The Rise of RaaS: How a niche cyberattack revolutionized a cyber-crime business model

Ransomware attacks, where malicious software encrypts a victim's data and demands a ransom for decryption, have transitioned from a niche cyber threat to a pervasive one. This alarming trend is largely fueled by the arrival of Ransomware as a Service (RaaS).

RaaS platforms operate as a subscription service on the dark web where tech-savvy criminals develop and maintain sophisticated ransomware tools, then lease them out to less-skilled “affiliates” in exchange for a percentage of earnings. These affiliates, often with minimal coding experience, can now launch impactful attacks with relative ease, while the complicated tool development and management efforts stay with the larger organizations.

Groups like REvil, Conti, and Maze have become infamous for their ruthless tactics and the crippling financial blows they inflict on victims. In a pre-RaaS world, attackers who were sophisticated enough to develop these tools had to target organizations large enough to pay a ransom that could make an effort worthwhile. Small businesses were never free of risk, but there were bigger targets that the attackers focused on. Under new RaaS models, there is now an appropriately sized attacker for every available victim.

While news headlines focus on the large attacks, backup and disaster recovery company Veeam’s 2023 Data Protection Trends report indicated that almost 85% of ransomware attacks are now focused on small businesses. This massive impact on small businesses is largely driven by the now readily available RaaS platforms, which have allowed less sophisticated attackers to leverage the development effort of larger criminal enterprises to carry out attacks.

The consequences of a successful ransomware attack on a small business can be catastrophic. Consider a local accounting firm. Imagine their client database, tax records, and internal financial data all rendered inaccessible by ransomware encryption. Operational downtime translates to lost revenue during peak tax season. The exorbitant cost of ransom payments can cripple a company's cash flow, potentially forcing permanent closure. Beyond the immediate financial strain, a ransomware attack can shatter a small business's reputation. Customers who entrust them with sensitive data may lose faith, taking their business elsewhere.

The accelerated growth in RaaS affiliation is concerning for several reasons:

• Democratization of Cybercrime: RaaS empowers nearly anyone with an internet connection to become a cybercriminal. The technical expertise previously required has been significantly diminished, creating a larger pool of potential attackers. More attackers ultimately results in more victims.
  
  
• Constant Innovation: RaaS groups are constantly innovating and developing new tools and techniques to bypass security software detection. This ongoing arms race makes it increasingly challenging for small businesses to stay ahead of the curve. Under the RaaS model, talented software developers can focus on the tools they build and sell those to other criminals rather than having to develop the tool and then execute the attack on their own (something that requires different skill sets).
  
  
• Global Reach: The anonymity of the internet allows RaaS attacks to target businesses anywhere in the world. A local bakery can be just as vulnerable as a multinational corporation.

Combating this threat requires a proactive approach from small businesses. Prioritizing cybersecurity measures is paramount. Here are some recommendations:

• Regular data backups serve as a critical first line of defense. In the event of an attack, a recent backup allows a business to restore its files without succumbing to ransom demands.
• Employee training on phishing scams is another essential step. These deceptive emails are a common entry point for ransomware infiltration. By educating employees on how to identify and avoid phishing attempts, businesses can significantly reduce their risk.
• Finally, implementing robust security software can help to detect and block ransomware before it encrypts critical data.

Ransomware will undoubtedly remain a threat. By staying informed and taking proactive measures, small businesses can bolster their defenses against this growing cyber threat. Collaboration with cybersecurity professionals to develop a comprehensive security plan is an investment that can safeguard a business from financial ruin.

----

Jordan Silva is senior manager of security and cloud services at Hawaiian Telcom. Reach him at jordan.silva@hawaiiantel.com.  

© Honolulu Star-Advertiser
Visit this article in the Star-Advertiser.