Ransomware is a lucrative business for criminals. It is paying off, and it is working.

According to a recent Trend Micro report, a staggering 84% of US organizations experienced either a phishing or ransomware attack in the last year. The average ransomware payment was over $500,000.

Bad actors want to keep cashing in. So they’re going as far as creating ransomware kits as a service (Ransomware as a Service) to be sold on the dark web and even setting up fake companies to recruit potential employees.

Many ransomware gangs function like real companies — with marketing teams, websites, software development, user documentation, support forums and media relations.

If the “companies” run by ransomware gangs can operate with minimal expenses and mind-blowing revenues, what’s stopping them from growing in number and size?

But, the more we know about how these gangs operate, the better we can be prepared for the next ransomware attack.

What Is Ransomware as a Service?

Ransomware attacks are on the rise because it’s easier than ever for criminals to launch an attack. So simple, in fact, that would-be attackers can download prefabricated ransomware kits containing everything they need to strike.

These ransomware kits are sold on the dark web as a service, much like the Software-as-a-Service (SaaS) model. Ransomware-as-a-Service kits provide criminals the opportunity to launch ransomware attacks with minimal technical knowledge. No malware creation skills? No problem.

Malicious actors often purchase the kits under a monthly subscription and, in many cases, are offered the opportunity to act as an affiliate of the malware creator’s service and earn a commission. Perpetuating ransomware is profitable all around.

With most RaaS kits, criminals get access to user forums, 24/7 technical support, user reviews and even discounts on future purchases.

Not only are RaaS kits crafted to minimize the technical roadblocks, but they’re also inexpensive. While the more extensive kits may fetch several thousand dollars, some ransomware kits sell for only forty dollars per month.

Using this business model, tracking and identifying these ransomware developers is more challenging since they are not the ones launching the attacks.

Unfortunately, cybersecurity experts predict RaaS to become more prevalent in 2022.

How Ransomware Gangs Operate

Ransomware is a lucrative and competitive business. In 2020, ransomware revenues were over $400 million worldwide.

Today, ransomware gangs operate much like regular, legitimate businesses would — complete with professional websites, marketing campaigns, how-to videos and even white papers.

Some ransomware gangs and operators are very well known in both black and white hat communities, and maintain a steady presence on the dark web. Many others, however, appear, disappear and reappear — often with new kits.

Would-be criminals looking to purchase a ransomware kit can even, for no money down, launch an attack and receive a smaller share of their victim’s ransom as an affiliate of a large ransomware gang. Some ransomware gangs might offer an easy-to-use interface for attack monitoring, while others only wish to deal with hackers with more technical skills.

According to Brett Callow, Threat Analyst at Emsisoft, one troubling trend to look out for is that the gangs are now using exfiltrated data in more extreme ways. “They no longer simply release it on the dark web,” he said. “Gangs use the data to contact customers or business partners or use non-publicly available information relating to mergers or IPOs as additional leverage.”

The FBI recently issued a Private Industry Notification (PIN) about the threat.

How the Enterprise Can Defend Against RaaS — Plus, Some Good News

Cybersecurity news is typically doom and gloom. How refreshing, then, to begin with some positive news on the ransomware front before outlining the best defense strategies.

“The risk-to-reward ratio today has a bit more risk and a bit less reward,” explained Callow. “Arrests, bitcoin recoveries, infrastructure disruption and bounties have given threat actors a few black eyes.”

Plus, Callow’s team of security experts have been actively pursuing a high-profile ransomware group — and they’re succeeding in helping victims quietly take back their data without dispensing any ransom.

Despite the progress, ransomware is not going away in 2022. For the enterprise, a robust ransomware defense strategy can only fortify its cybersecurity posture.

The backbone of that strategy is ensuring you follow a robust backup process. Backups should be regular and frequent. The more frequent the backups, the less data you are at risk of losing. Whenever possible, backups should be stored on different devices in different locations.

Backups aside, here are the key critical elements to include in your ransomware defense strategy:

– Embrace zero trust, enforce least privilege principles. IBM Security X-Force recommends that organizations apply least-privilege methodologies like zero trust so that user access is limited to what they need to do their jobs.

– Test employees. By testing employees with simulated phishing attacks, the chances of being successfully phished with a real ransomware email can diminish.

– Patch frequently. Maintaining an aggressive and current patch management policy can foil attackers that maliciously use zero-day vulnerabilities in their ransomware attacks — a notable threat intelligence trend.

– Change default passwords. This defense tactic is overlooked and underrated, as a default password is one of the easiest ways for a bad actor to gain easy entry and access.

– Use MFA wherever possible. While MFA isn’t foolproof, it’s a massive improvement over password-only protection and can be the difference between a successful and foiled attack.

– Use current antivirus and endpoint protection. AV solutions must be updated as often as possible since ransomware is constantly evolving to avoid detection. Additional endpoint protection solutions that detect suspicious behavior and untrusted applications should also be given serious consideration.

– Strip/limit/prohibit email attachments containing executables. Organizations may configure their email gateways to scan attached ZIP archives, but often forgo stripping or removing the executables. If the executable is malicious, it’s an easy way for attackers to bypass other endpoint controls.

– Foster a culture of security. When everyone in the organization, from the executive to the entry-level employee, is encouraged to participate in security, risk typically decreases.

More from Data Protection

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

4 min read - More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal…

4 min read

IBM Security Guardium Ranked as a Leader in the Data Security Platforms Market

3 min read - KuppingerCole named IBM Security Guardium as an overall leader in their Leadership Compass on Data Security Platforms. IBM was ranked as a leader in all three major categories: Product, Innovation, and Market. With this in mind, let’s examine how KuppingerCole measures today’s solutions and why it’s important for you to have a data security platform that you trust. The Transformation of the Data Security Industry As digital transformation continues to expand, the impact it has had on enterprises is very apparent when…

3 min read

SaaS vs. On-Prem Data Security: Which is Right for You?

2 min read - As businesses increasingly rely on digital data storage and communication, the need for effective data security solutions has become apparent. These solutions can help prevent unauthorized access to sensitive data, detect and respond to security threats and ensure compliance with relevant regulations and standards. However, not all data security solutions are created equal. Are you choosing the right solution for your organization? That answer depends on various factors, such as your industry, size and specific security needs. SaaS vs. On-Premises…

2 min read

Understanding the Backdoor Debate in Cybersecurity

3 min read - The debate over whether backdoor encryption should be implemented to aid law enforcement has been contentious for years. On one side of the fence, the proponents of backdoors argue that they could provide valuable intelligence and help law enforcement investigate criminals or prevent terrorist attacks. On the other side, opponents contend they would weaken overall security and create opportunities for malicious actors to exploit. So which side of the argument is correct? As with most debates, the answer isn't so…

3 min read