Technology Ransomware as a service is the new big problem for business

14:10  03 april  2021
14:10  03 april  2021 Source:   zdnet.com

Ransomware is now a national security risk. This group thinks it knows how to defeat it

  Ransomware is now a national security risk. This group thinks it knows how to defeat it Recommendations ranging from additional support for victims to regulating Bitcoin to prevent it being used to extort payment aim to help protect society as a whole from being plagued by ransomware attacks.Ransomware is a growing international problem and it needs global cooperation in order to prevent attacks and take the fight to the cyber criminals behind the disruptive malware campaigns.

a person sitting at a desk with a laptop computer: Computer user working from home on laptop, pinching her nose. © Getty Images/iStockphoto

Computer user working from home on laptop, pinching her nose.

graphical user interface, website © Provided by ZDNet
Coronavirus, remote working, and ransomware: The key cybersecurity challenges your organization is facing
Watch Now

Ransomware as a service is proving effective for cyber criminals who want a piece of the cyber-extortion action but without necessarily having the skills to develop their own malware, with two out of three attacks using this model.

Ransomware attacks are still proving extremely lucrative, with the most well-organised gangs earning millions per victim, so many cyber criminals want to cash in – but don't have the ability to code and distribute their own campaigns.

These two unusual versions of ransomware tell us a lot about how attacks are evolving

  These two unusual versions of ransomware tell us a lot about how attacks are evolving Researchers detail two new types of ransomware - AlumniLocker and Humble. Both are new and have very different ways of doing things, demonstrating the diversity in a space attackers are keep to get involved in.Two newly discovered forms of ransomware with very different traits show just how diverse the world of ransomware has become as more cyber criminals attempt to join in with cyber extortion.

More on privacy

  • Microsoft to apply California's privacy law for all US users
  • Mind-reading technology: The security and privacy threats ahead
  • How to replace each Google service with a more privacy-friendly alternative
  • Cyber security 101: Protect your privacy from hackers, spies, and the government

That's where ransomware as a service (RaaS) comes in, with developers selling or leasing malware to users on dark web forums. These affiliate schemes provide low-level attackers with the ability to distribute and manage ransomware campaigns, with the developer behind the ransomware receiving a cut of each ransom victim's pay for the decryption key.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

How ransomware is evolving as a threat to organizations

  How ransomware is evolving as a threat to organizations Cybercriminals know they can make money with ransomware and keep getting bolder with their demands, says Palo Alto Networks' Unit 42.The number of victimized organizations hit by each ransomware family with their data publicly leaked in 2020.

Researchers at cybersecurity company Group-IB have detailed that almost two-thirds of ransomware attacks analysed during 2020 came from cyber criminals operating on a RaaS model.

Such is the demand for ransomware as a service, that 15 new ransomware affiliate schemes appeared during 2020, including Thanos, Avaddon, SunCrypt, and many others.

Competition among ransomware developers can even lead to the authors providing special deals to wannabe crooks, which is more bad news for potential victims.

"Affiliate programs make this kind of attack more attractive for cybercriminals. The tremendous popularity of such attacks made almost every company, regardless of their size and industry, a potential victim," Oleg Skulkin, a senior digital forensics analyst at Group-IB, told ZDNet.

"Companies had to provide their employees with the capability to work remotely and we saw an increase in the number of publicly accessible RDP servers. Of course, nobody thought about security and many of such servers became the points of initial access for many ransomware operators," said Skulkin.

9 tips to protect your organization against ransomware

  9 tips to protect your organization against ransomware Over the past six months, the number of organizations hurt by ransomware shot up by more than 50%, says Check Point Research.SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)

However, despite the success of ransomware attacks and RaaS schemes it's possible to help protect against falling victim to them with a handful of cybersecurity procedures – including avoiding the use of default passwords limiting public access to RDP.

"RDP-related compromise can easily be mitigated with the help of some simple but efficient steps like the restriction of IP addresses that can be used to make external RDP connections or setting limits on the number of login attempts within a certain period of time," said Skulkin.

SEE: Cybercrime groups are selling their hacking skills. Some countries are buying

Organisations can also help protect the network from ransomware and other attacks via the use of multi-authentication to limit the access an attacker can get if they do breach an account, while applying security patches as soon as possible after they're released prevents criminals from being able to exploit known vulnerabilities.

All of this can help prevent organisations from falling victim to ransomware attacks in the first place – and cut off the need to pay ransoms and encourage ransomware schemes.

Russian Ransomware Group Claims Credit for Cyber Attack on D.C. Metro Police

  Russian Ransomware Group Claims Credit for Cyber Attack on D.C. Metro Police DHS Secretary Alejandro Mayorkas said in March that ransomware "now poses a national security threat."The suspected attack was reported earlier this week as the latest in a series of high-profile cyberattacks in the U.S. It comes just weeks after U.S. Department of Homeland Security Secretary Alejandro Mayorkas identified ransomware as a force posing a "national security threat" to the U.S.

"As long as companies pay ransoms, determined only by attackers' appetite, such attacks will continue to grow in numbers and scale and are likely to become more sophisticated," Skulkin concluded.


  • This dangerous ransomware is using a new trick to encrypt your network
  • How to protect your organization's remote endpoints against ransomware TechRepublic
  • Ransomware: How clicking on one email left a whole business in big trouble
  • How to avoid a spear-phishing attack. 4 tips to keep you safe from timeless scams CNET
  • Ransomware: Attacks could be about to get even more dangerous and disruptive

Nonprofit provides help to hospitals battling ransomware .
The Center for Internet Security recently launched a free tool for private U.S. hospitals to block malicious activity.Doctor and nurse discussing over digital tablet at the hospital

usr: 3
This is interesting!