Why You Should Beware of Ransomware-as-a-Service? by Justin Stoltzfus and Sarita Harbour

 

Have you heard about ransomware? When you fall victim to this kind of cyber attack, there aren’t any notes made of cut-out magazine letters, duffel bags full of cash or any of those quaint things we typically associate with a traditional ransom situation. Instead, your computer could crash and your files could be lost forever – or even put into the hands of criminals.

Ransomware Basics

Ransomware is a type of malware, malicious software that targets and encrypts files on a computer system so they become unusable. According to a recent Forbes article, ransomware often removes or “exports” your files, holding them “hostage” until you pay a ransom to decrypt and return the files.

The idea is that a hacker gets access to files full of data. Then they reach in and encrypt the files so that only the hacker holds the key. No one sees the data until a “decryption key” gets activated.

This can severely damage a business or organization, such as a medical practice or law office, or any business with critical real-time operations. And it can also have a negative impact on individual users as well, when everything from treasured pictures of grandchildren to pension statements or bank statements disappear from devices.

The news is full of stories about ransomware attacks on businesses and organizations. Certain industries, such as healthcare, education, government and finance are particularly at risk.

For example, the HIPAA Journal reported 9.7 million medical records were stolen in September 2020. On top of this, American Banker reported a security banking firm saw a 520% increase in phishing and ransomware attacks between March and June of 2020.

However, ransomware attacks can also hit your home computer or smartphone and as more workers switched to remote work during 2020, ransomware attacks continued to increase, up 93% in 2021 Q1.

What Is Ransomware-as-a-Service?

Over the years, individual hackers and criminal outfits have found a variety of tricky ways to steal files and hold them for ransom. But now, part of why ransomware is so scary involves a new “product” called Ransomware as a Service (RaaS).

What is RaaS? This idea relies on the basic concept of offering software over the Internet.

You may have heard of “cloud services” – vendors that store data remotely, and move it to and from client systems through the web. Web-delivered software allows individuals and businesses to access all sorts of digital help right through the Internet without installing software from CDs. This software can help them with:

• Financial transaction handling
• Analytics
• Backing up large amounts of data

At the same time, hackers have also been able to use software-as-a-service models to create and deliver ransomware to cybercriminals. So essentially, with RaaS, cyber-attackers are selling each other the software to perform ransomware attacks.

Why Hackers Like Ransomware-as-a-Service

Hackers like ransomware-as-a-service because it’s efficient. Instead of learning how to create and insert ransomware, they can simply purchase a “done-for-you” ransomware product from another cybercriminal who specializes in it. As with legitimate businesses, outsourcing to an “as a service” cloud-based provider saves time and money.

What Ransomware Does

Once it’s on your smartphone, laptop or desktop computer, ransomware effectively “locks” your devices. Your files, photos, and information become inaccessible. Instead, you’ll receive a notification that you’ll get access to a decryption key along with access to your files once a specified “ransom” payment is received by the hackers.

Ransomware cybercriminals may also threaten to make your files and data public or to sell the information to “the dark web” if you don’t pay the ransom. The dark web is where your personal information like your name, address or social security number could be used by cybercriminals to perpetrate crimes like identity theft. This can help them obtain:

• Credit in your name
• False passport
• Drivers’ licenses

How to Spot Ransomware

There are some ways to know if your devices get targeted by a ransomware program. In fact, if you notify your local authorities immediately, you could possibly stop the attack.

Some of the early signs of ransomeware on your device may include:

• An increasing number of popup ads.
• Your browser being redirected multiple times.
• Unusual security warnings in messages or popups.
• Your system slows down.

If the attack is successful, of course, you’ll probably get some kind of ransom note – likely in the form of an email, or some kind of “red alert” screen banner ad, according to this recent AARP article.

So, if the hackers don’t want cash in a briefcase, what are they asking for? Ransomware operators often ask for a type of digital currency called Bitcoin, because it’s difficult to trace. How do you get Bitcoin? Hopefully, you never have to find out.

As for who to call for help in a ransomware emergency, you have a couple of options.

First, notify your local law enforcement. Their cybercrime experts may have experience with the ransomware operators who have targeted you.

Next, talk to your internet service provider. If you have a cloud backup data service, ask for their assistance. A cloud backup can often easily replace your files after a hacker encrypts the hard copies on your drive.

Another option is to visit the No More Ransom site. This site contains information and decryption keys for known ransomware. If your devices get targeted by well-known ransomware, such as one spread via ransomware-as-a-service, you could install the decryption key and retrieve your data.

How to Safeguard Your Computer and Smartphone Against Ransomware

To a large extent, protecting yourself is all about knowing the risks and what’s out there in terms of malware and cyber attacks. Some of the best advice for defending against ransomware is the same kind of advice you always hear about being safe online:

1. Try to avoid accessing public Wi-Fi for anything other than general searches.
2. Use two-factor authentication whenever possible. This often involves receiving a “token” or special number via a different device. Enter the number before accessing your account. For example, if you’re trying to access your bank account on your laptop, you may receive a verification code or token via your smartphone.
3. Learn how to recognize phishing scams. Don’t click on strange links, direct messages on social media or emails from friends that look suspicious.
4. Stay away from websites that generate warnings on your browser screen, such as sites that have outdated SSL security certificates. Read up on how to cyber proof your smartphone as well as your home computer.
5. Install security updates on your laptop, desktop and smartphones when they come out.

Other tips revolve specifically around ransomware, including:

1. Talking to your internet service provider about a backup service to protect yourself. Having a separate backup takes the teeth out of what ransomware hackers can do to your system. If you already have the valuable data backed up, you’ll be less panicked if someone gets their hands on what’s on your hard drive.
2. Never using passwords that include names, birthdays or addresses. Don’t reuse passwords. Instead, use a service such as LastPass, Avira Password Manager or Dashlane. They generate and store random passwords for all your digital accounts.
3. Avoiding casual friending on social media. When hackers can get a better look at your profile and personal information they’re more able to trick you with a false profile.

Hopefully, by knowing how ransomware works and thinking about protection, you’ll be able to stay out of the way of this kind of dangerous cyber attack. Loss of personal data can lead to all sorts of other bad situations – including identity theft. Staying aware and protected can help.  

-The Hartford Customer Care Center