A Majority of Ransomware Attacks Are Coming From RaaS. Learn Why & What You Can Do
One of the biggest stories in cybersecurity over the last year has been the rise of ransomware. Unfortunately, these types of attacks have become more and more dangerous as of lately, due to the increased volume of attacks being made, increase in ransom demands, and how much we are relying on our data. In 2020, ransomware attacks rose 485% and remediation costs have more than doubled. The average ransom paid has jumped to $170,404.
In addition, we’ve also already seen several high-profile ransomware attacks that have happened so far in 2021. Examples include the Microsoft Exchange Server breach, which impacted over 200,000 organizations, the Colonial Pipeline ransomware attack, and the attack on JBS, the world’s largest supplier of beef and pork.
What is driving the huge increase in ransomware? It is being driven in large part by the appearance of Ransomware as a Service (RaaS).
What is Ransomware as a Service?
Similarly to how Software as a Service (SaaS) changed the model for how people use software applications, RaaS has changed how easy it is for someone to conduct a ransomware attack.
SaaS made apps that used to be too expensive for small businesses accessible for a much lower monthly rate. Maintenance for the application falls on the cloud developer, which took the stress off the end users. It’s in their best interests to make the application as easy for people to use as possible.
The same is true of Ransomware as a Service. Large criminal organizations looking for more ways to capitalize on the profitability of ransomware attacks have set up RaaS. It allows novice criminals with no coding experience to purchase a ransomware attack package that gives them the ability to conduct attacks.
Ransomware as a Service now accounts for nearly two-thirds of all ransomware attacks.
RaaS is set up in much the same way as SaaS. It’s advertised to have help desk support, flexible packages, and profit-sharing of the “bounty” from a successful attack.
Users that sign up for the service are termed “affiliates.” The packages can vary from flat-rate pricing to subscription plans with a division of the ransom. In some cases, affiliates can earn as much as 80%.
With the average ransom demand for these attacks being over $100,000, one can see how RaaS would be attractive to wannabe hackers and scammers. RaaS kits can start as low as $40 per month and include everything a scammer needs: a step-by-step guide, phishing emails, the ransomware code to deploy, and more.
How to Defend Against Ransomware Attacks
One of the reasons that ransomware and RaaS have become so popular is that it has become a very profitable business for criminal groups. This is due to the fact that most victims end up paying the ransom.
In the case of Colonial Pipeline, it paid $4.4 million, and JBS paid $11 million to attackers. In fact, approximately 56% of ransomware victims end up paying the ransom.
Therefore, if you want to keep your company secure and avoid falling victim to one of the biggest risks to business continuity, you need to adopt several cybersecurity best practices.
Educate Employees on How to Spot Phishing Attacks
A staff of well-educated employees can significantly reduce the risk of your company falling victim to a ransomware attack. Therefore, it’s important to provide training to help employees know what to watch out for.
You should cover all the different types of phishing, but don’t forget there are several different types:
- Email phishing
- SMS phishing
- Social media phishing
- Phone phishing
Back Up Data & Monitor Your Backups
Backing up your data isn’t enough. You also need to monitor your backups regularly! Monitoring the backups ensures that no problems have occurred that would cause them to stop or become corrupted.
Create & Practice a Response Plan
Having a well-practiced response plan in place can mean the difference between an attack that costs you thousands of dollars and a quick bounce back from a ransomware hit.
Create a step-by-step incident response plan for ransomware. Have your team practice this regularly, including full data restoration. In the event that an infection does occur, this will ensure everyone knows what to do and damage can be mitigated.
Institute Strong Endpoint Security
All endpoints should have security measures in place, including the following: antivirus/anti-malware, a firewall that can identify malicious traffic, DNS filtering to block phishing sites, and automated patch and update management.
By protecting your endpoint devices, you can help prevent the spread of ransomware throughout your network should an infection occur.
Use Zero-Trust Security Tactics
Zero-trust is a security philosophy that helps protect against the most sophisticated threats, including zero-day exploits.
Begin deploying zero-trust principles throughout your business. These include tactics such as:
- Multi-factor authentication
- Application safe-listing
- Application ring-fencing
- The Rule of Least Privilege
- Cloud access security broker (CASB)
Get a Security Assessment to Reduce Your Risk of Falling Victim to Ransomware
Removing network vulnerabilities is key to avoiding a devastating ransomware attack. Copperband Technologies can help your southern Kentucky or Middle Tennessee business with a full security assessment to identify and address any vulnerabilities.
Contact us today to schedule a consultation! Call 931.263.8000 or email us.