The Rise of Ransomware as a Service

What’s a company’s most valuable asset? Is it the fixed assets? The workforce? The established business relationships with partners? It may be none of these things. In 2022, it may be the company’s data.

The value of data has never been higher. In fact, some analysts have posited that for many companies, the value of their data is greater than the value of the company, according to Douglas B. Laney writing for Forbes magazine.

In previous years, as investors clawed for scraps at Sports Authority’s and Radio Shack’s ‘going out of business’ sales, the highest bidders were not interested in their inventories of jockstraps and joysticks, but rather in their customer data.”

This reality, of course, has led to companies investing in people, processes, and technology to protect their data from theft. And while data theft — in which hackers swipe customer data to empty bank accounts or file fraudulent tax returns — is still a legitimate risk, many hackers are finding it more lucrative to simply hold the data hostage using ransomware.

Since ransomware is software that encrypts a company’s data on a computer or network and locks it up in a way that’s impossible to unlock without an encryption key, so it is like digital hijacking. It’s followed by demands for payment in order to regain access to critical data and operations and is sometimes so sophisticated that the bad actors offer customer service to those who have had their data hijacked. Many companies are simply dead in the water while they’re under attack from ransomware and are often obligated to pay the extortion money to the attackers if they ever hope to use their data again and resume normal operations.

Ransomware is on the Rise

According to a recent study by ThoughtLab, the average number of cyberattacks and data breaches increased by 15.1% from 2020 to 2021. Security analysts have noted that the pace of attacks will likely accelerate due to social engineering and ransomware as malicious nation-states, organized crime groups, and lone wolves become more sophisticated. At the same time, 29% of CEOs and CISOs and 40% of chief security officers stated that their organizations are unprepared for this new threat landscape.

For developers who create ransomware software for their own use, the only way to achieve a return on investment is to use the software themselves, which involves a number of risks, or sell it for a high price to organized cybercrime groups. Potential targets may be harder to attack today because businesses are more aware of the threat and have taken steps to mitigate them. And while it’s difficult for law enforcement to arrest and prosecute individuals or groups engaging in ransomware attacks, it does happen on occasion.

So how does a shady developer earn money on a sophisticated ransomware solution? By turning it into a service and essentially renting it out to anyone who wishes to perpetrate ransomware attacks but doesn’t have the IT know-how to create a solution of their own. In addition to a monthly fee for the use of the solution, ransomware developers can demand a portion of the ransom users receive — typically between 20% and 30%.

What is Ransomware as a Service?

Ransomware as a service (RaaS) is a criminal business model in which ransomware creators and operators essentially charge “clients” or affiliates for the use of ransomware tools. Essentially, it’s a way to outsource the crime of ransomware attacks using the software as a service (SaaS) business model. It removes the barriers to engaging in ransomware attacks, as it can be purchased for a modest sum by anyone who visits the dark web marketplaces where it’s marketed and sold.

RaaS, which was developed by organized crime syndicates, is a lucrative business. It follows the SaaS model in a number of ways. Developers often sell RaaS “kits” that include round-the-clock tech support, bundled products and complementary technologies, user reviews and forums, and other benefits typically offered by the providers of SaaS solutions. Payment for services is often rendered in cryptocurrency in order to avoid detection by law enforcement. Many ransomware creators even employ expert negotiators so users can tap their expertise in communications with victims. Some RaaS creators allow their users to access dashboards that sum up total payments from victims and the total number of files successfully encrypted.

The costs of a RaaS solution are negligible compared to the “value” criminal actors can reap from ransomware: the 2021 CrowdStrike Global Security Attitude Survey revealed that the average ransom demand in 2021 was $6 million.

The Colonial Pipeline Attack: RaaS in Action

In May of 2021, the Houston-based oil pipeline system Colonial Pipeline suffered a ransomware attack on the computerized equipment that controls the pipeline carrying gasoline and jet fuel to the American Southeast. Colonial Pipeline provides about 45% of the fuel used on the U.S. east coast. The attack, which was carried out using a RaaS solution by the criminal hacking group DarkSide, shut down all pipeline operations and brought fuel delivery to a halt, forcing many airline companies to cancel flights. The ransom money (75 bitcoin, or about $4.4 million at the time of the attack) was paid by Colonial Pipeline under the guidance of the FBI, and the company was able to resume most operations by the end of the week but not before causing fuel shortages, a rise in local gas prices, and panic buying. Ultimately, the U.S. Department of Justice was able to claw back about $2.2 million of the ransom money.

Companies Need to Prepare for a Surge in Ransomware Attacks

Without significant preparation, disruptions from ransomware attacks are likely to become more severe in the coming years. Most global organizations — even large companies — are still extremely vulnerable to these types of attacks, and the proliferation of ransomware as a service solutions will enable most hackers — even those without IT expertise of their own — to try their hand at a ransomware attack. Traditional backup and recovery plans are not enough to prevent attacks.

While many small business operators may believe that they are too inconsequential to be a target for ransomware, this is demonstrably not the case. Hackers often seek softer targets that may be less prepared for an attack. And while large companies can sometimes weather the ransom payment, the results can be catastrophic for a small and growing business. In addition, while the costs of development for traditional ransomware software meant large targets were more desirable as marks, RaaS solutions allow even minor criminals to lucratively target smaller businesses.

Managed service providers can use a multi-strategy approach to keep their clients safe from potential ransomware attacks. This includes a combination of malware protection, digital rights management and encryption, tools such as VPNs and reliable endpoint protection, software patches, firewall protections against malware for cloud networks, DNS security to detect websites that could host malware, and multi-factor authentication which will stop hackers from launching a ransomware attack by stealing a password.

For MSPs, a good first step is helping clients to understand how common ransomware attacks are becoming — even for SMBs — and how their current cybersecurity programs are likely rife with opportunities for extortionists to get through. The critical next step is to make absolutely certain your BDR solution has ransomware protection and that you can offer true business continuity to clients.

Thwart Ransomware with AirGap

Axcient AirGap saves and protects a snapshot of your data so it can be restored in the event of a malicious or accidental deletion. It’s your last line of defense when there’s a cyber-attack on your backup files. Here’s how it works…

The chain-free x360Recover platform creates a gap – in the form of a firewall – between the actual filesystem and the recovery solution. The backup and disaster recovery and business continuity (BDDR)  tool continuously takes native snapshots of your filesystem and keeps them in a safe location separate from your actual filesystem. Hackers are tricked into thinking they’ve found the filesystem root and backup files, but in reality, you’re safe! Additionally, Axcient AirGap ensures that hackers targeting backup files do not obtain access in the first place, with multiple validations required to delete Protected System backups.

As a built-in enhancement to your BDR solution, Axcient AirGap creates a protected environment that makes data destruction nearly impossible – whether from a ransomware attack or any other type of disaster. Most importantly, Axcient AirGap quickly recovers your Protected Systems in as few as 15 minutes. That near-instant recovery eliminates the stress, financial burden, and loss of business caused by downtime.

The Benefits of Axcient AirGap for MSPs:

  1. Cost-effective:  Significantly increase your BDR return on investment (ROI) by eliminating the risk of ransomware and potential ransom payments, loss of data, regulatory fines, downtime costs, and damage to your business reputation.
  2. Preventative:  Reduce accidental deletions and ransomware threats with multiple validations required to delete Protected System backups.
  3. Worry-free:  Your data is safe no matter what with native snapshots of Protected Systems stored in a safe location, separate from your actual filesystem.
  4. Almost instant recovery:  Quickly get back to business with one call to Axcient’s 24/7/365 Support Team, or utilize Virtual Office for self-managed recovery and virtualization.
  5. Choice and flexibility:  Choose the installation, storage environment, and restore process that works best for your business?
    • Direct-to-Cloud hardware-free BDR, or
    • Pre-installed on-site BDR appliance.
    • Build your own hardware using Axcient installation media.
    • Offsite replication of backups to the Axcient Cloud or BYODC (Bring your Own Data Center).
    • Self-host to a private cloud.
    • Restore backups from either cloud.

Download the AirGap datasheet for full details.

Going Beyond Backup for Data Protection and Business Continuity

Data protection is more strategic than ever for MSPs and their SMB clients, but backup alone is no longer enough to ensure security and business continuity. The Axcient x360 Platform enables MSPs to provide their clients with comprehensive business continuity and disaster recovery (BCDR) through a single cost-effective solution. Axcient’s x360Recover product offers AirGap technology that separates backup requests from the actual backup mechanics to prevent malicious deletion using unique features.

If you’re ready to put ransomware fears in the past, learn more about x360Recover  or sign up for our free 14-day trial and explore Axcient today.[/vc_column_text

Start Your Free Trial

 

 

More Great Stuff From Our Blog:

Check out some other interesting pieces from our blog: More advances in Usability and Automation: hot new capabilities in automation and usability releases for AutoVerify, failback for Hyper-V, and Local Cache in x360Recover, or get the skinny on how we can offer unlimited data retention and storage with no complicated tiered pricing (Seriously!), learn how you can ditch pricey on-site appliances with Local Cache for Direct-to-Cloud BCDR., we dove into how chain-based backup works and why chain-free is the way to be, we talked with Jason Phelps from Huntress Labs about planning for the next ransomware attack, and hear our CEO David Bennett explain why the current cybersecurity landscape means traditional backup is dead.

Menu