Skip to content
Home / Blog / Should You Be Concerned About Ransomware as a Service (RaaS)?

February 28, 2020 | PJ Farmer

Should You Be Concerned About Ransomware as a Service (RaaS)?

Ransomware is among the biggest cybersecurity threats that businesses face today. While it began as a consumer threat, ransomware now targets businesses both large and small. In 2019, ransomware attacks on businesses rose by 365%. Every 14 seconds a new organization falls victim to a ransomware attack, according to Cyber Security Ventures. If your organization hasn’t been hit by ransomware yet, odds are it soon will be. Ransomware as a Service (RaaS) adds a new twist to the typical ransomware threat.

What are ransomware and Ransomware as a Service?

The good news is that ransomware and Ransomware as a Service can be prevented with the right security safeguards. But first, let’s define Ransomware and Ransomware as a Service.

What is ransomware?

Like other types of malware, ransomware typically travels by email attachment or infected web sites. But unlike other malware that is designed to steal data or install a back door into your IT systems, ransomware holds your data hostage. It encrypts files or entire file systems on PCs and servers, making them unusable to the business. To unlock the data, the victim must pay a ransom for a decryption key.

Healthcare organizations and other businesses are popular targets because they have volumes of data which is critical to their operations and are more likely to pay high ransoms. According to Zerto, businesses impacted by ransomware spent an average $1.4 million per attack in 2019.

Municipal governments have been hit with a flood of ransomware attacks over the past year. They’re popular targets because they often operate with tight IT budgets. Due to limited resources, they may have older versions of applications with known vulnerabilities and practice irregular security patching and data backups.

Unfortunately, the cost of cleaning up after a ransomware attack is far greater than the cost of better security practices and technologies.

Baltimore paid an estimated $18.2 million to restore its IT systems and data after ransomware attack last year that crippled its systems for over a month. In December 2019, New Orleans was hit by ransomware which reportedly cost $7 million in damage. Over 450 servers and 3,500 laptops were infected by the malware, which originated in a phishing email. Fortunately, the city had $3 million in cyber insurance to absorb some of the costs.

What is Ransomware as a Service?

Ransomware is a booming business and skilled cyber attackers are exploiting the demand for ransomware by selling ransomware kits and Ransomware as a Service (RaaS) on the Dark Web. To use RaaS, a would-be criminal pays a subscription fee, or a percentage of the ransom received to use the ransomware, as well as other amenities such as distribution services, software updates, and tech support. The RaaS distributor may collect the ransom and take their share before passing the rest onto the customer.

Of course, not all victims pay ransom, and not all of those who do get their data back. A  Proofpoint survey of security professionals found that just over half opted to pay the ransom. Of those who did, 69% got a working decryption key and recovered most of their data. However, 22% did not recover their data or IT systems.

A ransomware consulting company can try to recover your encrypted data or even negotiate with the cyber attackers. Another option is the No More Ransom initiative, a partnership of the Netherlands’ National High Tech Crime Unit, Europol’s European Cybercrime Centre, and cyber security companies Kaspersky and McAfee. The group provides free decryption programs for dozens of ransomware variants.

Stay calm and use these tips to avoid Ransomware as a Service

Prevention is always the best strategy against ransomware. Since Ransomware as a Service is a subset of ransomware, you can use the same protections to protect your data against both. Here are four guidelines to avoid becoming another ransomware statistic:

1. Keep your IT systems up to date

As software companies find security vulnerabilities in their applications, they issue patches to fix them. Hence, it’s essential to stay on top of patching lest a cyber attacker take advantage of the vulnerability. If your applications are approaching end-of-life support, it’s critical to upgrade.

2. Train your employees to spot ransomware

Train end-users on basic cybersecurity practices, so they can recognize a phishing attempt and treat email attachments with suspicion.

3. Implement a disaster recovery plan

A good cloud disaster recovery solution, also known as DRaaS, can ensure you recover most, or all, of your data and minimize downtime. Cloud disaster recovery is an effective solution for businesses that provides continuous backups that are separate from the production data.  The backups won’t get encrypted along with the production system during an attack. A disaster recovery plan and solution with continuous data backup will save you hundreds of thousands of dollars in ransom and cleanup costs, as well as days or weeks of downtime.

Also read: Strategic Guide to Disaster Recovery and DRaaS

4. Contact a managed security services provider (MSSP)

Many managed service providers also provide managed IT security services that will detect potential ransomware threats and disable them before they can damage your systems. A few of the ransomware-specific protections that an MSSP can offer include email security (anti-spam and anti-phishing), vulnerability scanning, web content filtering, and anti-malware protection.

Do you have a solid plan to combat Ransomware as a Service?

It’s also important to stay informed of the latest ransomware trends, but it’s even more important to have a strategy to protect your business. Read our guide below to learn how to approach IT Security or contact us to learn more.

Download our Strategic Guide to IT Security

Strategic Guide to IT Security

Subscribe to the TierPoint blog

We’ll send you a link to new blog posts whenever we publish, usually once a week.