4 minSecurityRansomware as a Service: Threat is now resold for controllers profit

4 minSecurityRansomware as a Service: Threat is now resold for controllers profit

Ransomware remains a critical cyberthreat around the world, particularly with the rise in popularity of the Ransomware as a Service (RaaS) business model, where criminals make the attack framework available to third parties through payments or subscriptions. .

  • Criminals can steal accounts even before they are registered by the user
  • What is ransomware? Learn all about the threat and how to remove it

Basically, RaaS allows criminals without the time or expertise to create cyber threats to have powerful ransomware services at their disposal. Ads from this type of threat can be found as easily on the dark web as if they were any product found on the surface internet.

According to digital security company ESET, there are numerous RaaS packages available to interested parties, from those that offer 24/7 support to those that can even perform digital hijacking for the contractor. Customer communities and threat package documentation are also available from the malicious service subscription.

In addition to subscription, ransomware controllers may also offer services with some revenue modalities that increase their profits. The main ones, according to ESET, are the following:

  • Affiliate programs, which are the same as a monthly fee model, but with a percentage of the profits (typically 20-30%) going to the ransomware developer;
  • One-time license fee with no profit sharing;
  • Pure profit sharing.

How Users Can Prevent Ransomware as a Service Threat

Protection from ransomware-as-a-service is the same as common digital hijacking attacks. (Image: Playback/ESET)

With this scenario and the popularization of this type of ransomware, it is important that users know how to defend themselves against these threats. For this, ESET recommends the following steps (and which we emphasize, also work for common digital kidnappings):

  • Keep all programs updated to prevent criminals from entering the corporate network through system vulnerabilities;
  • Focus your defense strategy on early detection of lateral movement and exfiltration of data to the Internet within your network. Pay special attention to outbound traffic to detect connections from cybercriminals to your network;
  • Make physical backups as attackers will not be able to change it. But make sure you successfully remove the infection before accessing the backup so you don’t compromise it;
    Get ransomware protections on all endpoints;
  • Use technologies (such as an EDR solution) to discover and detect ongoing attacks early and be able to quickly neutralize them. If possible, provide up-to-date Threat Intelligence information to the security team;
  • If you are a victim, do not pay the ransom. This will not guarantee the return of your data and will encourage criminals to keep working. Instead of paying, report the incident to your local legal authority.