lolloj - Fotolia

Problem solve Get help with specific problems with your technologies, process and projects.

How can enterprises mitigate ransomware as a service?

A rise in ransomware attacks has been attributed to a new service model for cybercriminals. Nick Lewis explains what's behind this new threat.

The ransomware as a service model has reportedly caused a dramatic increase in ransomware attacks. What is ransomware as a service, and how is it affecting enterprise security? What can be done to mitigate the chances of falling victim to an attack?

Ransomware as a service is a model where a ransomware author develops malicious code and makes it available to multiple other criminal affiliates -- sometimes by purchase -- allowing them to send it to targeted users via phishing or other attacks. It is very similar to exploit kits, but ransomware as a service takes it a step further to the most important part for a criminal -- the money part. The as a service model allows malware authors to scale their criminal enterprise with minimal risk to themselves. The malware author can produce the malware ransomware and instruct other criminals on how to set up the infrastructure to carry out the attacks. This frees the malware authors from that part of the attack, but the model still generates revenue for them, as cybercriminals will pay to use the malware. And according to McAfee security researchers, the model's ability to create a vast "affiliate program" for ransomware types like CTB-Locker resulted in an increase in ransomware attacks in 2015.

The threats produced by ransomware as a service affect enterprise security the same ways other traditional ransomware does, but the service model means there are more threats to contend with. It's important to remember the ransomware model is particularly well-suited to target enterprises; for many enterprises, it's worth paying the ransom rather than losing their vital corporate data.

Implementing appropriate endpoint security defenses are important to protect organizations from ransomware as a service attacks, but they are not sufficient. The best defense to ransomware as a service attacks is good backup practices. These practices should include backing up all data to disconnected storage media. The disconnected or removable media aspect is particularly important, as the backups themselves could be encrypted by ransomware if the backup files are stored on the infected system. The backups could be connected to a centralized service where the client can't directly access the files and spread the ransomware. The data backed up shouldn't just be the files stored on the local hard drive, but any files the endpoint or user has access to over the network, as those files are also vulnerable to malware.

Next Steps

Find out why defeating CryptoLocker ransomware is so difficult

Learn the best ways to protect corporate data from ransomware

Read about the differences between extortionware and ransomware

This was last published in February 2016

Dig Deeper on Malware, virus, Trojan and spyware protection and removal