The ransomware as a service model has reportedly caused a dramatic increase in ransomware attacks. What is ransomware...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
as a service, and how is it affecting enterprise security? What can be done to mitigate the chances of falling victim to an attack?
Ransomware as a service is a model where a ransomware author develops malicious code and makes it available to multiple other criminal affiliates -- sometimes by purchase -- allowing them to send it to targeted users via phishing or other attacks. It is very similar to exploit kits, but ransomware as a service takes it a step further to the most important part for a criminal -- the money part. The as a service model allows malware authors to scale their criminal enterprise with minimal risk to themselves. The malware author can produce the malware ransomware and instruct other criminals on how to set up the infrastructure to carry out the attacks. This frees the malware authors from that part of the attack, but the model still generates revenue for them, as cybercriminals will pay to use the malware. And according to McAfee security researchers, the model's ability to create a vast "affiliate program" for ransomware types like CTB-Locker resulted in an increase in ransomware attacks in 2015.
The threats produced by ransomware as a service affect enterprise security the same ways other traditional ransomware does, but the service model means there are more threats to contend with. It's important to remember the ransomware model is particularly well-suited to target enterprises; for many enterprises, it's worth paying the ransom rather than losing their vital corporate data.
Implementing appropriate endpoint security defenses are important to protect organizations from ransomware as a service attacks, but they are not sufficient. The best defense to ransomware as a service attacks is good backup practices. These practices should include backing up all data to disconnected storage media. The disconnected or removable media aspect is particularly important, as the backups themselves could be encrypted by ransomware if the backup files are stored on the infected system. The backups could be connected to a centralized service where the client can't directly access the files and spread the ransomware. The data backed up shouldn't just be the files stored on the local hard drive, but any files the endpoint or user has access to over the network, as those files are also vulnerable to malware.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
When NSA cyberweapons went public, attackers bundled them into the EternalRocks malware. Nick Lewis takes a closer look at this new threat and ...continue reading
A Google Docs phishing attack used OAuth tokens to affect more than a million Gmail users. Nick Lewis explains how it happened, and how to defend ...continue reading
A vulnerability in Microsoft's Windows Defender antivirus tool left users open to remote code exploitation. Expert Nick Lewis explains how it ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.