Add to Cart: Ransomware-as-a-Service

Field Chief Security Officer, Asia Pacific, Infoblox

Ransomware attacks affected 134 Singaporean organizations in 2018—a 54 percent increase from 2020. The growth of ransomware-as-a-service is a growing cyber threat that is growing in sophistication, prevalence, and accessibility. While this may be linked to a lack of cyber hygiene practices and adequate network defenses, the Cybersecurity Agency of Singapore (CSA) also underlines this (RaaS).

RaaS, which is a component of the hacking-as-a-service model, enables malware producers to sell their ransomware tools to criminals willing to launch a cyberattack for a fee. Ransomware attacks are made easier to carry out by RaaS, which creates a pay-to-play environment that enables novices to create cyberattacks that are more sophisticated than they are.

CIO World Asia spoke to Alvin Rodrigues, Field Chief Security Officer, Asia Pacific, Infoblox about how organizations can better understand RaaS and building up cyber resilience.

Proliferation of RaaS Over the Past Few Years

RaaS, or ransomware as a service, was inspired by the growth of Software-as- a-service. Significant threat actor organizations like DarkSide and REvil rent out their malware infrastructure to other cybercriminals, enabling affiliates to carry out ransomware operations using previously created ransomware tools. They receive a portion of each successful ransom payment in exchange.

Users of RaaS do not require any prior knowledge or expertise to effectively deploy the ransomware tools. Threat actors frequently target large, high-revenue enterprises that can afford to pay hefty ransoms and employ RaaS to encrypt and steal important data.

Through the high-profile ransomware assaults on JBS and Colonial Pipeline, RaaS has already demonstrated its ability to worsen the ransomware epidemic. In 2020, RaaS-based platforms accounted for almost two thirds of ransomware outbreaks, and demand is only increasing. In order to meet this increasing demand, new ransomware affiliate programs including Zeppelin and Avaddon have been operational since 2020.

RaaS Changing Modern Ransomware Operations

Although they lack the abilities to create their own malware and conduct an attack, many hackers are eager to profit from the ransomware assaults’ payouts. However, these criminals might use RaaS platforms on the dark web to make their purchases. These systems substantially resemble the assistance provided by many genuine SaaS applications, offering support, forums, documentation, and updates.

For hackers, the price is quite inexpensive compared to the expenditure required to create their own ransomware. Some platforms charge a one-time fee, a monthly fee, or even have no upfront costs; threat actor organizations are paid a portion of the ransom paid in the event that an assault is successful.

Highly targeted RaaS assaults may be immensely profitable since they can exfiltrate data or hold it hostage while also demanding huge ransoms. RaaS gives access to ransomware infrastructure to a larger group of fraudsters, who may now use a “spray and pay” strategy to disseminate their assaults widely. Threat actors in these situations may employ social engineering strategies, such as carefully worded emails, or target a vulnerability unique to or often utilized by their intended victim group.

Mitigate Risks from Ransomware Attacks and Protecting Data for Small-Medium Enterprises (SMEs)

SMEs must impose stricter security requirements on their working environments. For instance, SMEs may utilize spam filters on email systems, implement multifactor authentication that necessitates revalidation at every entrance, and update their software often. These projects all don’t need a significant tech expenditure.

Additionally, it is crucial for SMEs to provide their staff with training on cyber hygiene and security procedures. When it comes to ransomware attacks, staff for many SMEs are the first line of defense online. Unfortunately, workers are frequently the most exposed.

SMEs must provide staff with training so they may become informed about cyber security and the hazards associated. In a sense, SMEs will want their staff to be hypervigilant and exceedingly careful about visiting dubious websites, opening dubious email attachments, and clicking on dubious URLs in current times where cyberthreats are prevalent.

Singapore’s Latest Cybersecurity Technology

Singapore’s most recent cybersecurity plans are thorough. In order to keep organizations ahead of more sophisticated assaults, they address the continuously evolving array of cyberthreats and demand a more coordinated and consistent effort from both the public and commercial sectors. In order to assist the latter better their cyber security policies, steps are also being done to close the gap between organizations and cyber security companies.