Light Dark
January 3, 2022 By Mark Stone 4 min read
Data Protection
Endpoint
Incident Response
Risk Management
Security Services

Ransomware is a lucrative business for criminals. It is paying off, and it is working.

According to a recent Trend Micro report, a staggering 84% of US organizations experienced either a phishing or ransomware attack in the last year. The average ransomware payment was over $500,000.

Bad actors want to keep cashing in. So they’re going as far as creating ransomware kits as a service (Ransomware as a Service) to be sold on the dark web and even setting up fake companies to recruit potential employees.

Many ransomware gangs function like real companies — with marketing teams, websites, software development, user documentation, support forums and media relations.

If the “companies” run by ransomware gangs can operate with minimal expenses and mind-blowing revenues, what’s stopping them from growing in number and size?

But, the more we know about how these gangs operate, the better we can be prepared for the next ransomware attack.

What Is Ransomware as a Service?

Ransomware attacks are on the rise because it’s easier than ever for criminals to launch an attack. So simple, in fact, that would-be attackers can download prefabricated ransomware kits containing everything they need to strike.

These ransomware kits are sold on the dark web as a service, much like the Software-as-a-Service (SaaS) model. Ransomware-as-a-Service kits provide criminals the opportunity to launch ransomware attacks with minimal technical knowledge. No malware creation skills? No problem.

Malicious actors often purchase the kits under a monthly subscription and, in many cases, are offered the opportunity to act as an affiliate of the malware creator’s service and earn a commission. Perpetuating ransomware is profitable all around.

With most RaaS kits, criminals get access to user forums, 24/7 technical support, user reviews and even discounts on future purchases.

Not only are RaaS kits crafted to minimize the technical roadblocks, but they’re also inexpensive. While the more extensive kits may fetch several thousand dollars, some ransomware kits sell for only forty dollars per month.

Using this business model, tracking and identifying these ransomware developers is more challenging since they are not the ones launching the attacks.

Unfortunately, cybersecurity experts predict RaaS to become more prevalent in 2022.

How Ransomware Gangs Operate

Ransomware is a lucrative and competitive business. In 2020, ransomware revenues were over $400 million worldwide.

Today, ransomware gangs operate much like regular, legitimate businesses would — complete with professional websites, marketing campaigns, how-to videos and even white papers.

Some ransomware gangs and operators are very well known in both black and white hat communities, and maintain a steady presence on the dark web. Many others, however, appear, disappear and reappear — often with new kits.

Would-be criminals looking to purchase a ransomware kit can even, for no money down, launch an attack and receive a smaller share of their victim’s ransom as an affiliate of a large ransomware gang. Some ransomware gangs might offer an easy-to-use interface for attack monitoring, while others only wish to deal with hackers with more technical skills.

According to Brett Callow, Threat Analyst at Emsisoft, one troubling trend to look out for is that the gangs are now using exfiltrated data in more extreme ways. “They no longer simply release it on the dark web,” he said. “Gangs use the data to contact customers or business partners or use non-publicly available information relating to mergers or IPOs as additional leverage.”

The FBI recently issued a Private Industry Notification (PIN) about the threat.

How the Enterprise Can Defend Against RaaS — Plus, Some Good News

Cybersecurity news is typically doom and gloom. How refreshing, then, to begin with some positive news on the ransomware front before outlining the best defense strategies.

“The risk-to-reward ratio today has a bit more risk and a bit less reward,” explained Callow. “Arrests, bitcoin recoveries, infrastructure disruption and bounties have given threat actors a few black eyes.”

Plus, Callow’s team of security experts have been actively pursuing a high-profile ransomware group — and they’re succeeding in helping victims quietly take back their data without dispensing any ransom.

Despite the progress, ransomware is not going away in 2022. For the enterprise, a robust ransomware defense strategy can only fortify its cybersecurity posture.

The backbone of that strategy is ensuring you follow a robust backup process. Backups should be regular and frequent. The more frequent the backups, the less data you are at risk of losing. Whenever possible, backups should be stored on different devices in different locations.

Backups aside, here are the key critical elements to include in your ransomware defense strategy:

– Embrace zero trust, enforce least privilege principles. IBM Security X-Force recommends that organizations apply least-privilege methodologies like zero trust so that user access is limited to what they need to do their jobs.

– Test employees. By testing employees with simulated phishing attacks, the chances of being successfully phished with a real ransomware email can diminish.

– Patch frequently. Maintaining an aggressive and current patch management policy can foil attackers that maliciously use zero-day vulnerabilities in their ransomware attacks — a notable threat intelligence trend.

– Change default passwords. This defense tactic is overlooked and underrated, as a default password is one of the easiest ways for a bad actor to gain easy entry and access.

– Use MFA wherever possible. While MFA isn’t foolproof, it’s a massive improvement over password-only protection and can be the difference between a successful and foiled attack.

– Use current antivirus and endpoint protection. AV solutions must be updated as often as possible since ransomware is constantly evolving to avoid detection. Additional endpoint protection solutions that detect suspicious behavior and untrusted applications should also be given serious consideration.

– Strip/limit/prohibit email attachments containing executables. Organizations may configure their email gateways to scan attached ZIP archives, but often forgo stripping or removing the executables. If the executable is malicious, it’s an easy way for attackers to bypass other endpoint controls.

– Foster a culture of security. When everyone in the organization, from the executive to the entry-level employee, is encouraged to participate in security, risk typically decreases.

 |  |  |  |  | 
Mark Stone

More from Data Protection
October 25, 2024

Addressing growing concerns about cybersecurity in manufacturing

4 min read - Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface.According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.Apparently, the data being stored in industrial control systems is…

October 24, 2024

3 proven use cases for AI in preventative cybersecurity

3 min read - IBM’s Cost of a Data Breach Report 2024 highlights a ground-breaking finding: The application of AI-powered automation in prevention has saved organizations an average of $2.2 million.Enterprises have been using AI for years in detection, investigation and response. However, as attack surfaces expand, security leaders must adopt a more proactive stance.Here are three ways how AI is helping to make that possible:1. Attack surface management: Proactive defense with AIIncreased complexity and interconnectedness are a growing headache for security teams, and…

October 22, 2024

What NIST’s post-quantum cryptography standards mean for data security

2 min read - Data security is the cornerstone of every business operation. Today, the security of sensitive data and communication depends on traditional cryptography methods, such as the RSA algorithm. While such algorithms secure against today’s threats, organizations must continue to look forward and begin to prepare against upcoming risk factors.The National Institute of Standards and Technology (NIST) published its first set of post-quantum cryptography (PQC) standards. This landmark announcement is an important marker in the modern cybersecurity landscape, cementing the indeterminate future…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature