Highly lucrative Ransomware as a Service attacks poised to accelerate in 2017

Ransomware can be likened to global warming. It’s been around for years, but it’s now becoming an epidemic which needs serious attention.

According to a recent survey conducted by Osterman Research, nearly 50% of U.S. companies experienced a “ransomware incident” over the last year. Without taking into account the number of unreported ransomware incidents, the FBI estimated $209m was paid to ransomware criminals in Q1 2016. This would bring the total cost of ransomware to well over $1bn for the year in the U.S. alone.

One of the contributing factors to the rapid rise of ransomware attacks is the emergence of “Ransomware as a Service” (RaaS). RaaS providers host ransomware toolkits in the cloud and offer access on a subscription basis, making it easier than ever for anyone – even individuals with minimal security knowledge – to extort money from people and organizations.

The allure of RaaS

Putting aside threats, unethical behavior and even physical violence, criminals – and by extension cybercriminals – operate on very similar principles as legitimate businesses.

Like any business, cybercriminals aim to take the path of least resistance while achieving maximum ROI, and RaaS lets them do just that.

It can be useful to think of RaaS in the same vein as a commercial airplane. The average person cannot afford to buy and maintain an airplane. Neither do they have access to an airport, nor do they have the skills needed to fly a plane. In other words, if it were left to individuals, the majority of people would never experience air travel.

However, a commercial carrier looks after all the issues involved, such as employing pilots and staff, maintaining airplanes and ensuring good relations with airports. So, in exchange for an affordable fee, it’s possible for the average person to book a flight to almost anywhere in the world.

This is what RaaS has done for average cybercriminals that would otherwise be unable to create and run their own ransomware campaigns. Many RaaS (or similar Cybercrime-as-a-Service) offerings will provide customers with the knowledge and tools necessary to launch attacks. It can even provide support and training materials to increase their chances of success.

Let’s look at an example. The Petya & Mischa RaaS was launched in July 2016. It encourages distributors to generate high returns by enticing higher returns. If distributors generate less than five bitcoins, they only earn 25% of the payment. However, this goes up to a potential earning of 85% if the weekly earning is over 125 bitcoins.

In this regard, the RaaS business model has proven to be highly lucrative, for both the providers and the distributors, and there’s no sign that the service will go away anytime soon.

A target rich environment

Email is the most popular attack avenue for ransomware, both via malicious links and malicious attachments. For consumers, the emails are usually part of mass spam campaigns. However, for businesses, these will often take the form of specific phishing or whaling campaigns.

When it comes to the cost of ransomware, it can vary greatly depending on the target. A Hollywood hospital reportedly paid $17,000 to regain access to patient files. On the other end of the spectrum, F-Secure stated that by negotiating with cybercriminals, discounts of up to 29% can be gained. While Symantec estimates the average ransom amount in 2016 to be $679.

For a victim, there are many indirect costs which can significantly increase the impact of ransomware beyond the cost of paying the ransom. System downtime, recovery costs, loss of customer confidence, as well as overtime for staff or external consultants, all contribute toward the overall cost – which can end up being a significant hit for any company to take.

One of the biggest advantages criminals have when it comes to ransomware, is that it is an indiscriminate attack that can work across all verticals and sizes of companies and with individuals. A criminal can potentially gain similar profits from an individual consumer, as they can from a large enterprise. This further lowers the bar to entry, as no pre-qualification needs to be done on the targets.

Key takeaways

With the growing popularity of RaaS, and the fact that it shows no signs of slowing, it’s more important than ever that enterprises and individuals take appropriate steps to protect themselves from ransomware infections. Here are a few tips to keep top of mind:

• User education and awareness is the first, and arguably the most important, line of defense. Not clicking on suspicious links can prevent infections to begin with.
• Segregating critical systems and assets is also a good defensive measure. In the event that a user does click on a link, having segregated systems will prevent infections from spreading.
• It’s important to have robust detection and response controls, usually complemented by threat intelligence so that any infection can be detected quickly and remedial action can be taken immediately to minimize impact.
• Finally, backup processes cannot be forgotten or neglected. If the worst does happen, it’s better to wipe systems and reinstall from a clean, trusted backup.