Ransomware has been on the cybersecurity radar for several years now as one of the more dangerous forms of malware, but recent surges in attacks have pushed it front and center.
No matter what size business you have, ransomware has become a bigger problem. Just one attack can shut down a company for days, bringing about desperation to get back up and running that fuels ransom payments and embolden the attackers.
The attacks on Colonial Pipeline and JBS that impacted millions through higher gas and meat prices are just the tip of the iceberg as far as how bad ransomware has become.
In 2020, ransomware attacks grew 485%. In addition, ransom demands have increased significantly, more than doubling in the last 12 months, and there seems no end in sight.
What’s the reason for the sudden spike in attack volume and cost? One of the biggest reasons is Ransomware as a Service (RaaS).
What is Ransomware as a Service?
A little over a decade ago, businesses were introduced to a new concept in how they use their software. Instead of making a one-time purchase and then handling everything from there themselves, they were given a cloud-based version in the form of Software as a Service (SaaS).
The SaaS model introduced the notion of users making smaller monthly payments and getting access to multiple business tools. The environment was handled completely by the SaaS provider, making it easy for anyone to enjoy the benefits of the service.
Ransomware as a Service (RaaS) uses this same model. Providers offer criminals a pre-built ransomware attack service that they simply subscribe to. They don’t need to know how to deploy an attack or even how to hack computers, the service model makes it easy for even novices to carry out these types of attacks.
Anyone Can Now Try Their Hand at a Big Score
Ransomware has proven to become the most lucrative of malware attacks. Most companies end up paying attackers the ransom because of how devastating these file-locking attacks are, and how desperate companies are to get back up and running.
Unfortunately, too many companies are unprepared with both a backup and a response recovery plan. They end up never testing their backup restoration process so when they get hit with an attack, they often opt to pay the attacker as their best option.
68% of U.S. companies attacked with ransomware in 2020 paid the ransom.
With companies paying ransoms from a few thousand dollars (small businesses) into the millions (large corporations), any criminal looking for a piece of the ransomware economy can now take their bite at the apple.
RaaS has exponentially increased the number of ransomware attacks around the world by democratizing this type of hack.
How Does the RaaS Model Work?
Large criminal organizations that offer RaaS will advertise on the Dark Web much in the same way that software companies advertise their cloud services.
They’ll offer things like:
- 24/7 Support
- Flexible payment plans
- Flat monthly subscription fees
- Affiliate programs for hackers to earn money from their code
- User reviews
- Help & FAQ forums
Pricing models can differ according to service and may include a profit-sharing of the ransom between the user and the provider. It can also include a flat rate to use the service, and the user keeps any ransoms they’re able to get.
What is the Best Way to Defend Against Ransomware?
To defend against ransomware, you need to take a two-pronged approach that focuses on:
For mitigation, you want to reduce your risk of a ransomware attack by deploying safeguards, such as device monitoring and protection, a strong firewall, and phishing protection.
Phishing is still the #1 delivery method for all types of malware, including ransomware. Phishing safeguards include email filtering, a DNS filter, and ongoing employee awareness training.
For the recovery preparation, you need to have a current and reliable backup of all your data, and this includes any data that you store in cloud services. Cloud data can also be corrupted by ransomware that spreads through a syncing computer.
In addition to having a backup, it’s vital that you have an incident response plan that you practice regularly. This would mean planning out exactly what to do in the case of a ransomware attack and then doing a full data recovery drill to ensure you’ve chosen the right backup and recovery system.
Often companies that do have a backup still end up paying the ransom because they’ve never tested their backup recovery and are unsure how fast they can recover their data. Testing this and choosing a system with rapid data recovery can save you from having to pay the attacker.
Start Here for Your Incident Response Planning
Pro Tech Guy can help your Framingham business put together a solid backup and recovery system as well as an incident response plan that keeps you fully protected.
Contact us today to learn more. Call 508-364-8189 or reach us online.