Ransomware attacks are becoming increasingly sophisticated and complex, even evolving into an on-demand service (RaaS) among digital criminals, facilitating attacks and invasions of data systems and harming thousands of companies a year.

The concept of Ransomware as a Service (RaaS) is enabling cybercriminals to launch successful attacks on different types of businesses. And this "normality" has been reflected in numbers: ransomware attacks increased by 13% in 2021, which is more than the total recorded in the last five years.

Basically, Ransomware-as-a-service is a type of cyber attack in which criminals use pre-made software to launch an attack, usually for a fee.

This type of attack has become increasingly popular in recent years and is gaining momentum in 2022 because it allows even those with limited skills to launch a ransomware attack. In other words, it empowers cybercriminals who wish to extort their victims without necessarily possessing the technique and know-how, opening up a whole new breech of activity in the hacker universe. 

Your company at risk: RaaS attacks are more sophisticated as cybercriminals have access to better tools and resources

With the RaaS model, ransomware software becomes an easy commodity to buy and sell on the dark web. It is a "subscription-based" model, which allows affiliated criminals to use the already developed malware tools to execute attacks. 

In practice, these "ransomware kits," sold on the dark web, enable RaaS providers to provide customer support, making it easier for attackers to get help if they encounter a problem.

Ransomware-as-a-service providers typically receive a portion of any ransom paid, which gives them a financial incentive to continue developing and improving their tools. There is also the possibility of a monthly fee.  

These malware solutions pay high dividends to their affiliates. Average ransomware demand increased 33% from Q3 2019 to $111,605, with some affiliates earning up to 80% of each ransomware payment.

As a result, in Q3 2020, ransomware attacks increased globally by 40% to 199.7 million cases. In the US alone, attacks increased 139% year over year to 145.2 million cases in Q3 2020.

With this large profit margin, coupled with the convenience and ease of the RaaS model, companies need to be aware of the dangers posed by these attacks and take steps to protect themselves.

Major known variants of Ransomware as a Service

One of the first steps to be taken to prevent ransomware attacks is to be aware of the main variants that exist in the cybercriminals' "Marketplace".

Many of the biggest names in ransomware are also major RaaS operators. Some of the most dangerous variants include:

• Ryuk: one of the most widely used and high-value ransomware variants. The results of its attacks show that Ryuk is responsible for about one-third of ransomware infections in the past year. The malware is also effective in convincing targets to pay its ransom demands and has made about $150 million so far.

• Lockbit: Lockbit, which ISH has covered previously, has been around since September 2019, but has only recently entered the RaaS world. It focuses on quickly encrypting the systems of large organizations, minimizing the opportunity for defenders to detect and eliminate malware before the damage is done.
  
• REvil/Sodinokibi: REvil competes with Ryuk as the greediest ransomware variant. This malware is spread in a variety of ways, and REvil affiliates are known to exploit unpatched Citrix and Pulse Secure VPNs to infect systems.

• Egregor/Maze: The Maze ransomware variant made history as the first to introduce "double extortion," which involves stealing data as part of a ransomware attack and threatening to breach it if a ransom is not paid. Although Maze has ceased operations, related ransomware variants - such as Egregor - are still operational and run under the RaaS affiliate model.

These are just some of the ransomware variants that use the RaaS model. Many other ransomware groups also work with affiliates. However, the scale and success of these malware groups means that they have the power to attract experts to spread their malware.

Protection against RaaS attacks

To protect against ransomware-as-a-service attacks, enterprises should adopt a multi-layered approach that combines traditional cybersecurity, such as firewalls and intrusion detection, with backup and disaster recovery solutions.

Companies should consider the following steps to protect their network against RaaS attacks:

1. invest in an advanced firewall solution that can detect and block communication between malware and your servers.

2. Implement an intrusion detection and prevention solution that can monitor network traffic for suspicious activity.

3. Make sure all your devices are updated with the latest security patches.

4. Train your workforce to recognize and avoid phishing and other social engineering techniques.

5. Implement a backup and disaster recovery solution to ensure that your company can restore your data in case of a successful attack.

6. Continuously monitor your network to detect attacks in real time.

7. Have an incident response plan to ensure that your company can minimize damage in the event of an attack.

By following these steps, companies can significantly reduce the risk of suffering a successful ransomware attack.

Is your company at risk of a ransomware attack?

The answer is yes, and the risk is permanent. What many company managers and IT professionals do not realize, or have not yet become aware of, is that they are fighting an invisible enemy that is constantly evolving.

Therefore, it is critical to stay up-to-date on the latest trends in cybersecurity so that you can be aware of the threats to your business and take the necessary steps to protect your data.

Talk to one of ISH's specialists and learn how to invest in security and data protection, and leave your company one step ahead of cybercriminals.