Ransomware-as-a-Service: The business of distributing cyber attacks
Ransomware is proving to be a profitable endeavor for cyber criminals. It is also what is fueling a newer trend: the business of offering management of ransomware attacks, or Ransomware-as-a-Service (RaaS).
Fueled in part by the ability to use cryptocurrency to avoid detection, cyber criminals are setting up shop as a managed service provider, helping other cyber criminals conduct business on their platforms for a fee. For that fee, cyber criminal groups get personalize access to platforms, complete with dashboard capabilities, that allow them to easily distribute their ransomware. Also included – technical support. Such full-service offerings mean that nearly anyone with internet access can launch a ransomware attack without any technical knowledge needed.
And why not? The estimated return on investment from ransomware campaigns can easily reach 1400%. The lure of a lucrative return could well attract beginners or anyone with a grudge. For organizations, the threat coming from a well-backed beginner is as damaging as one coming from a career criminal.
Today’s ransomware victim
While nearly any organization or individual could be the victim of a cyber thief, many cyber criminals have started to conduct more targeted ransomware campaigns. Typical targets for cyber thieves include these organization types:
Those that rely heavily on technology to generate revenue. The more a company relies on technology to generate revenue, the more a breach involving downtime will impact the bottom line. While many organizations fit this description, the hardest hit would include retail, financial services, utilities, and manufacturing.
Those that have a significant impact on health and safety. Because of the concern for the safety of the patient population, healthcare organizations are a particularly vulnerable target for cyber criminals. Thieves are exploiting the need to keep patients safe and their information private. Cyber criminals have demanded ransoms after encrypting files containing patient prescription information, medical files, and personal information.
Those that are unprepared. Thanks to the rising cost of cybersecurity, many small to mid-sized businesses find it challenging to properly protect their businesses from ransomware threats. That makes them an ideal target for cyber criminals. In far too many cases, these businesses are faced with a hard decision: pay the ransom or close up shop.
The total impact of breach
Yet paying ransom is not so simple. Dealing in cryptocurrency is a complex and risky process, and one many organizations are not familiar with.
– Ransom payments. For example, most Bitcoin exchanges impose maximum purchase limits of $20,000 or less per day. For a ransom of $1 million, a company unfamiliar with the process, would have its operations on hold for 50 days. Fortunately for companies that have cyber insurance, ransomware payments are usually handled on the insured’s behalf by a trusted third party, and the entire ransom can be paid quickly. Also, cryptocurrency payments are irreversible. Because payments are made to an address comprised of a string of numbers and letters, one errant character could mean the payment never reaches the hackers, and the money paid is irretrievable.
– Forensics. Forensics investigations are as good as the information investigators have to go on. Many organizations realize too late that their audit logs are not gathering the right information. Plus, many breaches are discovered months or even years after they occur, which means data for the event may not have been stored for that length of time.
– Legal. There are also legal requirements when a system is breached. Because each state has its own breach notification laws, some organizations could have difficulty complying, particularly if there are locations in other states. And in most cases, forensics investigations must first determine if any legal requirements have been triggered.
– Public relations/Crisis communications. Also, few organizations are equipped to handle inquiries and damage control once a breach becomes public knowledge. Hiring outside help to manage the situation is essential. If the breach is large enough, a company may need to set up a call center.
– Business interruption/Reputation damage. Then there are the costs associated with the interruption of normal operations. Such interruptions damage a company’s reputation far beyond the cost of the ransom demand. It is this vulnerability that makes a company a much more appealing target for cyber criminals.
– Data restoration. Once ransom is paid, organizations must rebuild or restore their systems. Full restoration can take days or weeks, depending on the number of systems involved.
– Equipment damage/Bricking. Some ransomware renders the infected equipment permanently unusable. The cost of repair can exceed the cost of replacing the damaged devices.