Estimated reading time: 2 minutes, 57 seconds

A Misuse of Cloud Resources: The Threat of Ransomware as a Service Featured

A Misuse of Cloud Resources: The Threat of Ransomware as a Service "Slack H4X0R"

One of the overarching benefits of cloud computing is its leveling of the playing field regarding the use of technology. Organizations of any size have access to the same cutting-edge technology offered by cloud service providers (CSPs). Perhaps the easiest way for a company to take advantage of the cloud is through a software-as-a-service (SaaS) solution. Companies or individuals can add extensive computing functionality to their environment virtually instantly. 

Unfortunately, malicious minds typically find a way to divert otherwise good ideas for malevolent purposes. A recent example of this defect in human nature can be seen in the introduction of ransomware-as-a-service (RaaS). As if cybersecurity teams needed additional work, RaaS democratizes the ability to launch damaging ransomware attacks. RaaS makes it possible for virtually anyone to initiate a ransomware attack. 

What is Ransomware-as-a-Service? 

RaaS is a business model in which operators offer affiliates paid access to ransomware resources with the ability to launch attacks. It’s a variation on the standard SaaS delivery model that eliminates the need for criminals to have the necessary skills or time to develop ransomware themselves. RaaS operators offer their services on the dark web and advertise them in the same way legitimate software companies do on the Internet.  

How Does RaaS Work? 

An RaaS operator typically recruits affiliates on dark web forums. The affiliate agrees to the terms which usually include agreeing to use one of these four revenue models: 

  • A flat fee for a monthly subscription;
  • Affiliate programs in which the developer gets a percentage of the profits in addition to the subscription fee;
  • A one-time license with no profit sharing;
  • Straight profit sharing with no upfront fees. 

After payment arrangements are made, the operator provides the affiliate with access to the ransomware. The affiliate selects a target, sets ransom demands, and creates a ransom note. They then compromise the victim’s assets and execute the ransomware. The operator furnishes a payment portal and may help the affiliate with victim negotiations. The affiliate controls the decryption keys while an operator may provide a website that can be used to leak sensitive data to encourage the victims to pay. 

The Evolution of RaaS 

The RaaS model began to gain popularity in 2019. Since that time, ransomware variants previously used exclusively by their developers have been identified in RaaS attacks. The list of RaaS providers includes: 

  • Darkside - This group is reputedly responsible for the May 2021 attack on Colonial Pipeline. The attack affected consumers and airlines in the eastern U.S. for several days. Colonial paid the hackers for the decryption keys necessary to restart their systems. 
  • DoppelPaymer - Attacks using this RaaS include one in Germany in 2020 that may have contributed to the death of a patient. 
  • LockBit - The gang behind LockBit runs an efficient and businesslike organization that has resulted in the widespread use of this ransomware by affiliate groups. 

Defending Against Ransomware 

Defending against any type of ransomware attack involves the coordination of multiple secure initiatives that include: 

  • Implementing reliable backup and recovery procedures;
  • Installing security patches promptly;
  • Employing multi-factor authentication;
  • Anti-phishing software and user education to avoid compromised credentials;
  • Extended detection and response solutions to identify sophisticated risks. 

As much as we like to highlight the positive characteristics of cloud computing, the unfortunate reality is that the same resources that can be used to add functionality to your business can also be used for nefarious purposes such as promoting ransomware as a service. 

Read 239 times
Rate this item
(0 votes)
 Robert Agar

I am a freelance writer who graduated from Pace University in New York with a Computer Science degree in 1992. Over the course of a long IT career I have worked for a number of large service providers in a variety of roles revolving around data storage and protection. I currently reside in northeastern Pennsylvania where I write from my home office.

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.