It no longer surprises us that someone somewhere could just take over our computer systems, seize access to the file thereof, and hold the workings of our computer systems hostage until we pay a ransom. Ransomware attacks have become so common that the word "common" lacks the vitality to qualify their occurrence.
I know you still remember the Colonial Pipeline attack in 2021, and you couldn't have forgotten so soon a ransomware group, Netwalker, that targeted the University of California at Santa Barbara in the middle of COVID-19 research. These attacks cost the victims millions of dollars and disrupted services.
These are only a few recent incidents, and I'm sure you wouldn't want me to take you down a long memory lane — you are probably aware of all the horrible past incidents of ransomware attacks. You know that in each case the bad actors composed the music and forced innocent people in cyberspace to dance to its ugly beat.
What exactly is ransomware-as-a-service?
For a long time, we thought that the bad actors were cyber experts, software developers, or at least better programmers. We thought that the high technical entry barrier ensured that only people who are skilled in malware development could execute ransomware attacks, not to mention perfectly so, but we couldn't be more wrong.
Recently, we have learned that any bad actor regardless of skill set could use already-developed ransomware tools to execute ransomware attacks, while the developers would earn a percentage of each successful ransomware attack. This model has been dubbed "ransomware-as-a-service" (RaaS), and it's indeed a thing!
It's a subscription-based model that enables affiliates with low coding erudition to ride on the coding expertise of malware developers to deploy ransomware and in return pay some percentage for the service. It is an unfortunate type of software-as-a-service (SaaS) that allows an affiliate to outsource ransomware even with minimal technical knowledge of how it works.
Like every other SaaS, the users (in this case, the affiliates) of RaaS need not be technically sound or even experienced to deploy the service for their aims — RaaS is strategically designed to empower even the most novice hacker to deploy sophisticated ransomware attacks. It's like handing over a blank check to affiliates whereon they can write any amount they want.
Currently, there is a low technical barrier of entry and enormous potential for affiliate earning, all of which have incentivized more people to venture into ransomware attacks, making RaaS a prodigious design for victim proliferation. That explains the continuous upward trend of ransomware attacks that we have been witnessing.
How does ransomware-as-a-service work?
For a RaaS model to work, the developers of the ransomware must be skillful operators with expert knowledge of coding — otherwise, their reputation will be in doubt, and affiliates will not sign up and distribute their malware. Besides, reputable developers endeavor to create the malware in such a way that it has high penetration success and a low probability of being discovered.
The developers also make the malware modifiable to accommodate multiple end-users. The malign software is then licensed to the affiliates who can either pay a one-time fee to acquire the software or sign up for a monthly subscription. Some even design the RaaS to be commission-based with no monetary entry requirements — the affiliates only have to pay some percentage for successful attacks.
The developers go further to assist the affiliates in executing successful ransomware attacks by providing them with onboarding documentation that contains step-by-step instructions on how to use the malware. In some cases, the developers allow dashboard solutions for affiliates to monitor the status of a ransomware infection attempt. Scary, right?
Of course, it is! What's more, the developers recruit their affiliates on the dark web in the form of ransomware groups, like Wizard Spider. In some cases, the affiliates are required to have some technical skills to claim prestigious victims, while in other cases, the affiliates are just required to distribute the malware rapidly.
However case, every affiliate is given a custom exploit code to carry out their ransomware attacks — then the code is submitted to the website that is hosting the RaaS for the affiliate. Each time the website is updated, the RaaS user is strategically positioned to launch a ransomware attack.
How is ransomware-as-a-service delivered?
Besides being an adversarial quid pro quo model that a none technical user can employ to target a victim with a ransomware attack, RaaS is like regular ransomware that is mostly delivered to its victim through phishing. Among all the types of phishing, email phishing, wherewith a victim is delivered a cyber threat in the form of malicious links, is the most rampant.
Why? Well because it gives extensive access, especially to computers in a network. RaaS provides the affiliate with an incredibly convincing phishing email wherein malicious links are embedded, and whereon if the victims click, ransomware begins to spread in the computer system until access thereto is denied and ransom is paid.
How to avoid the penetration of ransomware-as-a-service
The recommended measures to protect against attacks from RaaS follow the same for all cybersecurity threats — which is maintaining good cyber hygiene. This includes not clicking on suspicious links in emails, especially ones that don't begin with HTTPS. Experts have warned that bi.ly sites are most likely used as malware launch pads.
To top it off, make it a habit to update the operating system of your computer systems regularly; this will ensure that every vulnerability is patched before any bad actor can exploit it. Endeavor to use an up-to-date firewall and filter to sieve the emails that get delivered to you, and make using VPN normal to shield yourself from clicking on the wrong things while online.