RaaS: Hacking Made Easy

by | Jan 30, 2017 | Latest News

Do you know what the greatest motivator in 2016 was for cyber attacks?

If you answered “ransom,” you were correct.

Known as the year of ransomware, a whopping 49% of businesses fell victim to cyber ransom attacks. Based on these numbers, IT professionals certainly have cause for concern. Especially when taking into consideration “hacking made easy,” or what we know as Ransomware as a Service (RaaS).

What is Ransomware as a Service?
Modeled after software-as-a-service, RaaS extends hacking to would-be cybercriminals. Drawing in participants with a minimum of script kiddie abilities, they execute by:

  • Accessing a darkweb TOR site and registering with a Bitcoin address. From there, they tailor and download their own version of the malware.
  • Using multiple Bitcoin addresses to run simultaneous campaigns.
  • Employing typical infection vectors for the executable. Targeted spear-phishing, spray-and-pray phishing campaigns, malvertising with contaminated ads on websites compromised with Exploit Kits are available for criminal affiliates. Unknowingly, the malicious files are downloaded, manually hacking Linux servers or brute forcing terminal servers.

    • In the end, 5%-25% of all ransom collected goes to the original developers. By creating free and easy malware that doesn’t require specialist knowledge to deploy, the ransomware bosses can score big profits with a large number of infections.

    The remaining income goes directly to the script kiddies who get a taste of easy criminal profits. With access to hacking made easy tools like insider statistics and campaign settings, they can continue to conduct ransomware campaigns with little effort.

    Just $39.99 a Month for Our Hacking Made Easy Toolkit!

    It sounds like a cheesy infomercial, but hackers understand that hooking perspective evildoers is big business. A cryptoware program called Stampado, being sold on the darknet for $39 even had a YouTube video promoting the RaaS subscription.

    While less experienced online attackers might be drawn in by the “hacking made easy” value proposition. More sophisticated actors will go after stable, flexible, and refined vectors.

    In the wild we’ve seen this through the use of a Cerber variant, tied to a $2.5 million dollar a year RaaS ring. According to research reports, the RaaS ring included 161 active campaigns with eight new campaigns launched daily. In July 2016, it was estimated that criminals earned close to $200,000. Victims paid approximately 1 bitcoin ($590) to decrypt files locked by the Cerber ransomware.

    Protecting Against RaaS
    We urge victims against buckling to extortion if at all possible. Each time a ransom is paid, malicious actors gain resources to do more damage. While sometimes paying for decryption is unavoidable, we suggest taking these steps for the best possible outcomes.

  • Use a product that guarantees its protection technology. SentinelOne assures users that if we’re unable to block or remediate the effects of a ransomware attack, we’ll pay for it. We’ll reimburse your company or organisation up to $1,000 per endpoint, or $1,000,000 in protection overall for the company.
  • Go beyond signature-based endpoints with behavioural detection. Malware authors understand that endpoints identify malware based on structure. By using behavioural detection instead, it can watch the malware’s path and actions before taking steps to protect.
  • Backups are essential in neutralising the threat. Using 10-minute interval snapshots and sending the data to the cloud can provide insurance in the event of an attack.
  • Educate end users on Ransomware as a Service. In 2017, it’s likely that we will continue to suffer from ransomware attacks. The first line of defence is a knowledgeable workforce that understands the ramifications of opening a curious email or clicking a malicious ad. By giving them experience through simulated phishing attempts, you can gauge the preparedness of users to spot keepers of ransomware strains.

    • To learn more about the impacts of ransomware, visit our Global Ransomware Study 2016 infographic. Or for greater detail, view our research data summary.

    Please note the below has been produced by SentinelOne. To view the original article click here.

    Privacy Statement
    Marketing Preferences

      Preferred Contact Method
      EmailPhone

      I consent to Net-Ctrl collecting and storing my data from this form and contacting me as listed in this form.

      Wireless Site Survey

      Predictive, Pre-Deployment, Post Installation and Health Check Wireless Surveys carried out by certified wireless engineers.

      Wi-Fi Fact File - Wi-Fi 6, 6E and 7

      We look at Wi-Fi fundamentals, explore the benefits of and technology behind Wi-Fi 6, Wi-Fi 6E and what the future holds for Wi-Fi 7

      Cabling Installations

      Net-Ctrl provide network and structured cabling solutions as either a stand-alone installation, or to compliment products and solutions that we offer.

      Connect the Classroom

      Connect-the-Classroom scheme  is allowing schools to upgrade their infrastructure to a solution that should last 10 years

      IT Support Solutions

      Net-Ctrl provides two excellent support packages in addition to any equipment purchased. Find out about our Silver or Gold support package

      Mobotix Site Survey

      IP-CCTV site survey to assess camera locations and requirement and existing Mobotix solution health checks.

      Net-Ctrl Cloud WLAN

      Net-Ctrl offers our Cloud WLAN. Delivering market-leading patented technology managed by the Net-Ctrl engineering team.

      Cybersecurity Awareness Training
      We provide an automated Cybersecurity awareness training solution covering both simulated phishing and training courses.
      Wireless Network Solutions

      Net-Ctrl offers a range of wireless network solutions. We explore some common questions related to these solutions.

      Finance & Leasing Solutions

      Offering end-to-end, affordable and competitive financing solutions to help you achieve your business goals.