RANSOMWARE
Cyber Liability :
RANSOMWARE-AS-A-SERVICE EXPLAINED
Ransomware attacks — when a cybercriminal deploys malicious software to compromise a device ( or multiple devices ) and demand a large payment be made before restoring the technology for the victim — have become a significant concern for organizations across industry lines . In fact , the latest research provides that these attacks have increased by nearly 140 % in the past year alone , with the median ransom payment demand totaling $ 178,000 and the average overall loss from such an attack exceeding $ 1 million .
A key contributor to this surge is the recent debut of Ransomware-as-a-Service ( RaaS ). Put simply , RaaS refers to a dark web business model that permits sophisticated cybercriminals to sell their ransomware software to willing buyers ( usually lessskilled cybercriminals ) who then utilize the software to launch an attack and secure a ransom payment .
The RaaS model poses a serious threat to organizations of all sizes and sectors as it allows cybercriminals of any skill level to execute ransomware attacks on their targets . Review the following guidance to learn more about the RaaS model , its impact on organizational cybersecurity , and best practices for addressing RaaS concerns .
WHAT IS RaaS ?
Although its purpose is to sell a harmful product , the RaaS model operates quite similarly to a normal business model . First , knowledgeable ransomware developers generate malicious software to be offered for sale . In order to be attractive to buyers , this software must carry a high likelihood of penetration and a minimal risk of discovery .
Once the software has been created and is ready for distribution , it gets launched as a multi-end-user infrastructure . RaaS developers then seek potential customers throughout the dark web by using typical business marketing methods such as advertisements and online forums . Some developers are more selective in whom they offer their software to , requiring customers to demonstrate certain technological skills or cybersecurity knowledge , while others are not as strict .
When RaaS developers secure buyers , these customers are usually provided with access to not only the ransomware software itself but also some form of a product portal . This portal may include detailed instructions for software implementation , user reviews , support forums , and special discounts or offers for future purchases from the developer . Customers may receive permanent access to the software they buy or only be given an allotted amount of time to utilize it ( similar to a rental agreement ).
Depending on the developer , RaaS purchases can be a one-time sale or a monthly subscription service . In some cases , RaaS developers don ’ t actually sell their software but rather recruit other cybercriminals who are willing to launch attacks using the developers ’ software in exchange for a percentage of the resulting ransom payment . This commission-based partnership is also known as an affiliate program .
6