RaaS - Ransomware as a Service

By November 25, 2021 No Comments

*By Nailton Paixão

In 2021 ransomware cyberattacks grew in Brazil and worldwide. Brazil already occupies the 5th position as a target of this threat. Several attacks were evidenced, bringing large-scale financial losses to several companies.

The increase in ransomware cases is no accident, cybersecurity reports have pointed to a significant increase in cases involving this type of malware. One of the factors for the increase in attacks like this is ransomware as a service or ransomware as a service (RaaS).

What is a Ransomware?

Ransomware is a type of malware that encrypts data and systems, with this “hijacking” the attacker starts to demand a ransom payment to release them. This type of threat is usually transmitted via malicious websites and emails, such as phishing.

When developing ransomware, cybercriminals who previously used the malware in their own attacks began to offer the malware as a service, charging a percentage of the profit made by the illicit act or, in some cases, charging a monthly fee for providing the service. rent and support. All trading is carried out via darkweb.

and what is the RaaS (Ransomware as a Service)?

Ransomware as a Service is nothing more than the marketing of malware as a service, for payment or subscription, similar to the SaaS or Software as a Service (Software as a Service) model already known in the market, offered by large companies.

This modality has grown exponentially in recent years due to the fact that the contractor does not necessarily have the technical knowledge required to develop complex malware such as ransomware, that is, even a less skilled cybercriminal has come to rely on this highly dangerous.

like the attacks RaaS happen?

Most ransomware attacks are very sophisticated, but most start with a simple email from phishing. These fraudulent messages ask the victim to log in to a fake website or download some kind of file attached to the email. If the recipient accesses the fake website or downloads the attachments, their credentials are stolen. Either option can provide an attacker with access to the network.

Outdated software is also widely used attack vectors. Whenever a vulnerability is found in a software, an update is released to correct it, however, companies do not always update in time, allowing the use of this “window” of opportunity.

How to protect yourself from a RaaS?

  • Create backup routines – keeping backups up-to-date reduces the chances of major losses when suffering attacks like this, helping to quickly restore Operations;
  • Keep software up to date – attacks of this type often exploit known but not yet patched vulnerabilities in systemic or infrastructure environments;
  • Use multi-factor authentication (MFA) – this makes it difficult for hackers to access your accounts;
  • Use Antivirus / EDR – many ransomware attacks can be identified by the protections against advanced malware, and the EDR solution can help in the containment stage (problem isolation), thus, the dissemination throughout the environment becomes inefficient;
  • Use anti-spam – in many cases, ransomware attacks can start with phishing emails, where anti-spam tools work by blocking suspicious emails and reducing the risk of unintended actions by users;
  • Use a UTM tool – a UTM (Unified Threat Management) tool is a great choice for edge protection, as it offers several protection features in a single device, such as antivirus, IPS, anti-spam, web content filtering and sandbox functions ;
  • Use a SIEM tool – a good SIEM solution correlating all security events in the environment, allows security teams to be aware in real time about possible information security incidents, helping to mitigate and correct possible exposure problems in relation to cyber threats ;
  • Keep teams well trained – periodic cybersecurity awareness campaigns, help companies raise the levels of knowledge of their employees regarding the threats present in our daily lives, such as receiving questionable links by email, downloading files from web pages, etc.;
  • Hire a specialized information security consultancy – by hiring a consultancy specializing in information security, you have access to the correct procedures and processes in the identification, containment and response to security incidents. Allied to the expertise of its consultants, it provides the optimization of financial resources and reduces the chances of your company suffering cyber attacks of this and several other modalities.

— Nailton Paixão is a SOC Analyst at [SAFEWAY]

About Safeway:

THE SAFEWAY is a company of Information security, recognized by its customers for offering high added value solutions, through Information Security projects that fully meet the needs of the business. In these years of experience, we have proudly accumulated several successful projects that have given us credibility and prominence among our clients, which largely constitute the 100 largest companies in Brazil.

Today through more than 23 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.

Let's make the world a safer place to live and do business!