Detecting ransomware

Ransomware Business Models on the Rise

The total amount of losses from ransomware attacks between mid-2019 and mid-2020 is estimated to be more than $1 billion. In 2020, the average ransom demanded was allegedly $170,404. Ransomware attacks can be very lucrative for those who deploy them.

While anyone can install ransomware on another person’s computer, creating the malware requires skill and technical know-how. Ransomware-as-a-Service, or RaaS, is software that has been designed to simplify the ransom process for criminals. Developers create this malware and sell it for widespread use. So, what does that mean for you?

What makes RaaS so dangerous? 

Criminals can get special offers, choose from different subscription models, and view RaaS offerings in the darkweb that look very much like traditional software service marketing. Ransomware buyers are given an attractive and intuitive user interface to personalize the malware.

RaaS presents a serious challenge for businesses today, but it is also dangerous to teenagers and students. Teens often visit the dark web, where ransomware attacks may occur without their knowledge and cause them harm. It is important to talk with children of this age about the dangers of the darknet, so they do not get into trouble.

Examples of Ransomware-as-a-Service

Many types of RaaS exist on the darkweb, and operators constantly develop new software. Notorious examples of ransomware, spread through the RaaS model include:

Egregor: It allegedly runs on an affiliate-style commission system, with developers receiving a 20 to 30 percent cut of the ransom amount and splitting the rest among affiliated sites.

Egregor, which was launched in September 2020 to replace Maze RaaS (which went out of business around that time), is believed by many observers to have been a significant improvement over the original.Over the past year, several companies—Ouest France, Ubisoft and Gefco among them—have been victims of Egregor.

REvil: REvil RaaS developers reportedly turn away applicants who do not have enough hacking experience. The developers of REvil have reportedly earned $100 million from this ransomware, which appears to be heavily targeted at legal and insurance companies as well as agricultural firms.

REvil uses a slightly different approach to extortion than other groups do. In addition to demanding money, the group leaks data and threatens further ransom demands if victims don’t pay up. The REvil Group made the most significant buyout demand so far in March 2011, when it hustled electronics manufacturer Acer for $50 million.

Dharma: Dharma is an old file-replacement virus and has been around since at least 2017. Dharma’s ransom demands are lower than those of other RaaS, averaging about $9,000. Some researchers suggest that this may be because Dharma allows even inexperienced hackers to join its affiliates program.

How can you avoid RaaS?

Like in the case of other Ransomware attacks, here are some steps organizations can take to protect themselves from ransomware-as-a service.

  1. Analyze the current state of your organization’s cybersecurity infrastructure. It is wise to put some money into a ransomware readiness assessment.
  2. Make sure that all your important business data is backed up. This is one investment in company technology that is worth every penny.If you still have access to your backed-up data, a cyber criminal can only do so much damage by encrypting certain files or attacking devices.
  3. Train your staff and incident response teams to respond effectively to ransomware attacks.
  4. And, keep up to date with all the cybersecurity essentials by using our team at Arruda Group to give you the insights you need.