*/
The risks of ransomware have been well publicised in the last few years, but cyber security analysts around the world have recently seen it evolve into a more industrialised form called Ransomware-as-a-Service (RaaS). Some observers have described it as a new criminal business model and even a whole new cybercriminal economy. So what is RaaS and what can be done to defend against it?
Ransomware groups are understood to use two methods of operation, either direct attack or RaaS. The latter has increased the risks for organisations trying to defend themselves because now a greater number of adversaries potentially has access to the tools they need to infiltrate IT networks. Even relatively low-skilled groups or individuals can get their hands on malicious software (malware) and direct it at whichever organisations they wish.
RaaS can be broken down into three components:
Each group pays fees for any services they buy from other groups and/or splits the money they make from the organisations they attack. The model spreads the workload, the risks involved and any financial rewards. There’s no new sophisticated technology here, it’s simply a different way that threat actors are working together as they amend their tactics, techniques and procedures (TTPs).
RaaS is a much more industrialised set-up that some analysts have even described as a new cybercriminal business model. Now that criminal groups specialise in a single area rather than attempt to manage all the stages themselves, they can invest their energy and time into mastering one specific act of the crime.
This also means that less skilled groups and those without much experience can simply purchase ready-made tools from other groups and apply them to their chosen targets. Whereas ransomware used to be opportunistic, RaaS has enabled gangs to target firms more precisely.
The nature of the RaaS model also makes it more difficult to identify the unique signatures that cybercriminals leave behind for digital forensics teams to find. The hallmarks found following a RaaS cyber-attack will be blurred by up to three different sets of ‘fingerprints’ at the crime scene instead of the one set that would have previously provided evidence of a single group.
RaaS is still fairly new and, as with almost everything in cyber security, it’s continually evolving, so we’re bound to see new developments unfold in the coming months and years. Time will tell whether RaaS will eventually prove to be the dominant modus operandi for all cybercriminal groups or if it will only be a temporary trend that will fail to be effective for the longer term for as yet unknown reasons.
RaaS really shouldn’t be anything more to worry about than usual. At its heart, cyber security isn’t a technology problem. It’s a risk management problem, and one that involves people using technology, building partnerships and communicating to resolve the problem together.
The fundamental risk management practices that can be applied to cyber security will help to minimise the chances of a RaaS cyber-attack: good cyber hygiene, cyber security awareness training, offensive security, or penetration testing, and a strong Security Operations Centre (SOC) and the capability to protect the whole IT ecosystem.
Criminals always want to take the easiest route to make money, so it’s worth the effort to make it as difficult as possible for them, and to ensure that the new cybercrime economy does not pay.
Feel free to contact us at info@quorumcyber.com if you have any questions or concerns about ransomware, or want to find out more about how we can help you reduce your risks. You can read about how we’re already helping the legal sector at https://www.quorumcyber.com.
The risks of ransomware have been well publicised in the last few years, but cyber security analysts around the world have recently seen it evolve into a more industrialised form called Ransomware-as-a-Service (RaaS). Some observers have described it as a new criminal business model and even a whole new cybercriminal economy. So what is RaaS and what can be done to defend against it?
Ransomware groups are understood to use two methods of operation, either direct attack or RaaS. The latter has increased the risks for organisations trying to defend themselves because now a greater number of adversaries potentially has access to the tools they need to infiltrate IT networks. Even relatively low-skilled groups or individuals can get their hands on malicious software (malware) and direct it at whichever organisations they wish.
RaaS can be broken down into three components:
Each group pays fees for any services they buy from other groups and/or splits the money they make from the organisations they attack. The model spreads the workload, the risks involved and any financial rewards. There’s no new sophisticated technology here, it’s simply a different way that threat actors are working together as they amend their tactics, techniques and procedures (TTPs).
RaaS is a much more industrialised set-up that some analysts have even described as a new cybercriminal business model. Now that criminal groups specialise in a single area rather than attempt to manage all the stages themselves, they can invest their energy and time into mastering one specific act of the crime.
This also means that less skilled groups and those without much experience can simply purchase ready-made tools from other groups and apply them to their chosen targets. Whereas ransomware used to be opportunistic, RaaS has enabled gangs to target firms more precisely.
The nature of the RaaS model also makes it more difficult to identify the unique signatures that cybercriminals leave behind for digital forensics teams to find. The hallmarks found following a RaaS cyber-attack will be blurred by up to three different sets of ‘fingerprints’ at the crime scene instead of the one set that would have previously provided evidence of a single group.
RaaS is still fairly new and, as with almost everything in cyber security, it’s continually evolving, so we’re bound to see new developments unfold in the coming months and years. Time will tell whether RaaS will eventually prove to be the dominant modus operandi for all cybercriminal groups or if it will only be a temporary trend that will fail to be effective for the longer term for as yet unknown reasons.
RaaS really shouldn’t be anything more to worry about than usual. At its heart, cyber security isn’t a technology problem. It’s a risk management problem, and one that involves people using technology, building partnerships and communicating to resolve the problem together.
The fundamental risk management practices that can be applied to cyber security will help to minimise the chances of a RaaS cyber-attack: good cyber hygiene, cyber security awareness training, offensive security, or penetration testing, and a strong Security Operations Centre (SOC) and the capability to protect the whole IT ecosystem.
Criminals always want to take the easiest route to make money, so it’s worth the effort to make it as difficult as possible for them, and to ensure that the new cybercrime economy does not pay.
Feel free to contact us at info@quorumcyber.com if you have any questions or concerns about ransomware, or want to find out more about how we can help you reduce your risks. You can read about how we’re already helping the legal sector at https://www.quorumcyber.com.
Chair of the Bar sets out a busy calendar for the rest of the year
AlphaBiolabs has announced its latest Giving Back donation to RAY Ceredigion, a grassroots West Wales charity that provides play, learning and community opportunities for families across Ceredigion County
Rachel Davenport, Co-founder and Director at AlphaBiolabs, outlines why barristers, solicitors, judges, social workers and local authorities across the UK trust AlphaBiolabs for court-admissible testing
A £500 donation from AlphaBiolabs is helping to support women and children affected by domestic abuse, thanks to the company’s unique charity initiative that empowers legal professionals to give back to community causes
Casey Randall of AlphaBiolabs discusses the benefits of Non-Invasive Prenatal Paternity testing for the Family Court
Philip N Bristow explains how to unlock your aged debt to fund your tax in one easy step
Come in with your eyes open, but don’t let fear cloud the prospect. A view from practice by John Dove
Timothy James Dutton CBE KC was known across the profession as an outstanding advocate, a dedicated public servant and a man of the utmost integrity. He was also a loyal and loving friend to many of us
Lana Murphy and Francesca Perera started their careers at the Crown Prosecution Service before joining chambers. They discuss why they made the move and the practicalities of setting up self-employed practice as qualified juniors
As threats and attacks against lawyers continue to rise, a new international treaty offers a much-needed safeguard. Sarah Kavanagh reports on the landmark convention defending the independence of lawyers and rule of law
Author: Charlotte Proudman Reviewer: Stephanie Hayward
