Understanding Ransomware as a Service: The New Frontier of Cybercrime

When we think of ransomware, we typically picture someone in their basement. Hidden away on their laptop, trying to hack in and wreak havoc on an organization. Today, the reality is far more astonishing. Picture thousands of highly skilled coders sharing information, tips, tricks, and services. They have built a well-orchestrated network to collaborate and leverage their collective expertise. Allowing them to break into an organization’s infrastructure, cause disruption, and release ransomware for maximum impact. This is often referred to as Ransomware as a Service (RaaS), and it has emerged as a serious threat.

How does RaaS work?

RaaS is organizing cybercrime and generating criminal “specialties” that work together to breach victims’ security controls. Proliferation of the RaaS model has significantly lowered the barrier to entry, enabling even novice cybercriminals to launch devastating attacks with relative ease. RaaS kits offer everything you would expect from a software as a service model. RaaS teams create ransomware kits that can come with service packages, technical support options, and even easy to navigate payment plans.  

The cost cyber criminals, or Ransomware Affiliates, are willing to pay for these turnkey RaaS kits can range from as low as $40 per month to thousands of dollars. Price dependent on what they want included in their package. Both the RaaS delivery team as well as the affiliates have created a mutually beneficial game. The team can access potential victims they may not have been able to get to, or thought of, and the affiliates can execute a smooth attack extorting exuberant funds without the overhead cost or time of development.  

The Dangers of RaaS

RaaS operates like a legitimate business. Offering malware, social engineering services, and other capabilities in exchange for pay or a negotiated share of the ill-obtained profits. Groups like LockBit, Conti, and Hive have established themselves as significant threats, constantly evolving their tactics and targeting different sectors.

Successful ransomware attacks can lead to data breaches, operational disruptions, and crippling financial losses. Healthcare was listed as the number one industry most affected by ransomware in 2023. Imagine the vulnerability within the healthcare sector. With patient data and critical operating technology on the line, it is a common target that can devastate both the attacked organization and its patients.

Ransomware attacks are not just data theft or financial crimes; they are threat-to-life crimes.” - John Riggi, National Advisor for Cybersecurity and Risk, AHA

Ransomware does not discriminate by industry. Cybersecurity Ventures anticipates ransomware costs surpassing $265 billion by 2031. With this hefty amount of money on the table, and RaaS on the rise, there are no boundaries within which ransomware teams and affiliates are operating.

Tips on Protecting your organization from RaaS

To address these challenges, organizations need to take a holistic and proactive approach to cybersecurity that spans both on-premises and cloud environments:

1. Keep all software and hardware systems patched, updated, and current.
2. Ensure phishing-resistant multi-factor authentication is enabled for all systems, no exceptions.
3. Seek and maintain relationships with local law enforcement organizations so they can quickly help in the event of a cyber incident.
4. Maintain clear contract language on your responsibilities for data security, especially backup and recovery solutions. Maintain backups that include encryption, immutability, and pull-method backups.
5. Implement the latest NIST Cybersecurity Framework for a layered security strategy, including identity and access management (IAM), role-based access controls (RBAC), business continuity plans (BCP), employee training, and simulated phishing attacks.
6. Perform tabletop exercises (TTX) so teams learn how to rebuild networks in case of a total outage.

The above recommendations should be part of a mature strategy that includes considerations of people, processes, and technologies. While the list above provides some basic proactive tips for addressing RaaS, a more comprehensive list of what to do in the event of a ransomware attack is shown below:

Combating modern cyber threats requires collaboration between law enforcement, cybersecurity firms, and organizations to identify and disrupt malicious infrastructure, trace cryptocurrency transactions, and apprehend perpetrators.

The rise of RaaS calls for increased vigilance and proactive security measures across all sectors.

Success in this new operating environment requires a shift from perimeter-based security to an “assume breach” posture and zero-trust, at the data level.

By understanding these threats and implementing comprehensive cybersecurity measures, we can build a more resilient digital ecosystem for the future.

Check out our 30-60-90 Day Cyber Recovery Checklist to learn more.