Ransomware as a service – what is it and how to prevent it?
Ransomware attacks have more than doubled in the last 12-months alone. It’s a scary statistic that sends shudders down the spines of security teams around the world who are constantly battling cyber threats. But just why has ransomware become the weapon of choice for cyber attackers? The answer lies with time and money.
Due to the rise of Ransomware as a service (RaaS), ransomware attacks have become cheaper and quicker to execute. They also require far less knowledge or effort from the hacker and are highly profitable for cybercriminals.
Breaking down Ransomware as a service
RaaS has become a profitable business model whereby ransomware developers sell their malware as a license. Therefore, RaaS makes it extremely easy for cyberattackers to gain access to the tools they need to conduct effective ransomware attacks. A RaaS hacker simply has to log onto a portal, select their ransomware kit, and pay for it with an untraceable digital currency. It’s then very hard for them to be discovered.
RaaS businesses offer similar services to software-as-a-service (SaaS) sellers, including customer service, SLAs, fee-sharing agreements for ransom payments, and affiliate programs. RaaS firms are also very active in the commercial sphere, by conducting marketing campaigns to promote their software and provide resources to aid malicious actors with their activities.
Once the hacker has signed up to a RaaS service they are then able to target organisations directly. Malicious actors can also go after both government agencies and private organisations via their digital supply chains. For example, the Kaseya ransomware attack in 2021 saw hackers target not only the company but its customers and organisations who outsource IT management to them. The cybercriminals then demanded US$70 million in payment.
What can your organisation do to avoid a ransomware as a service attack?
Below are the three best practices to avoid becoming a victim of ransomware-as-a-service:
- Strong patching cadence
Maintaining a strong patching cadence is key. Going “back to basics” is the best way to prevent RaaS attacks. Ensuring a robust cybersecurity hygiene model and strong, consistent performance is important when it comes to protecting your network against attack.
According to RiskXchange’s patching cadence advice, patching cadence determines how many vulnerabilities are evident on your system and how many critical vulnerabilities are still to be patched. The process involves the time it takes to apply security updates to your networks, systems, and software.
A large percentage of data breaches occur because an organisation fails to update their networks, systems, and software. Organisations should apply security patches within 30 days of the software’s release to reduce cyber risk. However, most businesses are not applying patches within that time because they fear interruption to their organisation or believe that they won’t be able to cope with the work required.
- Identify misconfigured systems
RaaS attackers regularly exploit weak configuration management protocols, the misconfigured TLS/SSL configurations being the most notable. TLS/SSL certificate and configuration management have so far proven particularly challenging for security teams. Organisations tend to have hundreds, if not thousands of TLS/SSL certificates that identify each internet-connected device in their network. For security teams trying to pinpoint a TLS/SSL security misconfiguration is like looking for a needle in a haystack. RiskXchange, however, can scan for misconfigured TLS/SSL certificates alongside other vulnerabilities to help secure your network or system.
3. Continuously monitor your vendors’ security postures
The key to mitigating third-party risk is through understanding your vendors’ security postures. However, vendor evaluation via security assessments and questionnaires doesn’t always paint a full picture and only records a moment-in-time view of risk instead of an overall accurate assessment.
RiskXchange is the only platform that provides a complete 360-degree view of your attack surface, including that of your vendors. It will continuously monitor your complete attack surface, highlight any risk, and enable you to fix any issues before the attacker discovers them.
Get in touch with RiskXchange to find out more about the rise of Ransomware-as-a-Service.