lolloj - Fotolia
The ransomware as a service model has reportedly caused a dramatic increase in ransomware attacks. What is ransomware as a service, and how is it affecting enterprise security? What can be done to mitigate the chances of falling victim to an attack?
Ransomware as a service is a model where a ransomware author develops malicious code and makes it available to multiple other criminal affiliates -- sometimes by purchase -- allowing them to send it to targeted users via phishing or other attacks. It is very similar to exploit kits, but ransomware as a service takes it a step further to the most important part for a criminal -- the money part. The as a service model allows malware authors to scale their criminal enterprise with minimal risk to themselves. The malware author can produce the malware ransomware and instruct other criminals on how to set up the infrastructure to carry out the attacks. This frees the malware authors from that part of the attack, but the model still generates revenue for them, as cybercriminals will pay to use the malware. And according to McAfee security researchers, the model's ability to create a vast "affiliate program" for ransomware types like CTB-Locker resulted in an increase in ransomware attacks in 2015.
The threats produced by ransomware as a service affect enterprise security the same ways other traditional ransomware does, but the service model means there are more threats to contend with. It's important to remember the ransomware model is particularly well-suited to target enterprises; for many enterprises, it's worth paying the ransom rather than losing their vital corporate data.
Implementing appropriate endpoint security defenses are important to protect organizations from ransomware as a service attacks, but they are not sufficient. The best defense to ransomware as a service attacks is good backup practices. These practices should include backing up all data to disconnected storage media. The disconnected or removable media aspect is particularly important, as the backups themselves could be encrypted by ransomware if the backup files are stored on the infected system. The backups could be connected to a centralized service where the client can't directly access the files and spread the ransomware. The data backed up shouldn't just be the files stored on the local hard drive, but any files the endpoint or user has access to over the network, as those files are also vulnerable to malware.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Researchers from Check Point announced a new attack at Black Hat 2018 that targets Android devices. Discover how this attack works and how devices ... Continue Reading
Sophos researchers believe the SamSam ransomware campaign could be the work of one or a few threat actors using manual techniques. Learn how it works... Continue Reading
The hacking group Magecart was recently found to have run a card skimming campaign that put customer information at risk. Learn how this attack ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.