Cybersecurity threats are only increasing as the digital transformation continues. And one of the biggest threats in 2022 is Ransomware-as-a-Service (Raas), which offers bad guys easy access to all the essential resources to launch a ransomware attack.
While Colonial Pipeline, Kaseya, JBS, and the Ukraine cyberattack stand out as examples of recent ransomware incidents, the threat is everywhere.
“By the end of 2021, it’s estimated that an organization will be hit by ransomware every 11 seconds,” according to a Venafi-sponsored study conducted by Sapio Research, which evaluated data from 1,506 IT security officers across the U.S., U.K., Germany, France, Benelux and Australia.
Enter the RaaS Economy. “If you're unfamiliar with RaaS, then just know that it's a business for criminals, by criminals to make carrying out ransomware attacks that much easier,” according to Palo Alto Networks. “The operators…run the RaaS…like a perverted version of a media streaming service – delivering new content directly to their subscribers.”
(See: Venafi’s Global Security Report.)
The key takeaway is RaaS lowers the technical barrier of entry and thus becomes a force multiplier for the ransomware economy. “The easier it becomes to acquire these services, the more appealing they become to potential cybercriminals looking to break into the game. RaaS frees individuals from needing the technical knowledge and know-how to craft their own ransomware or even to break into an organization's network,” says Palo Alto Networks.
Like any business, both ends of the business model benefit. The operator gains scale and can focus on maintaining the backend infrastructure, while the affiliate gets access to the ransomware and infrastructure and can focus on infiltrating networks and infecting computers, as noted by Check Point Software.
APT41 Perfects Code Signing Abuse to Escalate Supply Chain Attacks
The RaaS model
“RaaS operators maintain the ransomware malware, offer a payment portal for victims, and may provide the ‘customer service’ that victims might need,” says Check Point. Affiliates are responsible for spreading the ransomware. Any ransom paid is split between the operator and the affiliate.
As a new, burgeoning underground economy, ransomware operators seek fast growth, according to Lotem Finkelstein, Head of Threat Intelligence at Check Point Software.
“RaaS is yet another example of how threat actors consider their attacks as a business – and constantly seek growth,” Finkelstein said in comments made to Venafi.
“The RaaS model offloads the actual attack from the gangs and they enjoy the commissions. They already have the product ready, and…provide relatively unskilled attackers with the power to execute these complex attacks,” according to Finkelstein.
“This was definitely the accelerator for ransomware in the past 18 months,” he adds.
LockBit, REvil/Sodinokibi, DarkSide, and Netwalker are criminal gangs noted for advertising on their affiliate programs on underground forums in a constant hunt for new affiliates.
And as affiliates grow so does the threat. In 2020 the total amount of ransom paid by cyberattack victims was close to US$416 million. This figure is projected to double in 2021 and double again in 2022. And the total average cost to rectify ransomware attacks is estimated to be $1.85 million, more than double the US $761,106 cost reported in 2020, according to Sophos.
The great disappearing act
Another reason for RaaS growth is flexibility and mutability. A ransomware variant can seemingly vanish overnight and then reappear under another name. If the ransomware is getting too much media attention or not working as expected, just do a reset. “Not a big deal; roll the dice on a new RaaS,” says Palo Alto Networks, adding that this makes it challenging to attribute attacks to any single criminal organization.
Greed of course is at the root of all RaaS as headlines blare out news about attacks raking in tens of millions of dollars. As long as these headlines keep appearing, RaaS will continue to thrive.
Venafi can help
Venafi CodeSign Protect is an all-in-one machine identity management solution for code signing keys and certificates. Insecure private keys, rogue software teams, and lack of policy enforcement loom as constant challenges. An in-depth understanding of the latest code signing compromise techniques could be what saves your network from a financially devastating cyber-attack. To support IoT and Zero Trust security models, explore the enterprise wide machine identity management provided by Venafi Trust Protection Platform.
Why Do You Need a Control Plane for Machine Identities?
Related posts