The recent rise in ransomware infections has been attributed to the proliferation of ransomware-as-a-service, with many malicious actors now getting in on the act and sending out spam email campaigns to unsuspecting users.
Ransomware-as-a-Service Proliferation is a Major Cause for Concern
The problem with ransomware-as-a-service is how easy it is for attackers with relatively little technical skill to pull off successful ransomware attacks. All that is needed is the ability to send spam emails and a small investment of capital to rent the ransomware. The malicious software is now being openly sold as a service on underground forums and offered to spammers under a standard affiliate model.
The malware author charges a nominal fee to rent out the ransomware, but takes a large payment on the back end. Providers of ransomware-as-a-service typically take a cut of 5%-25% of each ransom. Spammers get to keep the rest. Renters of the malicious software cannot access the source code, but they can set their own parameters such as the payment amount and timescale for paying up.
SMBs Increasingly Targeted by Attackers
While individuals were targeted heavily in the past and sent ransom demands of around $400 to $500 to unlock their family photographs and other important files, attackers and now extensively targeting businesses. Often the same model is used with a fee charged by the attackers per install.
When an organization has multiple devices infected with ransomware the cost of remediation is considerable. One only needs to look to Hollywood Presbyterian Medical Center to see how expensive these attacks can be. The medical center was forced to pay a ransom of $17,000 to unlock computers infected with ransomware, in addition to many man-hours resoling the infection once the encryption keys had been supplied. Not to mention the cost of reputation damage and clearing the backlog due to the shutting down of its computers for over a week.
Warning Issued About the Insider Ransomware Threat
As if the threat from ransomware was not enough, researchers believe the situation is about to get a whole lot worse. Ransomware-as-a-service could be used by a malicious insider to infect their own organization. With insider knowledge of the locations and types of data critical to the running of the business, an insider would be in the best position to infect computers.
Insiders may also be aware of the value of the data and the cost to the business of losing data access. Ransoms could then be set accordingly. With payments of tens of thousands of dollars possible, this may be enough to convince some employees to conduct insider attacks. Since finding hackers offering ransomware-as-a-service is not difficult, and network access has already been gained, insiders may be tempted to pull off attacks.
To counter the risk of insider ransomware attacks businesses should develop policies to make it crystal clear to employees that attackers will be punished to the full extent of the law. Software solutions should be put in place to continuously monitor for foreign programs installed on networks and network privileges should be restricted as far as is possible. Employees should have their network activities monitored and suspicious activity should be flagged and investigated. It is not possible to eliminate the risk of insider attacks, but it is possible to reduce risk to a minimal level.