Cybercriminals Cashing In On Ransomware-as-a-Service
As ransomware continues to gain notoriety, cybercriminals are looking for the quickest, most lucrative way to spread malware and make a buck. Their preferred answer: Ransomware-as-a-Service. Ransomware-as-a-Service is where cybercriminals put their ransomware up for sale, it is then purchased and leveraged by other criminals who are technically unable to develop their own variants. Scary when you stop to think about the fact that people that are not sophisticated enough to develop malware can still use it to attack others.
How does it work? Hackers can attach a price tag that not only lets would-be hackers purchase the ransomware at an exceedingly low cost, but it also provides a lifetime license, essentially enabling anyone with a few dollars to instantly become a lifelong hacker as they wished. What is said to be an even more lucrative distribution method is charging no upfront fee, opting instead to take a percentage of whatever ransom the malware receives when it is put into action. A customer only has to provide their means of distribution to ensure the creator behind the ransomware gets their cut.
Cybercriminals have always used the Dark Web as a place to advertise their offerings. However, just like the distribution method is maturing, so is their means of advertising their malware. Some are blatantly advertising their malware just as they would their pizza or computers or apparel. Out in the open and unafraid of consequences. Various means of advertising allows hackers to target various types of customers. In doing this, cybercriminals are enabling more people, therefore, increasing crime while lining their pockets.
So who is buying these RaaS offerings? At the most basic level is customers of the spam industry, known for mostly distributing unwanted emails about products or services for sale. These customers lack any technical expertise to develop malware of their own, so they do the next best thing and buy it. At the most sophisticated level is where RaaS puts these criminals in contact with the people capable of developing evasive and destructive malware. This is where cyber-crime is at it’s height and has the biggest impact and payout.
2017 had high profile attacks using WannaCry and NotPetya strands, which is the main driving force for RaaS to gain even more steam in 2018. The more high profile attacks that occur, the more wanna-be’s surface. Making the cyber-world a very scary place. The answer is simple: protect yourself and your organization. The backup and disaster recovery solution that you deploy in your organization may be called upon to save your business, literally. 2W Tech is a full-service Consultant Firm that has IT Consultants on staff that specialize in Security Solutions. Give us a call today to ensure you are protected against what Ransomware-as-a-Service brings at us next.
7 Steps to a Holistic Security Strategy
Interested in reading this article? Click the button below to download this asset.