Ransomware is a lucrative business for criminals. It is paying off, and it is working.

According to a recent Trend Micro report, a staggering 84% of US organizations experienced either a phishing or ransomware attack in the last year. The average ransomware payment was over $500,000.

Bad actors want to keep cashing in. So they’re going as far as creating ransomware kits as a service (Ransomware as a Service) to be sold on the dark web and even setting up fake companies to recruit potential employees.

Many ransomware gangs function like real companies — with marketing teams, websites, software development, user documentation, support forums and media relations.

If the “companies” run by ransomware gangs can operate with minimal expenses and mind-blowing revenues, what’s stopping them from growing in number and size?

But, the more we know about how these gangs operate, the better we can be prepared for the next ransomware attack.

What Is Ransomware as a Service?

Ransomware attacks are on the rise because it’s easier than ever for criminals to launch an attack. So simple, in fact, that would-be attackers can download prefabricated ransomware kits containing everything they need to strike.

These ransomware kits are sold on the dark web as a service, much like the Software-as-a-Service (SaaS) model. Ransomware-as-a-Service kits provide criminals the opportunity to launch ransomware attacks with minimal technical knowledge. No malware creation skills? No problem.

Malicious actors often purchase the kits under a monthly subscription and, in many cases, are offered the opportunity to act as an affiliate of the malware creator’s service and earn a commission. Perpetuating ransomware is profitable all around.

With most RaaS kits, criminals get access to user forums, 24/7 technical support, user reviews and even discounts on future purchases.

Not only are RaaS kits crafted to minimize the technical roadblocks, but they’re also inexpensive. While the more extensive kits may fetch several thousand dollars, some ransomware kits sell for only forty dollars per month.

Using this business model, tracking and identifying these ransomware developers is more challenging since they are not the ones launching the attacks.

Unfortunately, cybersecurity experts predict RaaS to become more prevalent in 2022.

How Ransomware Gangs Operate

Ransomware is a lucrative and competitive business. In 2020, ransomware revenues were over $400 million worldwide.

Today, ransomware gangs operate much like regular, legitimate businesses would — complete with professional websites, marketing campaigns, how-to videos and even white papers.

Some ransomware gangs and operators are very well known in both black and white hat communities, and maintain a steady presence on the dark web. Many others, however, appear, disappear and reappear — often with new kits.

Would-be criminals looking to purchase a ransomware kit can even, for no money down, launch an attack and receive a smaller share of their victim’s ransom as an affiliate of a large ransomware gang. Some ransomware gangs might offer an easy-to-use interface for attack monitoring, while others only wish to deal with hackers with more technical skills.

According to Brett Callow, Threat Analyst at Emsisoft, one troubling trend to look out for is that the gangs are now using exfiltrated data in more extreme ways. “They no longer simply release it on the dark web,” he said. “Gangs use the data to contact customers or business partners or use non-publicly available information relating to mergers or IPOs as additional leverage.”

The FBI recently issued a Private Industry Notification (PIN) about the threat.

How the Enterprise Can Defend Against RaaS — Plus, Some Good News

Cybersecurity news is typically doom and gloom. How refreshing, then, to begin with some positive news on the ransomware front before outlining the best defense strategies.

“The risk-to-reward ratio today has a bit more risk and a bit less reward,” explained Callow. “Arrests, bitcoin recoveries, infrastructure disruption and bounties have given threat actors a few black eyes.”

Plus, Callow’s team of security experts have been actively pursuing a high-profile ransomware group — and they’re succeeding in helping victims quietly take back their data without dispensing any ransom.

Despite the progress, ransomware is not going away in 2022. For the enterprise, a robust ransomware defense strategy can only fortify its cybersecurity posture.

The backbone of that strategy is ensuring you follow a robust backup process. Backups should be regular and frequent. The more frequent the backups, the less data you are at risk of losing. Whenever possible, backups should be stored on different devices in different locations.

Backups aside, here are the key critical elements to include in your ransomware defense strategy:

– Embrace zero trust, enforce least privilege principles. IBM Security X-Force recommends that organizations apply least-privilege methodologies like zero trust so that user access is limited to what they need to do their jobs.

– Test employees. By testing employees with simulated phishing attacks, the chances of being successfully phished with a real ransomware email can diminish.

– Patch frequently. Maintaining an aggressive and current patch management policy can foil attackers that maliciously use zero-day vulnerabilities in their ransomware attacks — a notable threat intelligence trend.

– Change default passwords. This defense tactic is overlooked and underrated, as a default password is one of the easiest ways for a bad actor to gain easy entry and access.

– Use MFA wherever possible. While MFA isn’t foolproof, it’s a massive improvement over password-only protection and can be the difference between a successful and foiled attack.

– Use current antivirus and endpoint protection. AV solutions must be updated as often as possible since ransomware is constantly evolving to avoid detection. Additional endpoint protection solutions that detect suspicious behavior and untrusted applications should also be given serious consideration.

– Strip/limit/prohibit email attachments containing executables. Organizations may configure their email gateways to scan attached ZIP archives, but often forgo stripping or removing the executables. If the executable is malicious, it’s an easy way for attackers to bypass other endpoint controls.

– Foster a culture of security. When everyone in the organization, from the executive to the entry-level employee, is encouraged to participate in security, risk typically decreases.

More from Data Protection

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Defensive Driving: The Need for EV Cybersecurity Roadmaps

As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting from Point A to Point B. They also offer a new path for network compromise that could put drivers, companies and infrastructure at risk. To help address this issue, the Office of the National Cyber Director (ONCD) recently hosted a…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

How the CCPA is Shaping Other State’s Data Privacy

Privacy laws are nothing new when it comes to modern-day business. However, since the global digitization of data and the sharing economy took off, companies have struggled to keep up with an ever-changing legal landscape while still fulfilling their obligations to protect user data. The challenge is that there is no one-size-fits-all solution regarding data privacy's legal requirements. Depending on the location and jurisdiction, data privacy laws can vary significantly in terms of scope and enforcement. But while the laws…