Why AD360

A proven leader in identity and access management

ManageEngine AD360 offers a dynamic and scalable platform designed to centralize identity management within your operational framework.

Irrespective of your industry, specific use cases, or support requirements, AD360 is uniquely equipped to meet your diverse needs effectively and comprehensively.

9 out of every 10 Fortune 100 companies trust ManageEngine

Companies logosCompanies logos
Solutions

"We were able to meet the compliance stipulations of our Community Connect host, who looks after our medical records system.

What I appreciated most was the stricter control we've achieved over our domain admin accounts."

Jarod Davis,
Computer Technician,
Reedsburg Area Medical Center
Schedule a demo
30 minute personalised live demo

See how AD360 can help your organization to manage, protect, and empower identities - from a single centralised web console.

After the demo, you will be able to:
  • Automate user onboarding and offboarding
  • Detect suspicious user activities with UBA-driven audits and alerts
  • Enable one-click access to enterprise apps with MFA-powered SSO
  • Reduce IT tickets with self-service password reset and account unlock
  • Enable non-admin users to perform IT tasks with help desk delegation
  • Manage, audit, and monitor with Microsoft 365 management and security
 

Ransomware-as-a-Service: Rise of a lethal cyberweapon

By Dharuna
Published on March 21, 2022

Ransomware

Rampantly used by attackers, ransomware is a type of cybervirus that extorts individuals and companies by holding them critical resources to ransom. The malware achieves it by blocking users from accessing information using encryption.
is malware that modifies data on a victim's device and renders it inaccessible until a ransom is paid to reinstate access to the data. Hackers or attackers exploit a system's vulnerabilities to spread this type of malware.

The evolution of ransomware

The first instance of ransomware can be traced to 1989, when Joseph Popp distributed 20,000 floppy disks infected with the AIDS Trojan, also known as the PC Cyborg virus, to participants of a World Health Organization conference. Fortunately, the ransomware did not spread widely due to the lack of interconnectivity between systems and devices. Although rudimentary in nature, the AIDS Trojan laid the stepping stones for today’s more sophisticated variants.

By 2005, the first variants of modern ransomware surfaced, but it was not until 2012 that the number of attacks accelerated at an alarming rate. This spike was further fueled by the rise of cryptocurrency, and the anonymity and untraceability it offers. This, in turn, opened up a new stream of revenue for attackers who monetized their malware products by creating ransomware markets, which we now know as Ransomware as a Service (RaaS)

A subscription-based business model that provides customers the necessary tools and services required to inflict a ransomware attack on their target networks.
.

RaaS: A growing threat

RaaS is analogous to other SaaS offerings in its business model, where the business operators with better access to resources offer their services to their affiliates. Cybercriminals create ransomware to be franchised or sold as attack kits to anyone wanting to infect their victims' devices. The kit contains instructions for the attackers on how to deploy ransomware, infect devices, and collect payment. This payment is then split between the ransomware authors and the attackers. Notable RaaS providers include Satan RaaS, REvil, Dharma, and Lockbit.

Although the operating methods of RaaS seem simple, there are more complex factors at play that influence and fuel its workings.

Factors fueling the rise of RaaS today

Cryptocurrency

Ransomware has come a long way since 1989 when victims of the AIDS Trojan were asked to send $189 to a physical P.O. box in Panama. The difficulties and risks of collecting the ransom played a large part in the slow adoption of RaaS. This quickly changed with the emergence and widespread use of cryptocurrency, which leaves no paper trails and guarantees anonymity and instant payments. Since the driving force behind a majority of ransomware attacks is monetary gain, cryptocurrency has prompted the surge of RaaS markets.

The pandemic and the shift to remote work

The migration to remote work since 2020 introduced more vulnerabilities for ransomware attacks. Since employees working from home were no longer protected by the company's network firewall,

A software barrier that stands between the internet and an organizational network, Firewall inspects incoming traffic and filter the malicious ones out before entering into the network.
and the traditional security measures were not as effective, an increase in ransomware threats occurred. The growth and availability of cloud infrastructure also propelled scalable, geography-independent environments deployable from anywhere in the world.

According to a report by HHS, ransomware attacks were responsible for almost 50% of all healthcare data breaches in 2020. These numbers are expected to surge considering the rise of remote work and the spike of RaaS franchises.

Ease of accessibility

The RaaS market is a Pandora's box containing a plethora of ransomware for cyberattackers to choose. From simple drag-and-drop interfaces to a fully prefabricated kit that requires no coding knowledge, ransomware is available for as little as $40. Many kits feature a dashboard to keep track of attacks and the money extorted and provide a support link to help victims navigate ransom payment options. This makes ransomware attacks available to everyone irrespective of their technical abilities and significantly broadens the pool and lowers the bar for entry to threat actors willing to engage in the lucrative RaaS business.

Robust business model

RaaS vendors have adopted an efficient business model that gives them easy access, more leverage, and a larger attack base. In place of a team of two or three people focused on spreading ransomware, there are now multiple independent attackers impacting IT environments worldwide. RaaS business models today often include monthly subscriptions, affiliate programs with profit sharing, and one-time purchase options. As a result, ransomware attacks and the demands placed on their victims have been surging at an unprecedented rate. In May 2021, a US insurance company.paid a ransom of $40 million, the largest publicly reported payment made by any ransomware victim to date.

The way forward

While this is bad news for businesses, we must also remember that defensive techniques are also evolving. RaaS has made ransomware easily accessible even to people with no technical capabilities, but at the same time these attacks are also not as complex as the attacks carried out by expert criminals and are often easier to detect and remediate. Since the RaaS market has only a few major vendors, it's easy to trace the ransomware attack to the author, even if the code is customized.

Ransomware attacks are expensive, but prevention is not. Identifying vulnerabilities, backing up data, training employees to be alert to potential attacks, and encrypting critical data are some recommended precautionary measures. It's also high time organizations moved away from the traditional castle-and-moat protection, where resources can be accessed only by people within the network, and from layered security practices that emplace multiple levels of security, as both have proven less effective in the face of ransomware attacks than Zero Trust

A cybersecurity policy that inherently applies least privileged access— every user or application is a potential threat. Zero Trust model reinforces authentication on the basis of user identity and context—user location, designation, security posture of user's device/third party's application.
security practices, which eliminate any implicit trust and require authentication for each interaction.

Related Stories

Chat now
   

Hello!
How can we help you?

I have a sales question  

I need a personalized demo  

I need to talk to someone now  

E-mail our sales team  

Book a meeting  

Chat with sales now  

Back

Book your personalized demo

Thanks for registering, we will get back at you shortly!

Preferred date for demo
  •  
    • Please choose an option.
    • Please choose an option.
  •  
  • Functionalities you’re interested in*
    This field is required.

    Done

     
  • Contact Information
    •  
    •  
    •  
    •  
  • By clicking ‘Schedule a demo’, you agree to processing of personal data according to the Privacy Policy.
Back

Book a meeting

Thanks for registering, we will get back at you shortly!

Topic

What would you like to discuss?

  •  
  • Details
  •  
    • Please choose an option.
    • Please choose an option.
    Contact Information
    •  
    •  
    •  
    •  
  • By clicking ‘Book Meeting’, you agree to processing of personal data according to the Privacy Policy.
Back to Top

Thank you for subscribing our newsletter

Actionable cybersecurity insights, straight to your inbox

Thank you for subscribing newsletter

You have already subscribed to our newletter

  • US
  • By clicking "Subscribe now", you agree to processing of personal data according to the Privacy Policy.