What is Ransomware as a Service? Learn About the New Business Model in Cybercrime

What is Ransomware as a Service? Learn About the New Business Model in Cybercrime Ransomware as a service operations have seen tremendous growth in the short time since their emergence. Learn about these attacks and how to protect against them in Data Protection 101, our series on the fundamentals of information security. What is Ransomware as a Service?   Ransomware is a type of malware that encrypts a victim’s files, holding them hostage unless the victim pays a ransom for their decryption. Ransomware is usually spread using phishing emails and infected websites. Ransomware attacks have extorted billions from victims over the past fifteen years or so, but a newer development in the ransomware delivery model has taken this threat to a whole new level: ransomware as a service (RaaS). This new trend has seen cybercriminals offering their ransomware operations – from delivery all the way through to taking ransom payments – for hire as a service or via web platforms, typically for a cut of the ransom gains or a fixed fee. How Prevalent is Ransomware? In a span of 11 years, there have been close to 7,700 ransomware cases reported to the Internet Crime Compliance Centre, ranging from attacks on individuals to infections of entire corporate networks. This number is more than the data breach cases reported within the same period. A report from January 2017 put the total earnings from ransomware attacks at over $1 billion in 2016 alone. Protecting Against Ransomware as a Service While RaaS is expected to fuel an explosion in ransomware attacks, the defences against Ragas are no different from the defences against typical ransomware attacks. In a previous post on this blog, Juliana de Groot offers 8 tips for ransomware protection: Back up your files regularly and frequently: having diligent data backup processes in place can limit the damage caused by a ransomware attack significantly, as encrypted data can be restored without paying a ransom. Complete operating system and any software updates as soon as possible: software updates typically contain patches for security vulnerabilities and should be installed as soon as they’re made available. Enable automatic updates whenever possible to streamline this process. Do not click on email attachments or links from unconfirmed sources: email is a popular medium for phishing attacks that distribute ransomware or other malware via infected attachments or links to malicious websites. Disable Autorun for all mounted devices: disabling auto run will prevent malware from being able to spread autonomously, an important step in containing malware should an infection occur. Disable macro content in Microsoft Office applications: in many cases ransomware is spread via infected Microsoft Office documents that contain malicious macros that will download and execute the malware once run. Disabling macros by default can help to prevent compromises even if an infected file is opened by a user. Disable remote desktop connections when possible: disabling this feature will prevent attackers or malware from being able to access users’ devices and files remotely. Only log in as an administrator for as long as necessary: limit administrator privileges and the use of admin accounts whenever possible to ensure that a user that has been compromised isn’t inadvertently granting administrative privileges to an attacker who has gained access to their account. Deploy security software to bolster ransomware protection: there are a variety of solutions that can help prevent ransomware infections. At the bare minimum, antivirus solutions and firewalls can help to block known, common malware strains. For additional protection, companies should consider advanced threat protection solutions to improve ransomware detection and blocking capabilities.