Ransomware is one of the biggest threats to enterprise cybersecurity, and it continues to grow. In Q3 2020 alone, ransomware attacks increased by 50% worldwide compared to the previous quarter. One of the biggest drivers behind ransomware’s continued success is the adoption of Ransomware as a Service (RaaS), a ransomware distribution model similar to cloud-based “as a Service” offerings where a provider maintains infrastructure or services and sells access to them to customers.
In the RaaS economy, the service provided is the infrastructure required to perform a ransomware attack. RaaS operators maintain the ransomware malware, offer a payment portal for victims, and may provide the “customer service” that victims might need (since many ransoms are demanded in Bitcoin or other cryptocurrencies). Their affiliates are responsible for spreading the ransomware, and any ransoms paid are split between the operators and the affiliate (typically with the operator receiving 30-40%).
This arrangement provides benefits to both sides of the deal. The operator gains a scale that they are unlikely to be able to achieve in-house and can focus on maintaining the backend infrastructure. The affiliate, on the other hand, receives access to the ransomware and its back-end infrastructure and can focus their attention on infiltrating networks and infecting computers.
This ability to specialize is a major benefit for cybercriminals as few are accomplished at both malware development and network penetration. The RaaS model is one of the main reasons why ransomware attacks have been able to continue growing steadily in recent years.
Many of the biggest names in ransomware are also the leading RaaS operators as well. Some of the most prolific and dangerous RaaS variants include:
These are only a few of the ransomware variants utilizing the RaaS model. Many other ransomware groups work with affiliates as well. However, the scale and success of these ransomware groups means that they have the pull to attract specialists to spread their malware.
The ransomware attack is continuing to grow, and RaaS means that cybercriminals can specialize as either malware authors or network penetration specialists. Organizations must deploy endpoint security solutions capable of detecting and remediating ransomware infections before critical files are encrypted.
Ransomware protection should be part of any organization’s security strategy, and SandBlast Agent provides peace of mind in the face of the ransomware threat. To learn more about SandBlast Agent and its capabilities, check out this solution brief. You’re also welcome to request a personalized demo to discuss how Check Point can help to improve your organization’s ransomware defenses.