Posted by Mumbai: The advent of RaaS (ransomware-as-a-service) is one of the key reasons why ransomware has prospered, according to new research from cyber exposure company Tenable.
The service model has significantly lowered the barrier of entry, allowing cybercriminals who lack the technical skills to commoditize ransomware.
In 2020 alone, ransomware groups reportedly earned $692 million from their collective attacks, a 380% jump over the previous six years combined ($144 million from 2013 to 2019).
The success of RaaS has also attracted other players such as affiliates and initial access brokers (IABs). They play prominent roles within the ransomware ecosystem, often more than ransomware groups.
Affiliates are involved in gaining access to networks via different methods. Such as spearphishing, deploying brute force attacks on remote desktop protocol (RDP) systems, exploiting unpatched or zero-day vulnerabilities and purchasing stolen credentials from the dark web. They earn between 70%-90% of the ransom payment.
Besides, they may also work with IABs, which are individuals or groups that have already gained access to networks and are selling access to the highest bidder. Their fees range on average from $303 for control panel access to as much as $9,874 for RDP access.
The current ransomware dominance is directly linked to the ‘double extortion’ technique revealed in the research, and the Maze ransomware group is behind this double extortion technique.
It involves stealing sensitive data from victims and threatening to publish these files on leak websites, while also encrypting the data so that the victim cannot access it.
Ransomware groups have recently added a variety of other extortion techniques to their repertoire. That includes launching DDoS attacks on victims’ customers, making it even more challenging for defenders. These tactics are part of the ransomware gangs’ arsenal as a way to place additional pressure on victim organisations.
“With RaaS and double extortion, Pandora’s box has been opened, and attackers are finding holes in our current defences and profiting from them,” said Satnam Narang, Senior Staff Research Engineer, Tenable.
“In 2021, double extortion ransomware increased by 117% globally. CERT-In noted that the country witnessed double the ransomware attacks in 2021 compared to 2020, leading to more organisations paying ransoms,” added Narang.