Ransomware as a service?

Malware evolves in several waysbut mainly through three main aspects: profit, protection and culture.

The first is perhaps the most obvious reason for their increased sophistication; hackers want to maximize the financial benefit of their operations, as any company would.

Cybersecurity is a massive industry that manages very high budgets to keep businesses safe from attackers around the world. Some common protections include antivirus software, endpoint protection, intrusion detection software, complete incident response teams, vulnerability management teams, and more. This is a lot to defend, but it also means that attackers have a lot to avoid, so new malware must evolve to get around these barriers.

Thirdly, culture has a big impact on the way malware evolves. The media play a large role in inventing new terms for types of attacks. By using scary terms like "ransomware" and "scareware", they increase the hype and bring greater visibility to new types of attacks.

While this means that the population is more aware and prepared for an attack, it also attracts attackers to think in more favourable ways, much like a company reacts to market changes by altering products or increasing its range of services.

Ransomware", as the name suggests, is malicious software that blocks access to machines, systems or devices until a certain amount of money is paid. Its profitability has made it popular and effective over the last half decade, but this has not always been the case. In fact, this type of malware has evolved from older ones known as "scareware," a method still used today that consists of malicious software designed to scare someone into giving away money.

Like any other company, criminal or not, rescue software has become a packaged product with a price tag.

RaaS (Ransomware as a Service ) type businesses sell or rent compact, easily deployable and scalable malware kits to individuals or groups who want to organize cyber attacks. These RaaS kits are often promoted and sold on the Deep Web using the same marketing and sales tactics used by legitimate businesses.  

In January of this year, IT security organizations reported that ransomwares were among the top threats to be addressed during the year 2020, in anticipation of the trend in the last quarter of 2019. So far, those predictions are proving to be accurate.    

Trends show that attackers have moved from attacks on mass consumers to highly targeted campaigns against companies and government organizations.

lax security policies, lack of disaster recovery plans, lack of encryption of sensitive data, lack of investment in prevention and detection - these are just some of the things that make organizations easy targets for Malicious Cyber Actors (MCAs). And now, as organizations around the world become more remote due to the Coronavirus pandemic, the field of opportunity for MCAs to carry out attacks is wide open.

Your entire company should understand the common ways these attacks begin, as they will be directed at everyone. Keep your staff updated with knowledge of the latest threats and what to do when they occur.