There is an erroneous assumption made by many of us that cybercrime is something that occurs in the shadows, that it is anonymous, perhaps only discussed in the far reaches of the deep web. However, there is more and more evidence coming to light of cybercriminals brazenly advertising their wares.
Most notably, we have seen increased internet searches for the term RaaS (Ransomware as a Service). Think of this as an affiliate program, where skilled cyberhackers rent out tailor-made ransomware tools to budding criminals in return for a slice of the profits.
Those working in tech will know that RaaS is something of a play on the term SaaS (Software as a service). But the link is apt, as the experienced cybercriminals follow the same strategy, except for the fact they are dealing in malicious – and worryingly effective – software. Noted examples of RaaS firms include the infamous REvil (Sodinobkibi) group, which successfully targeted 1000s of American businesses and government institutions across 2020 and 2021, before their dark web operation mysteriously disappeared in the summer. But others exist, including the Conti Ransomware group, which openly touts its services for cybercrime.
The stats are clear that the number of ransomware attacks is rising at a disturbing rate. Figures show that there was a 93% increase in the first half of 2021 compared to a year earlier, and 2020 was already a record year as cybercriminals pounced on upheaval and confusion caused by Covid 19. But within those figures comes an alarming report that 60% of ransomware attacks were carried out by groups with RaaS affiliation. This is a new threat, which allows anyone with malicious intentions to carry out attacks with sophisticated ransomware.
While there are many threats to cybersecurity, from phishing to brute force hacking, criminals are becoming more aware that ransomware attacks can be the most effective and financially rewarding. There are many reasons for this, running from the ability to extract nearly untraceable bitcoin (or other cryptocurrencies) as a ransom to the ability of the hackers to install fear and panic into victims locked out of their systems. However, most pertinently, ransomware is eminently “tweakable.” By that, we mean cybercriminals are always upping their game to make improvements to the ransomware, making it harder to detect and harder to get rid of once it infects a system.
Indeed, in November 2021, we heard reports on a new type of ransomware that has been tweaked to be more difficult to detect. The Sabbath group (AKA UNC2190) has been dubbed “small but effective,” and it has been operating since September 2021 largely undetected. As now seems the fashion, Sabbath is operating on RaaS principles, hiring affiliates to carry out the dog work, and reaping the benefits of having tailored bespoke ransomware software. If you were to be able to get inside the mind of the criminals using new types of ransomware readily available through RaaS, you could see the allure: It feels like easy money. Some reports have stated that up to 58% of ransomware victims actually pay the ransom – up from 39% since 2019.
The fact that these RaaS groups can go undetected is alarming for cybersecurity experts. Parts of the dark web, a subset of the deep web, are incredibly difficult to penetrate, and governments are often flummoxed as to how they can identify threats at the root source. Criminals can discuss and develop without any concern that their activities are being monitored. It allows them to hone their craft and, as we have seen, sell it on to affiliate criminals as a service for hire.
Another problem that we face in ransomware in 2021 is that there is often no discernible pattern for targets. It could be a school district or hospital, or it could be an individual’s personal computer, or a small business. Earlier we mentioned the word “brazen,” and that’s often the apt term to describe some of the more high-profile attacks – such as the October 2021 attack on the NRA (National Rifle Association) by a Russian ransomware group. The attack followed a similar pattern, with sensitive NRA materials appearing on the dark web. But it is the response of the hackers in claiming responsibility for the hack: It was almost as if they were trying to put themselves on display in the shop window, as if it was an ad. And that’s an important point about RaaS. RaaS is a business model that follows basic marketing principles, offering criminals DIY ransomware packages.
So, what then is the key to preventing ransomware attacks, be it from traditional groups or those using paid-for RaaS software? There are many theories on what is the best ransomware protection, even going as far as to implement Zero Trust models (never trust, always verify, and treat every application and user as untrusted). Such systems can be expensive, however, and are not always practical for SMBs and individuals.
Using anti-ransomware software, such as ZoneAlarm Anti-Ransomware, still offers the best ransomware protection for businesses and individuals. Of course, for the most effective results, anti-ransomware software should always be used alongside common-sense approaches to the safety of your devices, data, and networks. We have a duty to educate ourselves and employees on the growing threat. In the end, we all need to recognize the threat and act on it. As a 2021 report in the New York Times cautioned: “Don’t Ignore Ransomware. It’s Bad,” adding, “It’s time we took (these attacks) more seriously.”