Ransomware as a Service (RaaS) and How to Counter It

Written By: Natascha O.

What is Ransomware? 

Ransomware is a form of malware that encrypts the data on a user’s system and requires payment to obtain a decryption key to decrypt the data. Although ransomware is not the only type of malware, it is one of the most common since it is easy to obtain and an effortless way for cybercriminals to extort money. Ransomware encrypts all the files and data on a computer and makes it to the point to where they cannot access these or the system until they pay the ransom. However, even after the ransom is paid, it is not always guaranteed that a decryption key will be sent to the user.

What is Ransomware as a Service?

Ransomware as a Service (RaaS) is easily deployable and is a service sold to people who are seeking to launch a ransomware attack. Similarly, to Software as a Service, such as the Microsoft Office 365 products, ransomware is sold in packages or kits to users or groups. This allows a person with limited technical skills to be able to carry out a large-scale cyber-attack. For example, the DarkSide ransomware was responsible for the 2020 Colonial Pipeline cyberattack, which caused a significant disruption to the fuel supply in the United States. The ransomware was made available to other groups and was being marketed as Ransomware as a Service.

Who are the targets for ransomware?

Whether it is an individual or an organization, anyone with a computer is at risk of being a target for a ransomware attack. However, most commonly, businesses and large organizations are at risk for these cyber-attacks. Individuals using their laptops for personal use are not a target as often since there is a higher monetary incentive for targeting large organizations. However, organizations are not the only ones being targeted; institutions such as hospitals and education institutions are also being targeted. The Prospect Medical Holdings was hit with a ransomware attack that took their computers offline for over a month. This resulted in almost 200,000 people being affected by the ransomware attack.

How to prevent ransomware? 

Thankfully, there are ways to prevent ransomware attacks. One of the most common ways people find themselves with ransomware on their system is through clicking on a malicious link. People should exercise extreme caution when opening unverified links and attachments from emails. Patching your computer is also extremely important. Unpatched systems can become vulnerable to nefarious activity looking to exploit these vulnerabilities. Ensuring your system is up to date with the most recent updates and patches can be extremely useful in thwarting cyberattack attempts.

Additionally, although backups are not a way to mitigate ransomware attacks, they are one of the most effective ways to recover from a ransomware attack. Regular backups of organizational files are extremely important in a compromised system. Having offline backups can let you restore a system to a point before it was infected.