According to the Federal Bureau of Investigation’s (FBI) 2023 Internet Crime Complaint Center (IC3) report, the federal agency received 2,385 complaints identified as Rançongiciels with adjusted losses of more than $34.3 million in 2022. Of those complaints, 870 belonged to an organization falling into an industry classified as a critical infrastructure sector.
Subscription-based applications have changed the software market — including the illicit software market. Similar to how legitimate companies can leverage SaaS applications to streamline business operations, threat actors now offer subscription-based Rançongiciels models that enable criminals to deploy attacks easily. Ransomware as a Service, or RaaS, means that threat actors don’t have to code their own Rançongiciels; they can simply buy it from another cybercriminal. This means that any threat actor who wants to can launch a Rançongiciels attack, no matter their technological skills.
In addition, modern Rançongiciels attacks no longer simply encrypt data. Over the past few years, attackers have been focusing on attaques de double et triple extorsion that also include stealing data, holding it hostage until the victim pays the requested ransom.
The evolving Ransomware-as-a-Service (RaaS) business model has democratized these attacks, enabling sophisticated actors to deploy them.
How Does Flare Address Ransomware Readiness?
Groupes RaaS gain access to your environments by taking advantage of data leaks, looking through sensitive information in stealer logs sold on Genesis Market, Russian Market, and both public and private Telegram groups.
Flare provides continuous monitoring of any stolen information with automated monitoring across the clear & dark web, prioritized alerts, and autonomous remediation. This includes monitoring for stealer logs, especially those that contain access to RDP, VPN, and SSO credentials that could lead to a compromise of your data.
Quels sont les principaux avantages de la surveillance et de la préparation aux Rançongicielss avec Flare ?
- Flare automatically monitors for external threat exposures, allowing for significantly reduced time in remediating any risks.
- Flare is able to quickly contextualize and summarize threat actor activity so that your security team can act as soon as possible.
- Flare notifies you about any risks that need to be mitigated, allowing your security team to spend their time and resources on more complex tasks.
Ransomware as a Service: An Overview
What is Ransomware as a Service?
RaaS is a cybercrime business model in which threat actors who develop Rançongiciels sell their malware to other threat actors who then distribute it. RaaS lowers the criminal barrier to entry since sophisticated threat groups offer pre-developed Rançongiciels tools and infrastructure, including Rançongiciels variants and campaign management technologies.
It’s a variation of the broader Malware as a Service (MaaS) market. In fact, it’s a sizable chunk of that market; Rançongiciels made up 58% of the MaaS sold between 2015 and 2022.
How does the RaaS business model work?
There are a range of RaaS revenue models:
- Programmes d'affiliation: Users pay a monthly flat fee for access to the Rançongiciels. The RaaS takes a cut of every successful ransom.
- Partage des profits: The user purchases a license and the proceeds are split between all users and operators.
- Licence unique : Users make one payment for access to the RaaS. They do not have to share profits.
- Percentage split: Rather than paying for a license, the user splits the profits with the RaaS operators after an attack.
Typically, RaaS operates on an affiliate model with Rançongiciels developers/operators and the affiliates sharing the ransom payment revenue.:
- Les opérateurs: develop and manage the Rançongiciels platform, and provide the affiliates resources such as encryption keys and customer support
- Affiliés: execute the Rançongiciels attacks taking advantage of the resources and tools purchased from operators
Threat actors sell RaaS models on forums Web sombre, sur le dark web et Chaînes de télégramme in an effort to stay anonymous and avoid law enforcement.
What are the types of RaaS business models?
Il existe quelques modèles économiques généraux :
- Abonnements Mensuels: Les affiliés paient des frais mensuels récurrents pour accéder à la plateforme et utiliser ses ressources, conservant l'intégralité de la rançon payée.
- Frais de licence: Les affiliés paient des frais de licence uniques pour accéder aux outils du Rançongiciels, conservant ainsi la totalité de la rançon payée.
- Programme d'affiliation: Les affiliés reçoivent un pourcentage des rançons payées par les victimes.
En échange du paiement, les affiliés reçoivent :
- Technologies nécessaires au déploiement d’attaques
- Services d'assistance à la clientèle
- Communautés en ligne pour partager des connaissances et des expériences
- Accès à la documentation et aux tutoriels sur la façon de déployer le Rançongiciels
- Mises à jour des fonctionnalités
What is the history of the RaaS model?
RaaS isn’t new. The first recorded instance of Ransomware as a Service is from 2012, when Reveton — also called the FBI virus— locked victims out of their computers with a message claiming to be from the FBI or local law enforcement, and demanding a fine. Reveton was the first to offer its Rançongiciels as a product, and it operated as a business, offering updates and options for customization. Since then, RaaS gangs have exploded, as have the number of Rançongiciels attacks. Ransomware continues to evolve as threat actors innovate on the model.
Why is it Important to Understand Ransomware as a Service Right Now?
How prevalent is Rançongiciels?
The RaaS model might not be new, but the growth of the RaaS industry has certainly contributed to the dramatic rise in Rançongiciels attacks. According to Verizon’s 2023 Data Breach Investigation Report (DBIR) Rançongiciels is now the second most used atack vector and is present in a quarter of all data breaches. In 2023, ransomware was the second-most prevalent attack method in data compromises as well. With sophisticated Rançongiciels at the fingertips of almost anyone who wants it, increasing numbers of organizations will find themselves the target of Rançongiciels attacks.
How is Rançongiciels delivered?
Most Rançongiciels is delivered as part of a phishing attack; a bad actor uses a fake message to trick an insider into clicking a suspicious link or downloading the Rançongiciels in an innocent-seeming file. However, Rançongiciels can be inserted into a network by a threat actor who has hacked into a system.
What is the impact of RaaS?
Because RaaS makes Rançongiciels available to a larger group of criminals, it enlarges your surface d'attaque. Businesses are then exposed to several risks, financial and reputational. Some of the financial costs may include the following:
- Perturbation des opérations
- Amendes réglementaires
- Frais de litige
- Expenses associated with remediation efforts
- The ransom fee, or fees, if the organization chooses to pay
How can you protect yourself from RaaS gangs?
Countering RaaS gangs and Rançongiciels in general, it’s important that organization adopt a proactive cybersecurity stance. This means using a multifaceted strategy that includes technology, threat intelligence, education, and good cyber hygiene practices.
RaaS Readiness and Flare
Flare est le leader Gestion de l'exposition aux menaces (TEM) solution for organizations. Our technology constantly scans the online world, including the clear & dark web, to discover unknown events, automatically prioritize risks, and deliver actionable intelligence you can use instantly to improve security. Ransomware as a Service (RaaS) puts Rançongiciels, one of the most disruptive types of malware, into the hands of anyone willing to pay for it.
With Flare Supply Chain Ransomware Exposure Monitoring, gain unique visibility and proactive security across your extended supply chain to efficiently mitigate threat exposures that exist within Rançongiciels data leaks. Learn more by signing up for our essai gratuit.
