Protecting Your Digital Infrastructure From Ransomware-as-a-Service Attacks

Camellia Chan, CEO and Founder at X-PHY, a Flexxon brand, explores….

Ransomware-as-a-Service (RaaS) is a pay-per-use form of malware that allows individuals to purchase and rent ransomware tools to extort stolen or encrypted data. Breaking from traditional forms of cybercrime, where highly technical hackers take on larger corporations and governments, RaaS is more accessible and does not require the technical skills malicious actors previously needed.

It has led to an increase in the scale and variety of attacks, meaning smaller businesses and start-ups typically lacking the resources to invest in robust cybersecurity are at present facing tremendous risk.
And of 39% of businesses in the UK experiencing a cyber-attack in the last 12 months, around one in five attacks were from ransomware. In this article, we will investigate the rise of RaaS, how it operates, and some practical solutions to protect your business.

RaaS variability and its risks

The new age of malware attacks is upon us, and organisations require flexible and updated forms of cybersecurity to deal with today’s threats. No longer are remote desktop applications and compromised credentials simply the entry points of choice, but Microsoft found Microsoft Exchange Server on-premises vulnerabilities are also being targeted.

Ransomware variants are evolving to become multifaceted software that can adapt to overcome whatever barriers stands between it and its target. The BlackCat ransomware is one example: its unconventional Rust programming language, possible entry points, and ability to encrypt and exfiltrate data to then be used for ‘double extortion’ make it a real threat. It has attracted an in-depth Microsoft report detailing its capabilities.

RaaS attacks vary considerably based on the affiliate launching them, making detection and defence a more significant challenge. No two attacks are the same, with BlackCat proof that even attacks based on the same malware will vary. As such, frequently reviewing current cybersecurity infrastructure is now necessary to safeguard businesses from the ever-evolving tactics of RaaS providers.

Reducing the cyber-crime skills gap with RaaS

One of the most significant changes in detecting cybercrime in the wake of RaaS is the number of different entities involved. While RaaS operators develop the infrastructure, access brokers focus on the identity posture and external access portals. To complete the process, the affiliate buying the RaaS handles the exfiltration of data to ransom, to then deploy the actual ransomware payload.

By increasing the number of disconnected parties involved, cyber criminals guarantee they are both more challenging to trace, and associate with whom they are working in tandem. And thanks to the limited skills required to access and use ransomware, developers tend to be directly involved in coordinating attacks and negotiations with victims. Therefore, the criminal network becomes more elaborate and practical while the RaaS ecosystem continues to develop.

RaaS: a gig economy?

Like the ‘gig economy’, which in the last decade emerged to fill gaps in traditional markets, the RaaS industry has responded to market changes. After all, it is a human-operated form of ransomware, meaning that selling or renting the service provides a lower risk and greater profitability.

The Cerber ransomware variant of 2021 is an example of this, operating by licencing the ransomware to other cybercriminals, with the developers taking a cut from the revenues generated. It provides a more flexible criminal system by laying the groundwork for external parties to leverage attacks for a small licencing fee.

Since RaaS is a service that can sell to anybody on the black market, competition between providers has reinforced its place as entirely dependent on its effectiveness and ease of use. In some cases, RaaS kits come with 24/7 support and review forums to demonstrate the credibility and trust of providers. It can also sell in different ways, with monthly subscriptions, one-time licence fees and profit-sharing schemes.

Safeguarding your cyber infrastructure with Zero Trust and AI

RaaS presents a significant risk to your businesses. And with the growing squeeze from cost-of-living hikes, cybersecurity – which doesn’t always provide tangible ROI – could be sacrificed in a bid to reduce costs.

Organisations should adopt a ‘when’, not ‘if’ approach to cyber protection – especially smaller business which are around 50% predicted to go bust within six months of a cyber-attack.

Rather than looking outward, businesses should assume attackers are already inside their network since it is likely that insecurities are evident to malicious actors. Adopting a Zero Trust framework is a solution where internal and external users and activity are continuously validated. It’s the digital equivalent of having your ID checked before any activity.

Keeping on top of data to ensure it is monitored and analysed can seem daunting, but that’s where AI and ML can be used to complement the process due to its ability to analyse large amounts of data and quickly identify and flag potentially harmful activity.

Ultimately, RaaS has brought ransomware capabilities to the masses. You no longer need to possess technical expertise to launch devastating attacks that are off-the-shelf ready. In response, businesses should assume they will be targeted and introduce their own advanced capabilities to spot and defend against the evolving threat.