When it comes to innovation, it’s not just the defenders in cybersecurity that are finding new techniques and technologies to advance. The attackers are also innovating, finding new ways to compromise organizations, big and small.
One of these innovations is the advent of ransomware as a service (RaaS), where attackers sign up to an as-a-service model to acquire new ransomware tools and malware, similar to how a business might buy software on a subscription basis for its employees to use. What makes this so significant is that it lowers the bar of entry for new attackers, as it requires significantly less skill for a potential attacker to “buy” the ransomware tools they need in order to execute an attack.
These new types of tactics by the attackers are worrisome, as ransomware continues to rise as a threat vector against organizations of every size. We saw banner attacks against major oil and gas, financial services, healthcare, food supply organizations and more. In total, in 2021, these ransom demands from attacks on organizations totaled nearly $320 million, a significant increase over previous years.
Businesses everywhere need to educate themselves on these current threats and attack tactics, and then take mitigating actions to limit their risk. Managed services providers (MSPs) are a critical partner in helping companies educate themselves on the latest threats, develop a cybersecurity strategy, and ultimately put that strategy into action through the implementation of technology and other means.
Explaining RaaS—what you need to know
As previously mentioned, RaaS is a new model used by malware developers to sell tools or malware to would-be or hopeful attackers that want to leverage their capabilities for nefarious purposes. As a result, attackers don’t need the same level of advanced development capabilities or financial resources to execute an attack as they might if they had to develop the malware from scratch themselves.
Well-known RaaS offerings include Locky, Goliath, Shark, Stampado, Encryptor, and Jokeroo. Operators also include DarkSide, REvil, Dharma, LockBit, and others. These operators are reportedly responsible for some of the biggest attacks in 2021, such as the Colonial Pipeline attack that affected fuel supplies along the east coast of the United States. These are just a few examples out of many, however, and new ransomware operators and strains are evolving every day.
Hackers looking to purchase tools in this way would just need to turn to the dark web, where unfortunately these types of services are fairly easy to come by. In fact, you can also find them advertised there in the same way you might get an ad on your web browsers for a new restaurant or a product you might want to buy. These “marketing” techniques only help to magnify the challenge at hand for those looking to defend against these new types of attacks.
The so-called “kits” can be purchased in a few different ways, including for a monthly subscription fee, a monthly fee with a proportion of profits, a one-time license fee, or a cut of the final profits. These fees on a monthly basis can range from around $40 per month to many thousands of dollars, depending on the service being delivered. They are often payable in Bitcoin or another cryptocurrency. The tools come in a number of different forms for potential buyers to choose from. In addition to the malware itself, the kits can include a variety of other services, including 24/7 customer support lines, reviews, support forums, and more.
Mitigating risk from RaaS attacks
As we navigate our current aggressive cybersecurity threat crisis, it’s more important than ever for companies everywhere—and their MSP support providers—to make sure they are taking every step possible to mitigate the immense current risk to their organization. For MSPs, this means working with every customer, regardless of industry, size or budget, to proactively limit risk where possible.
There are a number of technical measures that a company can put in place to accomplish this mitigation. Cybersecurity experts recommend such measures as implementing modern endpoint protection that can monitor on a 24/7 basis, adopting multi-factor authentication, performing frequent backups and storing them in separate locations (perhaps both on-premise and in the cloud), and maintaining a thorough patch program for known vulnerabilities.
On top of that, companies can also consider other tools, such as network segmentation and anti-phishing. These technologies together can be part of a layered defense strategy to keep the organization safe. For further technical guidance, businesses may want to refer to the Ransomware Guide issued by the Cybersecurity and Infrastructure Security Agency (CISA), one of the most prominent government authorities on cybersecurity.
Beyond the technology, it’s important for companies to address the human element, as well. With the vast majority of attacks breaching the perimeter thanks to human error or accident, it’s important for organizations to invest in user training, so that employees can spot potential threats in order to avoid them, and overall build a culture of cybersecurity across the organization, from the CEO on down.
Finally, organizations should also consider an incident response plan or, in other words, a playbook for how they would respond if they faced a successful attack. This type of strategy is critical so that a company can respond quickly and thoroughly in the event of an incident—something that is only possible if teams are practiced and orchestrated in how they will respond.
MSPs can play a critical role in helping educate customers on the risks they may face from ransomware, and then subsequently assisting them to build a comprehensive strategy to mitigate the risk they face. The threat of ransomware (or any cybersecurity threat for that matter) can be overwhelming for many business owners or IT departments, no matter how sophisticated their technical ability, and having a trusted advisor such as an MSP is critical to navigating this difficult world.
Turning a risky future into a secure one
The threat from ransomware isn’t going away anytime soon. In fact, it’s only predicted to rise (and rise significantly) in the years to come. According to one estimate from Cybersecurity Ventures, ransomware costs are expected to reach $265 billion by 2031. With that kind of trajectory, every MSP has a responsibility to help their customers protect themselves as best they can.
With their role as a trusted advisor and technology expert, an MSP is in a unique position to provide the support a customer needs. For ransomware, this can mean implementing the necessary cybersecurity technologies, rolling out a training strategy for employees, or even running incident response drills. The strategy for this should be carefully decided alongside the customer to make sure it fits their needs and budget.
Further reading Ransomware protection with MSP360
While some customers may be skeptical that they will be the target of an attack, 2021 has shown that no business—big or small—is immune. There is no time to waste to start considering these new threats, such as RaaS, as part of a company’s overall cybersecurity strategy.
After all, for many businesses, it’s not a matter of if they get attacked, but when.
Read our free guide to learn about:
- Common MSP vulnerabilities;
- How to prepare for a ransomware attack to keep your clients safe;
- Which actions response to a ransomware attack should involve;
- How to manage clients while handling an attack.
About the author
Kurt Abrahams is the Vice President of Marketing at MSP360 with expertise in technology marketing, cybersecurity and AI based technology.