According to the Federal Bureau of Investigation’s (FBI) 2023 Internet Crime Complaint Center (IC3) report, the federal agency received 2,385 complaints identified as ransomware with adjusted losses of more than $34.3 million in 2022. Of those complaints, 870 belonged to an organization falling into an industry classified as a critical infrastructure sector.
Subscription-based applications have changed the software market — including the illicit software market. Similar to how legitimate companies can leverage SaaS applications to streamline business operations, threat actors now offer subscription-based ransomware models that enable criminals to deploy attacks easily. Ransomware as a Service, or RaaS, means that threat actors don’t have to code their own ransomware; they can simply buy it from another cybercriminal. This means that any threat actor who wants to can launch a ransomware attack, no matter their technological skills.
In addition, modern ransomware attacks no longer simply encrypt data. Over the past few years, attackers have been focusing on attaques de double et triple extorsion that also include stealing data, holding it hostage until the victim pays the requested ransom.
The evolving Ransomware-as-a-Service (RaaS) business model has democratized these attacks, enabling sophisticated actors to deploy them.
How Does Flare Address Ransomware Readiness?
Groupes RaaS gain access to your environments by taking advantage of data leaks, looking through sensitive information in stealer logs sold on Genesis Market, Russian Market, and both public and private Telegram groups.
Flare provides continuous monitoring of any stolen information with automated monitoring across the clear & dark web, prioritized alerts, and autonomous remediation. This includes monitoring for stealer logs, especially those that contain access to RDP, VPN, and SSO credentials that could lead to a compromise of your data.
Quels sont les principaux avantages de la surveillance et de la préparation aux ransomwares avec Flare ?
- Flare automatically monitors for external threat exposures, allowing for significantly reduced time in remediating any risks.
- Flare is able to quickly contextualize and summarize threat actor activity so that your security team can act as soon as possible.
- Flare notifies you about any risks that need to be mitigated, allowing your security team to spend their time and resources on more complex tasks.
Ransomware as a Service: An Overview
What is Ransomware as a Service?
RaaS is a cybercrime business model in which threat actors who develop ransomware sell their malware to other threat actors who then distribute it. RaaS lowers the criminal barrier to entry since sophisticated threat groups offer pre-developed ransomware tools and infrastructure, including ransomware variants and campaign management technologies.
It’s a variation of the broader Malware as a Service (MaaS) market. In fact, it’s a sizable chunk of that market; ransomware made up 58% of the MaaS sold between 2015 and 2022.
How does the RaaS business model work?
There are a range of RaaS revenue models:
- Programmes d'affiliation: Users pay a monthly flat fee for access to the ransomware. The RaaS takes a cut of every successful ransom.
- Partage des profits: The user purchases a license and the proceeds are split between all users and operators.
- One-time license: Users make one payment for access to the RaaS. They do not have to share profits.
- Percentage split: Rather than paying for a license, the user splits the profits with the RaaS operators after an attack.
Typically, RaaS operates on an affiliate model with ransomware developers/operators and the affiliates sharing the ransom payment revenue.:
- Les opérateurs: develop and manage the ransomware platform, and provide the affiliates resources such as encryption keys and customer support
- Affiliés: execute the ransomware attacks taking advantage of the resources and tools purchased from operators
Threat actors sell RaaS models on forums Web sombre, sur le dark web et la Chaînes de télégramme in an effort to stay anonymous and avoid law enforcement.
What are the types of RaaS business models?
Il existe quelques modèles économiques généraux :
- Abonnements Mensuels: Les affiliés paient des frais mensuels récurrents pour accéder à la plateforme et utiliser ses ressources, conservant l'intégralité de la rançon payée.
- Frais de licence: Les affiliés paient des frais de licence uniques pour accéder aux outils du ransomware, conservant ainsi la totalité de la rançon payée.
- Programme d'affiliation: Les affiliés reçoivent un pourcentage des rançons payées par les victimes.
En échange du paiement, les affiliés reçoivent :
- Technologies nécessaires au déploiement d’attaques
- Services d'assistance à la clientèle
- Communautés en ligne pour partager des connaissances et des expériences
- Accès à la documentation et aux tutoriels sur la façon de déployer le ransomware
- Mises à jour des fonctionnalités
What is the history of the RaaS model?
RaaS isn’t new. The first recorded instance of Ransomware as a Service is from 2012, when Reveton — also called the FBI virus— locked victims out of their computers with a message claiming to be from the FBI or local law enforcement, and demanding a fine. Reveton was the first to offer its ransomware as a product, and it operated as a business, offering updates and options for customization. Since then, RaaS gangs have exploded, as have the number of ransomware attacks. Ransomware continues to evolve as threat actors innovate on the model.
Why is it Important to Understand Ransomware as a Service Right Now?
How prevalent is ransomware?
The RaaS model might not be new, but the growth of the RaaS industry has certainly contributed to the dramatic rise in ransomware attacks. According to Verizon’s 2023 Data Breach Investigation Report (DBIR) ransomware is now the second most used atack vector and is present in a quarter of all data breaches. In 2023, ransomware was the second-most prevalent attack method in data compromises as well. With sophisticated ransomware at the fingertips of almost anyone who wants it, increasing numbers of organizations will find themselves the target of ransomware attacks.
How is ransomware delivered?
Most ransomware is delivered as part of a phishing attack; a bad actor uses a fake message to trick an insider into clicking a suspicious link or downloading the ransomware in an innocent-seeming file. However, ransomware can be inserted into a network by a threat actor who has hacked into a system.
What is the impact of RaaS?
Because RaaS makes ransomware available to a larger group of criminals, it enlarges your surface d'attaque. Businesses are then exposed to several risks, financial and reputational. Some of the financial costs may include the following:
- Perturbation des opérations
- Amendes réglementaires
- Frais de litige
- Expenses associated with remediation efforts
- The ransom fee, or fees, if the organization chooses to pay
How can you protect yourself from RaaS gangs?
Countering RaaS gangs and ransomware in general, it’s important that organization adopt a proactive cybersecurity stance. This means using a multifaceted strategy that includes technology, threat intelligence, education, and good cyber hygiene practices.
RaaS Readiness and Flare
Flare est le leader Gestion de l'exposition aux menaces (TEM) solution for organizations. Our technology constantly scans the online world, including the clear & dark web, to discover unknown events, automatically prioritize risks, and deliver actionable intelligence you can use instantly to improve security. Ransomware as a Service (RaaS) puts ransomware, one of the most disruptive types of malware, into the hands of anyone willing to pay for it.
With Flare Supply Chain Ransomware Exposure Monitoring, gain unique visibility and proactive security across your extended supply chain to efficiently mitigate threat exposures that exist within ransomware data leaks. Learn more by signing up for our essai gratuit.
