Blog

The number of ransomware attacks is constantly rising. According to the research, the number of such attacks in 2021 has doubled. Eastern European countries are the most targeted region for such attacks. Their share is 55% of the total number of malware infections.

Ransomware is malware that encrypts victim’s files, databases, and programs for purpose of ransom. After infection the victim receives a message about the possibility of data decrypting by paying a ransom. Usually, the ransom is paid in cryptocurrency. Ransomware can also use the «triple ransomware» technique, that helps them to create a «digital hostage». That is, a cybercriminal receives victim’s data copies before the encryption process, that they later threaten to make public if the victim refuses the ransom.

Ransomware as a Service (RaaS) is a subscription-based model. This model allows affiliates to use ransomware tools to carry out an attack. From each successful attack and paid ransom, partners receive a percentage. RaaS (Ransomware-as-a-service) proved to be an effective way to increase profits,  helped transform digital ransomware into a successful and prosperous business.

RaaS is built on the principle of SaaS (software as a service) that makes it even easier to carry out an attack. Like SaaS, RaaS does not require special skills and experience from users. Even inexperienced hackers can carry out sophisticated cyberattacks. RaaS software has a high probability of successful penetration and a low probability of detection. The low technical entry barrier and huge earning potential make RaaS solutions popular that increases the number of victims.

RaaS solutions bring high dividends to partners. Users can register with a one-time payment, as well as with a monthly subscription. They are provided with documentation with step-by-step instructions for launching attacks. Some distributors provide a dashboard to track the status of each ransomware attack. Attracting partners takes place on the dark web.

Most hacks happen through phishing attacks (a method of stealing confidential information). An email is sent to the victim that contains a link. By clicking on this link, the victim unknowingly activates a malware downloading. Email looks very convincing, so more often the victim is led to a provocation.

Once downloaded, ransomware disables firewalls and antivirus programs, and may also initiate additional components downloading. Thus, the malware can spread freely and silently, and encrypt the victim’s files, making them inaccessible. With the end of the attack, the extortion begins. The victim receives a TXT file containing the ransom text in exchange for a decryption key. Cybercriminal can also threaten the victim to publish the data on the dark web if the payment is not made within the agreed timeframe.

Since the darknet is a criminal network, any information leak can provide free access to confidential data and customer data. Such consequences force a victim to obey cybercriminal demands. Payments are made through the darknet using a special payment gateway.

The best defense against ransomware attacks is a combination of staff training, security measures, and ongoing system monitoring for vulnerabilities.

Recommendations to protect ransomware:

• Control of all requests for connection to endpoints, installation of verification processes;
• Staff training on how to detect phishing attacks, social engineering training;
• Configuring DKIM and DMARC to prevent criminals from using the domain for phishing attacks;
• Vulnerabilities monitoring and elimination;
• Monitoring the security status of partners to prevent hacking by third parties;
• Regular backup;
• Use of anti-virus and anti-malware solutions.