As recently the ransomware attacks are making more profits, attackers have become more powerful on the ransomware attacks using different Tactics and techniques to evade the latest security controls that have been implemented in the organization.

According to security experts the When DarkSide Ransomware disappeared from the disruption of the Colonial Pipeline, Cyber Criminals using the DarkSide ransomware as service tools have complained to the Criminal enterprise which even hackers have a legal jurisdiction system.

And today ransomware attacks are more complex to detect, attackers are more profit out of it with well-organized infrastructure. Here we will the 3 ways that Ransomware gangs have become a stronger and more organized threat to the world.

1. Ransomware as a Service (RaaS)

Ransomware as a service (RaaS) is a business model used by ransomware attackers to buy and use the ransomware variants in a similar way where legitimate software developers buy and use SaaS products. RaaS gives the ability to access the ransomware tool even to the people with minimum hacking knowledge and launch the ransomware attacks just by signing up the RaaS services.  

When ransomware was circulated in 1989, it wasn’t so popular as today, while in 2015, estimated ransomware damages to organizations were around $325 Million, In 2020 the damages as per the experts are hit to $20 Billion and today it increased up to $11.5 Billion from the previous year.

Few well know RaaS kits available include, Locky, Goliath, Shark, Stampado, Encryptor, and Jokeroo.  

Examples of RaaS:

  • DarkSide Ransomware
  • REvil Ransomware
  • Dharma Ransomware attacks.
  • LockBit Ransomware

How to Prevent RaaS attacks?

Recovering the ransomware encrypted data is difficult and most of the time it’s very cost-effective, as result to it’s always better to prevent rather recovering the data. We will see some of the steps to prevent the RaaS attacks,

  • Invest and implement reliable and latest endpoint protection security controls that can work on advanced detection techniques used by the attackers.
  • Always perform regular backups on the critical data, If the backup is performed on a daily, weekly basis, the ransomware attack would cost only one day or one week’s data.
  • And test backups regularly to ensure if they can be retrieved during such cyberattacks.
  • Good to the Vulnerability management team, to perform the scan on the critical devices and keep them updated on the regular basis to avoid hackers exploiting through vulnerable systems or endpoints.
  • Implementing in advance anti-phishing protection. And training the user on security awareness programs.

2. Triple Extortion techniques 

Today Ransomware attacks are based on triple extortion tactics, which are not only demanding ransoms from the organizations, also threatening the users, their customers, and other third parties.

What is Triple Extortion?

Usually, the ransomware attackers, use the Techniques of encryption of data and restricting access to the malware encrypted files in return with demanding the ransom to be paid in Bitcoins to get the decryption key for the data.  

But while in Triple extortion techniques the ransomware attackers are using more complicated techniques called Triple extortion which means that data is not encrypted and exfiltrated, but if the user or Organization doesn’t agree to pay the ransom to the hackers, they then launch DDoS attacks against your services to get back to Original negotiable table.  

In this case, the DDoS is associated with only one form of extortion called RDoS (Ransom Denial of Service). RDoS is an attack-type where the attackers launch the DDoS attacks on the victim’s network and demand the ransom payment in Bitcoins to stop further attacks.  

Triple Extortion example, where the threat actors targeted the Vastaamo clinic which contained around 40000 patient’s details due to ransomware attacks and demanded a huge ransom from the clinic. Due to the breach and huge financial damage, Clinic Vastammo was forced to declare bankrupt and finally shut down its services.   

3. Targeting Vital Infrastructure for attacks

Earlier, the ransomware attacks targets were Individual businesses, government agencies were commonly targeted by attackers and demanded ransom payments from hundreds to a few million. And today ransomware attacks have increased and made huge profits from data breaches.

As per security experts, the cybercriminals in the time of Pandemic COVID-19 targeted hospitals, healthcare providers, vaccine research centers, and remote workers. And as a result of economic damages made was around $21 billion during the downtime of the healthcare industry in 2020 which nearly double the figure compared to 2019 attack damages estimations.

Due to ransomware attacks, most of the companies, organizations, and some government agencies are willing to pay the ransom the attackers are demanding, or else it would be a loss to the business having critical medical, Industrial, and commercial networks. Recently, the Colonial Pipeline attack group have received a ransom of close to $ 5 million within the hours of the attack.

Conclusion: 

As ransomware attacks are increasingly improved to evade and avoid the security controls to detect them. And we can expect more such attacks in feature which includes more advanced extortion techniques, data exfiltration, etc., also, the RaaS has given the ability to hackers who has limited knowledge of technology to access them use against the victims and targets. So it important for security defenders to improve the security gaps and organizations are more responsible to develop and protect from upcoming cyberattacks.

By Michael

Writer of Infohaunt is an Cyber Security Professional have experience in SOC operations, Threat Management, Incident Response, Threat Hunting, Digital Forensics.