What is Ransomware as a Service?

If you’ve been following our blogs and newsletters, you’ll know we’ve spent quite a bit of time discussing ransomware – the malicious software that blocks your data and systems and demands a sum of currency to release them so that you can regain operational control. Lately, this area of cybercrime has been evolving and becoming more sophisticated, bringing in an age of Ransomware as a Service (RaaS). Here’s what it all means – and why every organisation needs to pay attention to it.

The basics behind RaaS

When we think of hackers and cybercriminal gangs, we tend to think of people who have sophisticated IT knowledge – of tech geniuses who have decided to use their gifts for harm rather than good. And for the most part, that’s not inaccurate. But these criminal networks have changed their strategy to mimic business models that have become a proven success in the world of business IT. We all know what SaaS (Software as a Service) is, and it’s become a model for how ransomware is distributed.

For example, in the past, it was more complicated to become a target for these groups. Your organisation had to attract their attention through its business dealings, size, a particular vulnerability in its systems, or even a personal grudge. Now, it’s different. Talented and experienced hackers simply create cookie-cutter ransomware and sell it to those who want to perform an attack but don’t have the resources or knowledge to do it themselves, selling ransomware as a scalable, accessible DIY product.

Why RaaS is so dangerous

It’s become an almost mass-produced cybercrime product where essentially anyone can attack any network for any reason. And the cost of RaaS is not a particularly high barrier either, with easy-to-use kits being sold for as little as US$50, with options for subscriptions, flat rate fees, and DIY solutions. Even with more sophisticated attacks costing considerably more, the payoff is considered to be worth it as the average cost of a ransomware attack increases.

In Australia, ransomware has cost businesses and the public sector AU$241 million in 2019, with 67% of businesses experiencing a ransomware attack in the last year – 27% higher than the global average and the highest numbers for the Asia-Pacific and Japan region.

What should your business do?

Now, at Otto IT, we aren’t interested in scaremongering or fear tactics, but the facts here speak for themselves. A ransomware attack can cripple a business, send your sensitive data out onto the dark web for further exploitation, lead to excessive downtime, data loss, and loss of consumer trust. Since it’s more accessible than ever before thanks to RaaS, what should every business do?

  • Assume an attack will happen
  • Have a secure off-site backup that is updated regularly
  • Layer your IT security
  • Have a practical data recovery plan in place
  • Use IT security experts to give you the talent and expertise needed to protect your business

At Otto, we’re here to protect your organisation and your people against RaaS, IT scams and other IT security risks. We’ll help you educate your team, ensure you have the best IT protection for your business and be ready to act if your data or people are compromised. Talk to us today about IT security and data security for your business.