The Ransomware-as-a-Service Pandemic

Ransomware has become a humongous issue currently, especially since the onset of the COVID-19 pandemic. Ransomware-as-a-Service (RaaS) groups are on the lookout for partners to split the profits generated from different cyberattacks in different sectors.

What’s going on?

As per a report by Intel 471, there are currently adverts for 25 RaaS offerings on underground forums. However, not every offering is similar. As per the research, these offerings can be broken down into three tiers, based on the features, sophistication, and recorded history.
  • Tier 1 comprises the most renowned ransomware operations, such as REvil, Maze, Ryuk, DopplePaymer, and Netwalker. These operations have been around for a long time and have continued to function despite public exposure.
  • Tier 2 consists of RaaS portals that have acquired some repute in the underground but are yet to reach the status of Tier 1. Threat actors such as Avaddon, Clop, Conti, Ragnar Locker, and Thanos form this tier.
  • Tier 3 includes newly launched RaaSportals that have no proven history or lack adequate information. The current list includes Nemty, Wally, Zeoticus, Xinof, ZagreuS, and others.

What does this imply?

Not every ransomware gang is renting out their products, however, the number of existing RaaS portals today has exceeded the numbers anticipated by experts. This exhibits the variety of options available to cybercriminals if they decide to get a taste of the ransomware game.

Noteworthy ransomware trends

  • Research has predicted that an enterprise is attacked by a threat actor every 11 seconds and by 2021, the damage cost incurred will reach around $20 billion.
  • The latest ransomware trend to have popped up this year is double extortion.
  • Threat actors have a myriad of attack vectors to choose from, including exploiting known vulnerabilities, abusing RDP-enabled machines open to the internet, botnet implants, and physical human access, among others.

The bottom line

An overwhelming number of threat actors are brutally attacking organizations and getting away with a large amount of money without facing any consequences. The healthcare sector, especially, faced massive threats this year and Ryuk accounted for most of those. Thus, it is imperative that enterprises recognizes these cyber threats and step up to the game with proactive measures.