Among the stealthiest of cyberattacks, Ransomware-as-a-Service (RaaS) is known to have a reputation. Ransomware attacks have been going uphill on the graph for a couple years now. Given the opportunity of the pandemic, opportunistic cybercriminals are attracted to easy money, more than ever before. That’s why there has been a global increase of 40% in ransomware attacks, reaching 199.7 million cases in Q3 of 2020. The increase has been a devastating 139% in the United States, reaching 145.2 million cases in the same time frame.
What is RaaS; an Introduction
RaaS is a shift of Ransomware attacks from linear to multidimensional. With a RaaS model, affiliate criminals can subscribe to the services of a ransomware kit, by paying a certain percentage of each successful ransom payment to the owners of the kit.
It works on the business model commonly used in Software companies in offering Software as a Service (SaaS).
Why is RaaS a Bigger Threat
RaaS is a far greater threat than a linear ransomware attack because it can be successfully employed by unskilled criminals as well. In the past, technical knowledge was needed in order to launch a cyberattack but now all cybercriminals need to do is buy a subscription, use readymade tools, and pay an amount of money to carry out vicious attacks. When such a threatening setup falls into the hands of greedy criminals, it empowers them to execute sophisticated attacks without experience.
How Damaging can it be?
Cyberattacks involving RaaS are quite expensive to recover from. The average ransom demand increased by 33% since Q3 2019 to $111,605. Some of the RaaS providers also earned up to 80% of each ransom payment, which means that the attackers demanded high ransom payment to make their 20% worthwhile.
How Does RaaS Work?
The RaaS model requires a skillfully engineered ransomware code, developed by trusted developers and a stream of affiliates or distributors who are willing to buy the subscription. The ransomware code has to be trustworthy to be able to penetrate target environments. It’s usually well reputed for multi-end user infrastructure. A license is then issued to multiple affiliates for the proliferation of the malicious code. The RaaS subscription comes with either a one time or a monthly subscription.
An average RaaS kit may cost ranging from $40/month to several thousand dollars, generating more lucrative profits like the average ransom demand of Q3 2020; i.e., $234,000. This average ransomware payment in 2021 increased by 82% to $570,000.
RaaS also provides its affiliates with supporting documents that include guides to launch ransomware attacks. Advanced RaaS models also provide dashboards for monitoring attack status of each ransomware infection.
Attack Workflow of RaaS Infection
Most Cyberattacks use the vector of phishing attacks. This method is employed to lure victims into providing sensitive information by pretending to be some authority. It involves fake login pages, phishing emails and identity theft of legitimate organizations like banks and World Health organization. Phishing attacks can steal login credentials and banking information, and can also be used to distribute malware using malicious attachments or links in seemingly harmless emails.
When a RaaS victim clicks a link or malicious file in the email attachment, they are either redirected to exploit site or a ransomware is downloaded and executed on their systems. The phishing emails use popular themes, like those of invoices, account suspension or more recently, of COVID-19.
Once the ransomware is executed on the system, it performs reconnaissance for sensitive files and immediately begins to encrypt them. It then appends an extension to the names of all encrypted files and deletes all shadow copies and backups from the system. Now when the files are irretrievable, it leaves a ransom note as the desktop wallpaper, that has payment and contact information for the payment of ransom amount.
In most cases, the affiliates will threaten online publishing of data in case the victim fails to pay the ransom amount.
How does X-PHY® SSD Help Protect against RaaS
X-PHY® has a built-in detection system whenever a malicious file is being executed on a system. It prevents data encryption or theft at all costs. Whenever a threat is detected, X-PHY® SSD blocks the threat immediately. It encrypts its contents and locks the device. A notification is sent to the user informing about the attack.
How to Setup Ransomware Protection
After execution of any ransomware file, the ransomware is detected and the X-PHY® drive is locked, the device is shut down immediately to stop the ransomware’s execution.
To unlock X-PHY®, the user will have to use connected duo authentication to unlock X-PHY®, otherwise, it remains locked. After unlocking, X-PHY® will have recorded all events in the event log, and the user can now access data in a normal way.
With the growing evolution in cybercrime, more lucrative models like RaaS are likely to unfold. Organizations need to be one step ahead of the cybercriminals to be able to conduct their businesses without falling victim to cyber attacks. More technological advancements are underway, and the existing ones like the X-PHY® SSD need to be put to use for safeguarding organizations, their data, confidentiality and integrity. Therefore, tools like X-PHY® SSD are rapidly making their way into the security measures of all key organizations. X-PHY® SSD has a promising future as a key asset in cyber secure organizations.