How to Stay Protected against Ransomware as a Service

Hacking was once a dark art known only to computer whizz kids, but as information becomes more easily available and software becomes more sophisticated, it is easier than ever before for people with very little technical knowledge to gain access to other users’ IT systems.

A new type of ransomware, Ransomware-as-a-Service (RaaS), is user friendly and can be deployed by anyone by downloading the virus either for free or for a simple fee. Ransomware is a particular type of malware that literally holds the user’s files to ransom after it infects their device. The most common type of ransomware is crypto-ransomware, which encrypts files using an algorithm in a process that is irreversible without the correct encryption key. Users with files infected with this type of ransomware will be asked to pay a ransom in exchange for the key to regain access to their files.

Ransomware and other malware is written by talented programmers, which would normally mean only a small number of people have access to it. However we are increasingly seeing advertisements for ransomware as a service, essentially making it available for anyone willing to pay the service fee.

Malware Available at the Click of a Button

Malware is now the biggest threat online, blamed partly due to the increase in Malware as a Service (MaaS), which provides the technology and infrastructure needed to launch a successful malware campaign on a monthly subscription model.

A video advertisement for a Malware service called “Philadelphia” demonstrates how users have complete control over customizing their own malware including choosing different languages, setting a deadline for payment (after which there is the option of deleting the files), choosing which directories on the victim’s computer will be encrypted, the ability to generate reports and track “malware campaigns”, all for a one-off payment of around $400.

As the initial investment in the software could easily be recovered in the first malware infection, it could be very tempting for anyone looking to make some quick cash at the expense of others.

“Exploit kits” or kits of software that are designed to be run on servers with the intent of exploiting vulnerabilities in client machines connected to that server have existed for several years. The main difference now is that much of this “malware for hire” is offered as a cloud-based service, meaning those who use it do not need to invest thousands of dollars into servers and sophisticated infrastructure.

Customers can now pay for an exploit kit hosted on a server under the control of the developers of the malicious software and run attacks via a user-friendly control panel that requires little technical knowledge.

MaaS allows anyone to set up and launch a malware campaign from getting it onto user devices and getting users to run the software, right down to collecting the financial reward via bitcoins. Everything is automated and can be achieved with the minimum effort.

Just as the cloud has allowed businesses to benefit from access to software that they may not ordinarily have the budget or infrastructure for, cloud-based malware can be accessed faster, cheaper, and in a way that is much harder to detect and trace back to the person responsible.

These services are proving to be extremely lucrative for those who set them up, so it’s unlikely that they will go away anytime soon. A single MaaS infrastructure has been estimated to infect over 184,000 devices and generate around $100,000 every month.

Open Source Ransomware

Open source software is software that has freely available source code with a license allowing anyone to use it or modify it, for any purpose.

The open source movement has been widely praised for its availability to everyone, the increased speed that new innovations can be made, and its potential for educational uses. However open source software may also have a dark side.

Open source malware is now widely available for educational purposes, in the form of packages like Hidden Tear, a freely available and editable ransomware that could be edited or used by anyone. Although this project was intended to be strictly educational, it was of course hijacked for malicious purposes. In this case, the author had cleverly designed the software with intentional security flaws so that infected files could be decrypted easily.

The developers of this type of open source malware argue that their release helps to increase security for all, however there were still real-life victims who were infected with this malware and didn’t realize they could recover from it without paying.

Hidden Tear was released a couple of years ago and there are now many more examples of this type of open source project that can be used by researchers to improve the strength of anti-malware systems, but also potentially by malicious parties to infect user devices for financial gain.

There are many examples where open source malware has been used by hackers successfully, such as a malware attack that disabled part of Ukraine’s national power grid, that was traced back to freely available open source code found online.

As there is so much malicious source code now available for free, it is now even easier for programmers to develop their own unique ransomware and offer it up for a one-off or monthly fee, thus profiting from an initiative that was originally intended to be a positive step in IT security.

How to Protect Your Organization From Ransomware?

There are two main aspects to protecting yourself or your organization from Ransomware. The first is to take steps to avoid being infected with malicious software in the first place. The second is to ensure that files and data are regularly backed up so that if a ransomware attack does occur, the files can be recovered easily, rendering the attack useless.

Simply being aware of best practices when it comes to IT security is a good first defence when it comes to avoiding malware infections. This is less easily managed in an organization with many employees, but staff training and clear IT policies can help prevent infection from phishing attacks and clicking links in malicious emails, for example.

Anti-malware software can help prevent some infections, but there will always be newly written malware that can escape detection.

As malware is now increasingly infecting the cloud, it’s also important to use a cloud cybersecurity service such as SpinOne, which can detect risky user behavior and potentially dangerous third-party apps that may increase the risk of malware infections.

The only foolproof way to ensure 100% protection against ransomware is to have an effective backup system in place. If you have a recent backup in place that can easily be deployed in the event of file corruption or encryption, this means you will be able to restore your system to a point in time before the attack occurred.

Spinbackup also provides a daily automated cloud backup service for G Suite that offers users complete peace of mind that their files will be easily restored if they are the victim of a ransomware attack.