#TECH: Ransomware as a service makes it easy for criminals

IN the evolving world of cyber threats, one dark trend is becoming increasingly prevalent - the rise of Ransomware as a Service (RaaS).

According to cybersecurity company CrowdStrike's director, Strategic Threat Advisory Group, APJ & EMEA, Scott Jarkoff, criminals have found a way to simplify their malicious endeavours, making it easier for them to wreak havoc on organisations worldwide.

He said this new wave of cybercrime is reshaping the cybersecurity scene.

Formidable threats

Ransomware remains one of the most formidable threats facing organisations today.

The traditional modus operandi involved adversaries developing ransomware tools and using them for their own malevolent purposes.

"However, the landscape has shifted, and the era of service-based models has dawned. "Why build a tool when you can sell access to it?" said Jarkoff.

He said the RaaS business model has gained popularity among cyber adversaries.

"They have created these ransomware tools with service in mind, and this is now a significant trend in the cybersecurity world," he said.

"But here's where it gets even more sinister: adversaries are conducting attacks that appear to be ransomware attacks, but they're not. These attacks have all the earmarks of a ransomware operation, but instead of deploying the ransomware and demanding a ransom, they steal sensitive data and engage in an extortion scheme to pressure the victim into paying up," he added.

Also, RaaS lowers the technical barriers to entry, provides access to sophisticated tools, and operates on a shared revenue model. This model allows for distributed and anonymous operations, targets a variety of victims, streamlines ransom negotiations, and continually evolves to evade security measures. These factors have fuelled a surge in ransomware attacks across industries.

LockBit menace

In 2022, Jarkoff said LockBit emerged as the most deployed ransomware variant worldwide. It continues to be a pervasive threat in 2023. LockBit operates under the (RaaS) model, where affiliates are recruited to carry out attacks using LockBit ransomware tools and infrastructure.

"The extensive network of unconnected affiliates means that LockBit ransomware attacks come in various forms, making them challenging for organisations to defend against," he said.

LockBit is, without a doubt, the go-to tool for adversaries since June 2021. The LockBit RaaS and its affiliates have negatively impacted organisations across the globe, targeting sectors like financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation.


In this perilous digital landscape, Jarkoff said organisations must take proactive measures to protect their assets and data. Among them include:

1. Use the Right Tools: Organisations should leverage modern and up-to-date security technology rather than relying on legacy tools that might not effectively prevent attacks.

2. Multifaceted Approach: A robust cybersecurity strategy includes more than just endpoint protection. It should encompass email gateways, web gateways, and solid firewalls.

3. Identity Threat Protection: Implementing identity threat protection solutions is paramount in today's threat landscape.

The victims

The victims of ransomware attacks vary widely. Jarkoff said some adversaries target organisations with lax cybersecurity practices.

"These are the low-hanging fruits for them," he said.

"Others exploit easily accessible credentials available on the dark web, making a small investment to demand substantial ransoms. Vulnerability exploitation is yet another avenue for attackers," he added.

In this digital age, payments are made exclusively through cryptocurrency, as the days of dramatic cash drops in trash bins and locker exchanges have long passed.

"Bitcoin's emergence in 2010 marked the beginning of this trend, followed by other cryptocurrencies. Real-life ransom drops, as seen in movies, are purely a cinematic trope," said Jarkoff.

To stay protected in this digital battleground, he said organisations must adapt to the changing landscape, and be prepared for the worst. The battle against cyber adversaries continues, and staying vigilant is the key to survival in this ever-shifting world of cybercrime.

Most Popular
Related Article
Says Stories