"I'm a small business. Why would a ransomware gang be out to get me?" This is a question we hear a lot working with local businesses. Everyone sees the big cyber crime headlines in the news, most recently with Uber, and last year quite visibly with the Colonial Pipeline, but what many people don't realize is that half of these kinds of threats hit small businesses - the events just don't make national news. Why are so many small businesses impacted when there are bigger targets out there? It's Ransomware as a Service. What's ransomware as a service? You’re likely familiar with software as a service (SaaS) but ransomware? What does that mean?
First, let’s do a quick review of what ransomware is. It's a type of malware that holds the victim’s files and folders for ransom. This sounds like something out of a Tom Cruise movie, but basically a giant warning shows up on your screen with a ticking clock that says pay the ransom, or you won't ever access your files again. Most typically, malware gets on your computer network through human error with someone inadvertently clicking on the wrong link or opening the wrong email attachment (like a fake resume). The malware is deployed and encrypts network data, with a safe return of your data being promised when the ransom is paid. And with payments usually made through cryptocurrency, these crimes are can be committed anonymously. Cybercrime is big business!
The "Ransomware as a Service" business model was developed for criminal purposes to make it even easier for criminals to conduct crimes. Ransomware requires little effort to deploy with potentially big payouts. Criminals with little or no technical know-how can now blast out millions of emails to potential victims. All they need is a few mouse clicks to make a lot of money.
Ransomware as a Service
While ransomware is easy to deploy, the software behind is more difficult to create. But gone are the days of a single hacker operating from a basement working through the night creating a specific way to hack your business directly. That's where ransomware as a service comes into the mix. Developers can create the malware once and sell it to as many cyber criminals as they want. Those crime organizations can then deploy it to a large number of users at once, typically indiscriminately.
There’s a lot of money to be made from this type of crime, with little effort. The Ransomware as a Service business model is structured like many legitimate businesses you’re familiar with. Criminals find Ransomware as a Service purchase options on the dark web, in monthly subscription, one time payment, or even profit sharing options that come from successful attacks. These organizations provide support help desks, and are run like a regular software company. Would be criminals, with little to no technical background can buy these kits, and then go into business. It doesn't cost anything to send out millions of emails, and if they get just a few clicks, then can make a lot of money. The important thing to note is that no needs to even be specifically targeting you - you might just be the unlucky person who clicks on a link.
Cybercrime is big business, and the criminals will always come up with new methods to make money. There's no such thing as 100% security online, and technology protection like firewalls, security patches, and endpoint protection can only take protection so far. It's estimated that around 90% of all threats enter an organization through email, so there are some simple and affordable things you can do to protect your organization. One of the most important things to do is to train your organization. You may tell your team to not click on a "suspicious" link, but what does that mean? Is your team aware of all the new tips and tricks that criminals use to get you to click on that link? The more you and your team know about the various tactics, the less like you'll be to fall for them. Clicking on a link in a simulated phishing test becomes a big wake up call. When is the last time you ran a simulated phishing test?
Contact us to set up a demo of our training platform or talk about any technology or cybersecurity questions you may have.