Skip to content
    September 26, 2019

    SaaS, PaaS, IaaS…Now what is RaaS (Ransomware as a Service)??

    I recently attended a Data Connectors Cybersecurity strategies conference in Reston, VA. Companies practicing various security solutions had speakers’ sharing knowledge about security threats that are currently affecting the market and how to protect an IT organization against such attacks. Interestingly, Sophos speaker Paul Lawrence (cybersecurity sales engineer) discussed Ransomware as a Service (RaaS) and how to protect against these attacks. Below you will find the high-level information that I gathered in this conference which I feel will help others who are unaware of this threat.

    P.S. – This is just an informatory blog on what RaaS is and how to prevent IT organizations from this attack.

    What is Ransomware as a Service?

    In layman’s term, RaaS is an unusual type of software as a service provided over the internet by criminals to attack IT systems and get paid ransom for it.

    In 2018, 53% of the organizations were hit by ransomware and 1/3 of them paid ransom to recover from the ransomware attack.

    How it works?

    Suppose I am the bad guy who wants to hack machines, data, information but doesn’t want to reveal the identity and, I want to get paid ransom for hacking.

    I can use RaaS (Ransomware as a Service).

    I need to register my account by providing the bank details where I want to be paid the ransom. All my information that I provide to this service platform will be safe and it won’t be tracked (presumably).

    Next, I download the viruses from this service platform and start infecting machines. Once infected, I can provide details about where they can pay the ransom to recover from the attack.

    Figure 1: Shows how RaaS services are hosted on the web with their malicious intent. (Image downloaded from Google)

    Figure 2: Another RaaS model where you can purchase the malicious software online. (Image downloaded from Google)

    Now anybody can be a hacker using this RaaS service since malicious actors have created various models to attack any IT system. All you need is to follow the guidelines they provide with step by step details.

    How do RaaS providers make revenue?

    They will collect ransom from the organizations or individual vendors who were attacked through RaaS account payment system. Once they get paid the full ransom, a share of that money goes to the criminal who initiated this account payment by registering for this service.

    Basically, a win-win situation for both the RaaS provider and the malicious actor who used this service to attack the IT system of the organization or individual vendors.

    Types of Ransomware attacks

    Two types:

    1. Traditional ransomware attack: The attack is automated and doesn’t need manual intervention. It can spread rapidly across the globe. WannaCry is the most widely known traditional ransomware variant that infected nearly 125,000 organizations in over 150 countries.
    2. Targeted ransomware attack: This is a well-planned manually targeted attack by attacking the network and computers on the network. RobbinHood variant was used in the Baltimore ransomware attack which compromised most of Baltimore’s government computer systems.  13 bitcoins was the ransom demanded to unlock the computers.

    Prevent from Ransomware attacks

    Ransomware attacks are getting more targeted. One of the primary attack vectors for Ransomware attacks is Remote Desktop Protocol (RDP)

    1. Lock down RDP
      1. Use Strong passwords.
      2. Do not disable Network Level Authentication (NLA), as it offers extra authentication level.
      3. To learn more, please go to Malwarebytes Labs.
    2. Patch to prevent privilege elevation
    3. Limit the users to those that really need it
    4. Secure your network both from the outside and inside
    5. Disaster Recovery plan or Aftermath of an attack
    6. We need to ask this question to ourselves “Do we really need remote access?”

    Selfie taken at the Data Connectors cybersecurity event 😊

    More from the blog

    View All Blog Posts