The Rise of Ransomware as a Service

What’s a company’s most valuable asset? Is it fixed assets? The workforce? The established business relationships with partners? It may be none of these things. In 2023, it may be the company’s data.  This blog was written for MSPs to share with their clients to educate them on the threat of ransomware and help them understand the increasing threats to SMBs and why they must be prepared.

The value of data has never been higher. In fact, some analysts have posited that for many companies, the value of their data is greater than the value of the company, according to Douglas B. Laney writing for Forbes magazine:

“In previous years, as investors clawed for scraps at Sports Authority’s and Radio Shack’s ‘going out of business’ sales, the highest bidders were not interested in their inventories of jockstraps and joysticks, but rather in their customer data.”

This reality, of course, has led to companies investing in people, processes, and technology to protect their data from theft. And while data theft — in which hackers swipe customer data to empty bank accounts or file fraudulent tax returns — is still a legitimate risk, many hackers are finding it more lucrative to simply hold the data hostage using ransomware.

Since ransomware is software that encrypts a company’s data on a computer or network and locks it up in a way that’s impossible to unlock without an encryption key, so it is like digital hijacking. It’s followed by demands for payment in order to regain access to critical data and operations and is sometimes so sophisticated that the bad actors offer customer service to those who have had their data hijacked. Many companies are simply dead in the water while they’re under attack from ransomware and are often obligated to pay the extortion money to the attackers if they ever hope to use their data again and resume normal operations.

Ransomware is on the Rise

According to a recent study by ThoughtLab, the average number of cyberattacks and data breaches increased by 15.1% from 2020 to 2021. Security analysts have noted that the pace of attacks will likely accelerate due to social engineering and ransomware as malicious nation-states, organized crime groups, and lone wolves become more sophisticated. At the same time, 29% of CEOs and CISOs and 40% of chief security officers stated that their organizations are unprepared for this new threat landscape.

For developers who create ransomware software for their own use, the only way to achieve a return on investment is to use the software themselves, which involves a number of risks, or sell it for a high price to organized cybercrime groups. Potential targets may be harder to attack today because businesses are more aware of the threat and have taken steps to mitigate them. And while it’s difficult for law enforcement to arrest and prosecute individuals or groups engaging in ransomware attacks, it does happen on occasion.

So how does a shady developer earn money on a sophisticated ransomware solution? By turning it into a service and essentially renting it out to anyone who wishes to perpetrate ransomware attacks but doesn’t have the IT know-how to create a solution of their own. In addition to a monthly fee for the use of the solution, ransomware developers can demand a portion of the ransom users receive — typically between 20% and 30%.

What is Ransomware as a Service?

Ransomware as a service (RaaS) is a criminal business model in which ransomware creators and operators essentially charge “clients” or affiliates for the use of ransomware tools. Essentially, it’s a way to outsource the crime of ransomware attacks using the software as a service (SaaS) business model. It removes the barriers to engaging in ransomware attacks, as it can be purchased for a modest sum by anyone who visits the dark web marketplaces where it’s marketed and sold.

RaaS, which was developed by organized crime syndicates, is a lucrative business. It follows the SaaS model in a number of ways. Developers often sell RaaS “kits” that include round-the-clock tech support, bundled products and complementary technologies, user reviews and forums, and other benefits typically offered by the providers of SaaS solutions. Payment for services is often rendered in cryptocurrency in order to avoid detection by law enforcement. Many ransomware creators even employ expert negotiators so users can tap their expertise in communications with victims. Some RaaS creators allow their users to access dashboards that sum up total payments from victims and the total number of files successfully encrypted.

The costs of a RaaS solution are negligible compared to the “value” criminal actors can reap from ransomware: the 2021 CrowdStrike Global Security Attitude Survey revealed that the average ransom demand in 2021 was $6 million.

The Colonial Pipeline Attack: RaaS in Action

In May of 2021, the Houston-based oil pipeline system Colonial Pipeline suffered a ransomware attack on the computerized equipment that controls the pipeline carrying gasoline and jet fuel to the American Southeast. Colonial Pipeline provides about 45% of the fuel used on the U.S. east coast. The attack, which was carried out using a RaaS solution by the criminal hacking group DarkSide, shut down all pipeline operations and brought fuel delivery to a halt, forcing many airline companies to cancel flights. The ransom money (75 bitcoin, or about $4.4 million at the time of the attack) was paid by Colonial Pipeline under the guidance of the FBI, and the company was able to resume most operations by the end of the week but not before causing fuel shortages, a rise in local gas prices, and panic buying. Ultimately, the U.S. Department of Justice was able to claw back about $2.2 million of the ransom money.

Companies Need to Prepare for a Surge in Ransomware Attacks

Without significant preparation, disruptions from ransomware attacks are likely to become more severe in the coming years. Most global organizations — even large companies — are still extremely vulnerable to these types of attacks, and the proliferation of ransomware as a service solutions will enable most hackers — even those without IT expertise of their own — to try their hand at a ransomware attack.

While many small business operators may believe that they are too inconsequential to be a target for ransomware, this is demonstrably not the case. Hackers often seek softer targets that may be less prepared for an attack. And while large companies can sometimes weather the ransom payment, the results can be catastrophic for a small and growing business. In addition, while the costs of development for traditional ransomware software meant large targets were more desirable as marks, RaaS solutions allow even minor criminals to lucratively target smaller businesses.

Managed service providers can use a multi-strategy approach to keep their clients safe from potential ransomware attacks. This includes a combination of malware protection, digital rights management and encryption, tools such as VPNs and reliable endpoint protection, software patches, firewall protections against malware for cloud networks, DNS security to detect websites that could host malware, and multi-factor authentication which will stop hackers from launching a ransomware attack by stealing a password.

For MSPs, a good first step is helping clients to understand how common ransomware attacks are becoming  — even for SMBs — and how their current cybersecurity programs are likely rife with opportunities for extortionists to get through.  After you share this article with your clients, the critical next step is to work together on a backup and sister recovery (BDR) plan for ransomware protection so that you can work to ensure true business continuity if there is an attack.

Your MSP Can Thwart Ransomware with AirGap

Your MSP uses a solution that includes Axcient AirGap, which saves and protects a snapshot of your data so it can be restored in the event of a malicious or accidental deletion. It’s your last line of defense when there’s a cyber-attack on your backup files. Here’s how it works…

The chain-free x360Recover platform creates a gap – in the form of a firewall – between the actual filesystem and the recovery solution. The backup and disaster recovery and business continuity (BDDR)  tool continuously takes native snapshots of your filesystem and keeps them in a safe location separate from your actual filesystem. Hackers are tricked into thinking they’ve found the filesystem root and backup files, but in reality, you’re safe! Additionally, Axcient AirGap ensures that hackers targeting backup files do not obtain access in the first place, with multiple validations required to delete Protected System backups.

As a built-in enhancement to your BDR plan, Axcient AirGap creates a protected environment that makes data destruction nearly impossible – whether from a ransomware attack or any other type of disaster. Most importantly, Axcient AirGap quickly recovers your Protected Systems in as few as 15 minutes. That near-instant recovery eliminates the stress, financial burden, and loss of business caused by downtime.

The Benefits of Axcient AirGap Used by MSPs:

  1. Cost-effective:  Significantly increase your BDR return on investment (ROI) by eliminating the risk of ransomware and potential ransom payments, loss of data, regulatory fines, downtime costs, and damage to your business reputation.
  2. Preventative:  Reduce accidental deletions and ransomware threats with multiple validations required to delete Protected System backups.
  3. Worry-free:  Your data is safe no matter what with native snapshots of Protected Systems stored in a safe location, separate from your actual filesystem.
  4. Almost instant recovery:  MSPs can quickly get their clients back to business with one call to Axcient’s 24/7/365 Support team, or utilize Virtual Office to spin up a virtualizated work environment for their clients.
  5. Choice and flexibility:  Choose the installation, storage environment, and restore process that works best for your business?
    • Direct-to-Cloud hardware-free BDR, or
    • Pre-installed on-site backup and disaster recovery appliance.
    • Build your own hardware using Axcient installation media.
    • Offsite replication of backups to the Axcient Cloud or an MSPs own cloud through BYODC (Bring your Own Data Center).
    • Self-host to a private cloud.
    • Restore backups from either cloud.

Download the AirGap datasheet for full details.

Final Thoughts

With the growing number of cyberthreats to companies of all sizes, backup and disaster recovery is a critical part of any business, and it is essential to have a plan in place to ensure that your data and systems are protected.  This is why MSPs offer backup and disaster recovery services to their clients. It’s critical to ensuring business continuity, and it’s something that every business should take seriously; not only is it a best practice, but it’s also something that your MSP can customize to your business needs.

Want to learn more about the threats that your business?

Learn more – read another blog created for SMBs:

How well could you sleep with reliable cloud-based backups and recovery?

Take a deep dive into Axcient’s proprietary, automated security features to see how we’re ensuring uninterrupted business continuity — no matter what: