Ransomware as a Service: What to Know and How to Combat It
Here's what to know about a growing scourge.
You may be surprised to know that Hollywood has created over 88 films centered on hacking and/or the Dark Web between 1969 and 2017. If you are interested in the entire list check it out at a Cybersecurity Ventures post here. Most of these movies sensationalize the hacker lifestyle and, at once both glamorize and horrify the viewer regarding what’s available on the Dark Web. But even with all of Hollywood’s unbridled imagination, they haven’t (yet) shown that an “as a service” market is very active there.
X as a Service Evolves
There was a period in the late 1990’s when it seemed like every headline announced a new cloud-based service. Thus was born the “as a service” market (XaaS) where everything was offered to ease your administrative burdens and lower your costs for platforms (PaaS), infrastructure (IaaS) and software (SaaS). According to ZDNet editor, Charles McLellan,
“There are now thousands of SaaS applications, available from internet giants to startups, along with services from rather fewer providers of the other two key pillars of cloud computing: platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS).”
So, is it really a surprise that cyber criminals would at some point jump on this wagon and offer ransomware as a service (RaaS)?
The Dark Web Strikes Again
Unfortunately, the Dark Web is not just a figment of Hollywood’s imagination. It is a real place where real criminals make real money (or bitcoins). It is also the staging ground for RaaS offerings.
RaaS is really financially very lucrative. According to a recent Security Magazine article by Mounir Hahd,
“The cost associated with RaaS is varied. In 2016, criminals released ransomware variant Stampado on the Dark Web for a mere $39, one of the first widespread and cost-effective instances of RaaS. This price tag not only let would-be hackers purchase the ransomware at an exceedingly low cost, but it also provided a lifetime license, essentially enabling anyone with $39 to instantly become a lifelong hacker as they wished.
Other ransomwares charge no upfront fee, opting instead to take a percentage of whatever ransom the malware receives when it is put into action. A customer only has to provide their means of distribution to ensure the creator behind the ransomware gets their cut. This approach often has lucrative effects – as of late 2016, the notable RaaS operation Cerber was estimated to be earning $200,000 a month.”
You should expect this trend to only continue as it profits for these bad actors increase and organizations still fail to adequately prevent all forms of zero-day threats.
How to Combat RaaS
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!