What is Ransomware-as-a-Service? (RaaS)
With an estimated two thirds of ransomware attacks being linked to Ransomware-as-a-Service, we discuss what this means.
When you want some extra cloud storage to save your photos, you may purchase a Google Cloud Storage account or a Dropbox account. And when you want to type a document or create a spreadsheet, you may head to your Microsoft 365 account.
This is called Software-as-a-Service. (SaaS.) You pay a fee and in return you get online access to software that serves a desired purpose.
But what if the service you’re after is to illegally access a computer system, encrypt the important files you find there and hold the owner of that system to ransom in the hope of a big cash payout? Don’t worry, the Internet has you covered.
Ransomware-as-a-Servie RaaS Explained…
It’s called Ransomware-as-a-Service, or RaaS for short. Now our regular readers will know exactly what ransomware is and how to avoid it. It’s malware that encrypts important files on a computer and demands the victim pay up for a decryption key to get them back. Sometimes the victim might be able to recover their files from decryption software developed by the good guys. But if the ransomware uses a strong enough encryption, then it’s more than likely the choices are pay-up or lose the files (unless, of course, you have a current backup!)
But if a would-be cyber crook lacks the technical know-how to create ransomware themselves they can venture to the Dark Web and hire it out for a fee (or a cut of the profits) in a similar way to how a person would pay to use Dropbox or Microsoft 365. The ransomware developers simply hire out their malware and provide instructions on how it works. The cyber crook can then concentrate on gaining control to whatever device or network they want to target and deploy the ransomware.
Sponsored Content. Continued below...
In many cases, the ransomware developers will even provide customer service to the cyber crooks. After all, they would naturally want their customers to have a good experience with their product to increase the chances of some repeat business and to help boost their reputation in the world of illicit digital extortion.
In many ways this sinister business model has many parallels to the legitimate businesses we interact with every day.
It’s estimated that two thirds of ransomware attacks are linked to the RaaS business model, which is worrying to cyber security experts since it opens up this particularly damaging type of attack to more and more crooks who may otherwise lack the technical knowledge.
Sponsored Content. Continued below...
Avoiding an RaaS attack
Regardless of whether it’s a direct ransomware attack or whether its RaaS, the tips to avoiding these attacks are the same.
– Don’t open up email attachments you’re not expecting.
– Keep your software up-to-date and don’t use unsupported software.
– Use reliable security software and run regular scans.
– Don’t download files from websites you don’t trust, even if a download appears legitimate.
– And please, backup those important files!
We have more details on how to avoid these infections here.