lolloj - Fotolia
The ransomware as a service model has reportedly caused a dramatic increase in ransomware attacks. What is ransomware as a service, and how is it affecting enterprise security? What can be done to mitigate the chances of falling victim to an attack?
Ransomware as a service is a model where a ransomware author develops malicious code and makes it available to multiple other criminal affiliates -- sometimes by purchase -- allowing them to send it to targeted users via phishing or other attacks. It is very similar to exploit kits, but ransomware as a service takes it a step further to the most important part for a criminal -- the money part. The as a service model allows malware authors to scale their criminal enterprise with minimal risk to themselves. The malware author can produce the malware ransomware and instruct other criminals on how to set up the infrastructure to carry out the attacks. This frees the malware authors from that part of the attack, but the model still generates revenue for them, as cybercriminals will pay to use the malware. And according to McAfee security researchers, the model's ability to create a vast "affiliate program" for ransomware types like CTB-Locker resulted in an increase in ransomware attacks in 2015.
The threats produced by ransomware as a service affect enterprise security the same ways other traditional ransomware does, but the service model means there are more threats to contend with. It's important to remember the ransomware model is particularly well-suited to target enterprises; for many enterprises, it's worth paying the ransom rather than losing their vital corporate data.
Implementing appropriate endpoint security defenses are important to protect organizations from ransomware as a service attacks, but they are not sufficient. The best defense to ransomware as a service attacks is good backup practices. These practices should include backing up all data to disconnected storage media. The disconnected or removable media aspect is particularly important, as the backups themselves could be encrypted by ransomware if the backup files are stored on the infected system. The backups could be connected to a centralized service where the client can't directly access the files and spread the ransomware. The data backed up shouldn't just be the files stored on the local hard drive, but any files the endpoint or user has access to over the network, as those files are also vulnerable to malware.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Island hopping attacks create enterprise risk by threatening their business affiliates. Here's how to create an incident response plan to mitigate ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading