Ransomware- What Is It?
Ransomware is a form of malware that can encrypt the data of a targeted computer or server. The encryption allows the attacker to make the data inaccessible by the owners or organisation. They may also export sensitive data to keep as “hostage”. The attacker will then demand a ransom, typically in the form of cryptocurrency. Till the ransom is paid, the organisation’s data will remain scrambled. Once the affected parties pay the amount they were asked to, the attacker will give them the decryption key, which of course, you can never be sure of.
How does ransomware work?
Like most cyberattacks, ransomware also starts with social engineering techniques. You may receive a phishing email that contains a malicious file or link to download it. Once you download the file or visit the website, the malware will take control of your systems. Ransomware can easily spread from one device to all the connected devices. So, if one employee at an organisation accidentally downloads it, your databases and servers can get affected. Then all the devices connected to these servers and databases can also be controlled by the attacker.
What is RaaS?
Ransomware as a Service, abbreviated as RaaS, is a business model employed by ransomware developers. The developers create the malware and sell it as a service on the dark web, much like how other Software as a Service (SaaS) products are sold. By signing up for this service, even those who don’t have technical knowledge can launch ransomware attacks. RaaS usually includes 24/7 support from the developers, forums, user reviews and even bundled offers and packages.
RaaS usually is available in four forms:
- Monthly subscription
- A lifetime license fee
- Affiliate programs
- Profit-sharing
- Locky
- Jokeroo
- Encryptor
- Shark
- Stampado
What makes RaaS so dangerous?
RaaS also has a highly competitive market, which means more advanced ransomware variants appear regularly on the dark web. So, what should you do to protect your organisation from a RaaS attack?
How can you protect your organisation from RaaS?
1. Install security updates regularly.
This is the primary defence against any cyberattack – ensure your systems are always updated to their latest versions. Installing security updates reduces the number of vulnerabilities in your systems and thus help in preventing ransomware attacks.
2. Divide your network into segments
- Isolating databases and applications that contain sensitive data
- Limiting access to databases
- Monitoring your IT architecture 24/7
3. Cybersecurity awareness training
4. Back up your data and systems
- Create three copies of data.
- Save backups to two different media.
- Have at least one copy of the backup offsite.
RaaS is the illegitimate alternate universe to the legitimate SaaS. The best way to mitigate risks is by creating, implementing and monitoring a solid cybersecurity strategy, that makes it difficult and costly for criminals to break into your systems. The Computing Australia Group team has the experience and expertise to make sure your organisation is safe and sound. Need assistance with your organisation’s cybersecurity? Contact us today!
Jargon Buster
Malware – Software specifically designed to damage computers, networks, and servers or steal data.
Cryptocurrency – It is a digital currency that can only be traded online.