What is Ransomware as a Service (RaaS)?
Ransomware as a Service (RaaS) refers to an increasingly common method of ransomware distribution and deployment. In a ransomware as a service scenario, one group creates the ransomware (usually with some specific customization), while other individuals or groups often referred to as affiliates choose a target or targets and distribute it.
The affiliate may either share in successful ransom payouts with the ransomware creator, or pay an upfront or subscription fee to license the ransomware. Well-known examples of RaaS include REvil and the now defunct (but very successful) DarkSide.
How to Recognize This Threat: The affiliate layer means that ransomware distribution no longer requires the expertise of ransomware programming, opening up more potential lines of attack. From a victimization perspective, ransomware as a service is no different than any other type of ransomware. A victim receives a message that files on a system or network are locked, and a ransom payment is required to decrypt them and restore access. In terms of spread, as with other ransomware, they may come through phishing emails with malicious links or infected attachments.
How to Prevent This Threat: Also like other ransomware, protecting against a RaaS attack is multi-faceted. Educate employees to avoid suspicious links and attachments. Maintain regular backups of your files so you can restore them if they’re encrypted. And employ a next generation firewall with real-time security services that feature sandboxing, machine learning, signature-less defenses, and more to detect and stop ransomware before it strikes.