How to prepare for increased ransomware-as-a-service (RaaS) attacks

by Steve Freidkin

One of the most insidious cybersecurity schemes today, ransomware is projected to have cost over $20 billion in 2021. That number is only expected to multiply in the coming years, so it’s crucial for business owners to guard their organizations against emerging cybersecurity threats and develop thorough mitigation and response plans. 

Approximately 37% of global corporations were subject to a ransomware attack in 2021, and 70 percent of CISOs surveyed expect an imminent attack on their organization. The concern is justified when looking at the sharp upward trend within the last two years.

The spike is largely attributed to the surge in remote work during the COVID pandemic that led to an explosion in the global digital economy. As more industries move their operations online, the shift has created a growing market for unscrupulous actors looking to exploit cybersecurity vulnerabilities, of which there are many if you know where to look. 

The rise of “ransom as a service” (RaaS) platforms has also made it much easier for such nefarious exploits to occur. This subscription-based model enables hackers to use already-developed ransomware tools to execute attacks. Now would-be cyber-kidnappers no longer need the skill to develop malware on their own or even possess the technical know-how to conduct ransomware attacks—anyone can become a cybercriminal. 

It’s thus imperative that companies protect themselves by understanding who ransomware attackers are, how they operate, and the best practices to stop them in their tracks.

How RaaS enables unskilled actors

RaaS gives anyone, even those with zero experience, the ability to launch ransomware attacks by simply signing up for a service or purchasing a toolkit. Ransomware kits are sold on the dark web and are often purchased as a monthly subscription service. Subscribers also receive 24/7 access to technical support and user forums, complete with Q&As and troubleshooting sections. 

Subscriptions go for as little as $40 a month, which makes the technology all too accessible to anyone interested in committing financial crimes. Moreover, the developers are invested in their clients’ success; they design easy-to-use software to ensure repeat customers, and may even receive a cut of their customers’ ill-gotten gains. 

Guarding against common vulnerabilities 

Beginner ransomware attackers usually opt for one of three basic schemes: email phishing, exploiting Remote Desktop Protocols (RDPs), or preying on vulnerabilities in out-of-date software.

Email phishing scams typically trick employees into taking some form of action that gives hackers access to an company system, whether by an employee clicking on a viral attachment or entering login credentials into a fake form. 

Another insidious method has recently emerged through the rise in remote work—Remote Desktop Protocols (RDPs), which are designed to allow employees’ computers to remotely connect to a company system, but they also leave organizations vulnerable to backdoor attacks. Typically, all of the employees of a particular ogranization will connect remotely to the same system, which allows attackers easy access to an entire network if the RDP is left unprotected and not shielded behind a firewall. In 2020, over 50 percent of ransomware attacks used RDPs as their initial line of attack. 

Despite the ubiquity of RDP attacks, the simplest form of ransomware attack to both execute and prevent comes from the use of out-of-date software, which presents a host of vulnerabilities. When software is not properly updated or patched, attackers can easily access networks, even without stolen credentials.

Protecting your cyber infrastructure 

Your employees are your first and most effective line of defense from nefarious attacks. It is crucial to educate staff about the dangers of phishing emails, backdoor attacks, and out-of-date software so they can be your organization’s most prominent firewall. 

Institute a mandatory employee security-awareness program, which should include multiple diverse modules to help employees understand the various routes of attack and how to block them. This helps ensure that your employees are collectively working toward strong internal cybersecurity.

After training, consider executing simulated scams to see how employees perform in real-world scenarios. Evaluate their performance to identify where your liabilities are, as well as who might require additional training or assistance. 

After establishing a strong foundation with a well-trained internal personnel, take the following steps: 

• • Enable multifactor authentication,  which requires an additional security level on top of a password to log into a system. This usually means employees must verify their identity through a device that the system recognizes. While there are various techniques to steal passwords, it is more difficult to access a remote physical device like an individual’s phone. An amateur who has merely purchased a RaaS toolkit is unlikely to be able to bypass two-factor authentication. 
  • Limit access to Remote Desktop Protocols (RDPs). Hide RDPs behind a firewall to limit access to outside users, and check RDPs frequently to ensure they remain secure. 
  • Patch regularly and frequently. Updated software is less likely to have holes and vulnerabilities ripe for exploitation. 
  • Enlist a spam filter that blocks all encrypted attachments. Encrypted attachments are bad news, period. You can live without them. 

Even if you have anti-ransomware infrastructure and protocols in place, your organization may still fall victim to a RaaS attack. Therefore, it is crucial to have a robust backup process. Backups should be regular and frequent, and it’s imperative that company data is stored in multiple secure locations. If your systems are infiltrated in the end, you will have less to lose, and thus a lower ransom to pay.

However, the most important action is still to build good habits amongst your workforce. Managers must ensure that employees are not afraid to ask for help in instituting effective cybersecurity practices and work to foster a cooperative culture where everyone collectively prevents and mitigates attacks. 

By instituting these measures, you can protect your organization against those looking to make a quick buck and reverse the upward trend in attacks, flattening the curve. 

About the author: Steven Freidkin is the CEO and founder of Managed Security Services Provider (MSSP), Ntiva and has over 17 years of experience within the MSP industry.