Almost anyone with access to the dark web and a relatively small war chest can commission a sophisticated and devastating cyberattack on almost any business or organisation, with small businesses increasingly among those targeted.
By Daniela Fernandez, Head of Information Security, PayPal Australia
Last year saw a surge in ransomware attacks, making them one of the most pervasive cyber threats today. One of the more prominent recent attacks was in December 2021, when the private information of up to 80,000 South Australian government employees was stolen by cyber criminals demanding a ransom payment in cryptocurrency.
According to Palo Alto Networks the average ransomware payment reached $570K in the first half of 2021. One of the key reasons ransomware continues to be such a lucrative type of attack is the adoption of Ransomware as a Service (RaaS).
The RaaS model has opened the market to malicious actors and enabled them to leverage effective malware and ransomware tools to execute an attack without significant resources or technical expertise. This means almost anyone with access to the dark web and a relatively small war chest can commission a sophisticated and devastating cyberattack on almost any business or organisation, with small businesses increasingly among those targeted.
What is Ransomware as a Service (RaaS)?
In the traditional model, the cybercriminal, whether an organisation or individual, required the technical capabilities to carry the attack end to end. With RaaS, like a Software as a Service (SaaS) business model, the organisation that develops the ransomware offers the variant for a subscription fee to different buyers.
In some cases, the buyers who want to execute the attack have access to the organisation offering the service, in other cases there's a RaaS operator (broker) who helps identify the different tools required to carry out the attack and facilitate transactions between the providers (spam, botnet, malware) and the buyers.
Cybercriminals offering RaaS have become more sophisticated and mirror legitimate business practices including having a code of conduct, playbooks to conduct attacks, marketing campaigns to attract new buyers and hacker employees and, brochures to highlight benefits of the different subscription options.
How can businesses protect themselves?
There are some basic actions businesses of any size can take to protect against a ransomware attack and reduce your exposure.
Most ransomware attacks exploit known vulnerabilities for which patches are usually available. Ensure your operating systems are up to date and prioritise patching of vulnerabilities, especially for systems and devices that are internet facing and/or store, process or transmit sensitive data.
Enable MFA wherever possible, especially in access points that are internet facing, to lower the risk of a successful attack. Multi-factor authentication requires users to provide two or more pieces of evidence to verify their identity, before they can gain access to a website or application. These days, most applications and consumer services offer this capability. Ensure you enable MFA to secure everyday authentication to the services you offer and consume.
Having a strong endpoint security solution in place will help you protect end-user devices that could serve as potential point to access corporate network. Endpoints include any device with internet connectivity such as laptops, tablets, desktop computers and mobile phones.
Phishing is one of the most common attack vectors for ransomware and many other types of attacks. Hence, you should detect and block malicious emails, as well as make it easy for users and employees to report suspicious emails so they can be blocked from other users and the domains can be reported in a timely manner.
Last but not least, empower your staff with the necessary knowledge to identify and report suspicious activities and emails to the correct channels. When it comes to protecting your data and systems, behaviours are just as important as technical controls. Creating a positive cyber security culture and making people the strongest first line of defence can make a huge difference to minimise the risk of any cyber-attack.
How can individuals help fight cybercrime?
With the shift to remote working due to COVID-19, attackers have found more paths to access secure networks. Such paths include taking advantage of weak wireless security settings, out of date operating systems in personal devices (mobile, tablets, printers, computers) that employees use to access the company network, or in corporate devices that are increasingly used for personal activities.
Therefore, in addition to the corporate controls that the organisations put in place, as individuals we should take simple steps to protect ourselves and our families. These steps include:
It is expected that the RaaS ecosystem will continue evolving, as cyber criminals use the money collected through ransoms to operationalise their business model and fund more sophisticated attacks.
As long as ransomware continues to yield profits for cybercriminals, we will keep seeing new variants and significant increase in the use of RaaS. This might be the reason why governments are working on putting legislation in place to deter malicious actors and stop ransom payments however, it takes time for such legislation to be actively enforced. In the meantime, organisations should familiarise themselves with the concepts and impacts of ransomware, prepare to prevent such incidents and respond effectively to possible attacks.
The content and information provided is for general informational purposes only. You should always obtain independent technology, business, tax, financial and legal advice before making any business decisions.
Sign up to receive the latest news to your email.