What is Ransomware-as-a-Service?

What is Ransomware-as-a-Service

Ransomware-as-a-Service (RaaS) is a service offered by cyber-criminals that enables those without the relevant technical skills to launch their own ransomware campaigns. Ransomware-as-a-Service vendors offer a variety of subscription models, which include monthly subscription plans, a one-time license fee, affiliate programs, and other types of shared profit schemes.

The Rise of Ransomware-as-a-Service

In the last five years we’ve seen a notable increase in the number of organizations falling victim to ransomware attacks. We’ve also seen an increase in the size of the organizations being targeted and the size of the payments being demanded and made.

To make matters worse, the attack methods have become increasingly more sophisticated. For example, attackers started to steal the victim’s files before encrypting them, and then threatened to expose them if they refuse to pay the ransom – a technique referred to as the “Double Extortion” technique.

Now, we have the “Triple Extortion” technique, which is where the attackers also target the victim’s customers and business partners, in an attempt to extort them too. However, it’s likely that RaaS has played the biggest role in the rapid rise of attacks we’ve seen in the last two years.

How Ransomware-as-a-Service works

RaaS vendors sell kits on the dark web using many of the same marketing techniques that legitimate cloud vendors would use to sell Software-as-a-Service (SaaS). For example, Ransomware-as-a-Service (RaaS) vendors will offer packages that include 24/7 email support, support forums, documentation, video tutorials, feature updates, and more.

Affiliates will also be able to read reviews about the vendors to determine whether they are likely to deliver on their promises. RaaS kits start from around $40 per month, although the “premium” subscriptions can be thousands of dollars. However, given that the average ransomware payment in 2021 was $570,000, a few thousand dollars isn’t that much in comparison.

Once the affiliate has created an account and paid for their subscription in Bitcoin, they can login to their control panel and start building their own ransomware package. They will have access to a “Command and Control” dashboard, where they can manage and monitor their campaign.

Most RaaS packages will offer a payment portal, where they can configure the ransom amount, customize ransom notes, manages decryption keys, keep track of payments, as well as negotiate with their victims. They will also have the option of managing how and where any leaked information is stored and displayed, which they can use to pressure their victims into paying the ransom. Some of the more advanced RaaS platforms will provide a wealth of statistics, such as the total number of files encrypted, the number of payments made, the total amount paid, the location of their victims, and any other relevant information.

Ransomware-as-a-Service examples

Some of the most widely used RaaS kits, include; Locky, Goliath, Shark, Stampado, Encryptor, and Jokeroo. In terms of RaaS operations, DarkSide, REvil, Dharma, and LockBit are some of the most prolific service providers on the dark web.

Tips for How to Prevent Ransomware-as-a-Service Attacks

Below are some of the most commonly cited ways to minimize the likelihood of an attack, and to ensure a quick and effective response, were an attack to unfold.

1. Education

Given that employees are the weakest link when it comes to ransomware attacks, it is crucial that all employees are subject to some form of security awareness training to ensure that they know how to identify suspicious emails, attachments, websites, and applications.

2. Backups

Naturally, it’s a good idea to ensure that you take regular backups to ensure that you have the option to back up your data if you decide not to pay the ransom.

3. Updates

Attackers will often try to exploit known software vulnerabilities in an attempt to infect a system with ransomware. As such, all relevant software patches must be installed as soon as they become available.

4. Technology

While there are no fool-proof technologies that can prevent a ransomware attack from unfolding, it’s still a good idea to use the latest and greatest anti-malware/anti-phishing technologies available.

Likewise, use a Data Security Platform that can automatically detect and respond to events that match a pre-defined threshold condition. While such techniques won’t prevent the attack from being initiated, they can at least prevent the attack from spreading.

If you’d like to see how the Lepide Data Security Platform can protect your data from ransomware attacks, schedule a demo with one of our engineers or start your free trial today.