Ransomware is a common cyber threat, with 20% of all cybercrime incidents involving ransomware programmes, according to IBM.
But what is ransomware exactly?
What is ransomware?
Ransomware is a type of cybercrime where hackers will access a company’s (or person’s) data, lock it down, and demand ransom money to get it back.
Ransomware attacks are one of the most common and profitable outcomes of data exfiltration for cybercriminals.
It has evolved into its own prosperous industry – known as Ransomware-as-a-service, or RaaS – that operates at a highly professional and sophisticated level.
What is ransomware as a service?
Ransomware as a Service is a subscription-style service that attackers can use to carry out cyber-attacks.
Infamous ransomware programmes like LockBit and BlackBasta are used via this RaaS model.
This new form of “ready to go” hacking has lowered the bar for cybercrime and means that criminals with limited technical knowledge now have the power to access sensitive data.
With large corporations like Ferrari recently confirming a ransomware attack was to blame for exposing its customer data, it’s critical that businesses understand how the ransomware economy works in order to develop an effective security strategy.
Below is a brief overview of the Ransomware landscape.
Ransomware as a Service operators (who are they?)
Beginning at the top, a RaaS operator builds and powers the mechanisms that harm the victims and develops a channel of communication to discuss the ransom payment options.
Basically, they create the programme that allows a cyberattack to happen.
The malicious code they design is called a payload programme, and a pay gateway is what’s used to collect payment from their victims. Without the RaaS operator creating these functions, a data attack wouldn’t be as profitable or functional.
RaaS affiliates (those paying for the ‘service’).
Affiliates are individuals or groups who are co-operating with one or more RaaS programmes or organisations. Essentially, they are fellow hackers who are using someone else’s programme.
They access RaaS programmes through a subscription or payment model such as:
- Monthly subscriptions
- One-time fees
- Affiliate programmes
- Profit sharing schemes
It really is that simple. Like subscribing to Netflix, but for cyber-attacks.
The affiliates are in charge of deploying the malicious payload programme that the operator has created. This is also when data exfiltration occurs, though how the data is extracted depends on the affiliate’s skill set and ransom goal.
This is typically a quick process to avoid detection, with Microsoft reporting that the median time for an attacker to begin moving laterally within a compromised corporate network is only 1 hour and 42 minutes.
Their aim is to get in and out before anyone even notices.
Access brokers (the lockpicks in the middle).
The attackers require network access to deploy the RaaS payload programme, which they can obtain from access brokers.
Access brokers identify companies or individuals with weak network security and attempt to gain access to the network via malware campaigns or vulnerability exploitation. They then sell this access data to cybercriminals.
They’re like lockpicks for vulnerable companies who are hired by would-be cyber attackers.
How to protect from ransomware attacks.
As more everyday devices get connected to the internet, your business’s span of vulnerability grows wider and wider.
So, how does ransomware protection work? It’s important to know how to protect from ransomware attacks.
Luckily, there are also some simple methods to reduce your risk.
1. Reduce your network attack surface.
You can help yourself avoid ransomware scams by reducing your network attack surfaces and continually testing for any weak points in your network.
2. Hold cyber security training.
Cyber security training is also important for staff, helping people to identify phishing, suspicious links and signs of social engineering.
3. Make offline backups.
Making regular backups of your data onto non-internet-connected devices (such as external hard drives) is also a good practice.
4. Use Two Factor Authentication.
As simple as it sounds, setting up 2FA (Two Factor Authentication) on your mobile devices is also one of the simplest ways to stop ransomware hackers from accessing your data.
Ransomware protection can be as simple as these 4 steps. However, for more vulnerable organisations, 24/7/365 ransomware protection may be necessary.
ANS Managed Detection Response services.
ANS offers a MDR (Managed Detection and Response) service to help you protect yourself against ransomware attacks, including:
- Security Orchestration, Automation & Response (SOAR)
- Microsoft Sentinel
- 24/7/365 UK-based Security Operations Centre (SOC) team
- Microsoft Defender Extended Detection & Response (XDR)
- Threat Intelligence
- Dark Web Monitoring
- MTRE ATT&CK
With the highest security certifications possible, ANS’ Managed Detection and Response service provides end-to-end threat detection, response and containment of cybersecurity threats.
The key takeaway? Data exfiltration is sophisticated.
Ransomware attacks have become a profitable industry within cybercrime, with more organised and sophisticated plans of ransomware attacks.
The risk of a successful ransomware attack increases when multiple parties collaborate on various attack phases, such as selling network access data or building ransomware payment portals, due to coordinated planning and specialised skill sets.
By taking sensible measures to protect your network and a secure MDR service, you can stop yourself from becoming a statistic.
Book in a call to see how we can help.