhones and laptops. Take advantage of this powerful tool, and encourage everyone in your organization and supply chain to use it!

2. Provide ongoing cybersecurity training for everyone in your organization. According to the 2021 Verizon Data Breach Investigations Report(VDBIR), social engineering and phishing accounted for over 80% of successful data breaches. All it takes is one person to download an infected file, click a malicious link on social media, or answer a suspicious phone call, and a hacker can lock every file in your organization. Ensure every employee in your organization has general cybersecurity awareness training so they can identify, avoid, and report potential phishing attacks or suspicious activity. You should also get special training for your executive team and BOD, as well your IT team. Both of these groups should be prepared for a ransomware attack, be involved in proactive mitigation planning and be prepared to act quickly to minimize the damages.
3. Stay up-to-date on software patches. One of the easiest and most inexpensive solutions is to patch regularly and implement priority patches immediately. You should also consider using a patch management system to keep your organization current.
4. Backup regularly and test your backups. Ensure that your organization maintains a copy of your backups that is not writable, even if a cybercriminal manages to take over your network. This way, they can’t be deleted or encrypted along with the rest of your data if you are hit with a ransomware attack.
5. Proactively monitor your logs. Cybercriminals can lurk for weeks or months, monitoring conversations, siphoning off valuable data, and eventually installing ransomware. Even trusted tools, such as the Kaseya remote management system or SolarWinds software, can be hacked and used against you. Effective monitoring and logging can help you to detect these intrusions early on—or even prevent them from happening in the first place. Watch our educational video on how to leverage monitoring and logging to prevent ransomware and reduce your risk of a breach.
6. Conduct proactive threat hunting. Proactive threat hunting is still an underutilized cybersecurity technique. A 2020 SANS reportfound that while 65% of companies now have threat hunting programs, the majority of these programs are immature. In 2020, there were over 3,900 data breaches, and hackers averaged 56 days of dwell time in a network before being detected. While dwell time is down 28% from the previous year, imagine the information a hacker can gather from you network in 56 days. Proactive threat hunting can help you nip attacks in the bud. Read our blog on proactive threat hunting to find out how you can strengthen or jump start your organization’s program.
7. Test your preparedness and identify gaps with incident response tabletop exercises. This is a sure way to see if your entire organization is ready to respond quickly and effectively to an incident. Tabletop exercises enable your organization to identify the strengths and gaps in your processes. It ensures that your team knows what to do and has a solid plan – this can dramatically reduce the time and expenses from a breach. Read our blog on how to run your own tabletop exercise for more information.

We hope this information helps you better understand and protect your organization from the rising risks of ransomware and ransomware as a service. Contact us if you need help preventing or responding to a ransomware attack. Our experienced team is here to help.