While most organizations are familiar with the dangers of ransomware, they may not know that ransomware is increasingly being commoditized and proliferated.
Behind this shift are the ransomware developers. Not content with making money through direct extortion, these cybercriminals are now increasing their profits — as well as raising the overall number and quality of attacks — by selling their malware to other, less technically proficient hackers.
One result: Ransomware in the wild is now more reliable — that is, dangerous — and innovative — that is, hard to detect. Attributing the source of the attacks has gotten harder, too. This makes it very difficult to understand the motives of cybercriminals and to predict how they’ll behave and react.
To increase their profits, ransomware developers are currently using three distinct business models:
- Ransomware-as-a-service (RaaS): Developers essentially rent their cloud-based ransomware, typically hosted on a pirate website or dark web forum, to affiliates who then use it to execute attacks against their chosen targets.
- Ransomware-as-a-product: Ransomware producers sell ransomware directly to other cybercriminals.
- Ransomware-as-a-subscription: Ransomware creators charge affiliates a monthly fee for access to their malware.
Once an affiliate has bought, rented or subscribed to ransomware, they can distribute the malware to their chosen targets using methods that include phishing emails, exploit kits and drive-by downloads. Then they can encrypt their victims’ files and demand a ransom payment to decrypt them. If the victim pays the ransom, then the affiliate will send them a decryption key.
We recommend that all organizations fight ransomware attacks by educating their employees and deploying the proper tools and practices.
We also strongly recommend that you create a plan for handling potential attacks. This plan should include ways to identify and contain an attack and recover files. It should also include considerable time for practice sessions — that is, regular drills and simulation exercises with key stakeholders. In this way, you’ll ensure that in the event of a ransomware attack, your people and processes will respond effectively and quickly.
Learn more about DXC Security.
About the author
Mark Hughes is general manager of Security for DXC Technology. He is responsible for DXC’s Security business including cyber risk and compliance, digital identity, infrastructure, app and data protection, and cyber transformation and operations. He previously led DXC's offerings and strategic partners organization. A Royal Military Academy graduate and British Army veteran, Mark serves on the World Economic Forum’s Global Cybersecurity Board. Connect with him on LinkedIn.