What’s the latest ‘as a Service’ trend for SMBs?
You can get anything ‘as a Service’ these days. Managed IT, cloud backup, infrastructure and even project managers. These subscription services are characterised by their flexibility to scale up and down, turn on or turn off as necessary. But what’s the latest trend in ‘as a Service’? It probably isn’t what you’d expect – and you definitely won’t want to be investing in it.
What on earth is it?
It’s Ransomware as a Service.
More commonly known as RaaS, it’s the cyber equivalent of ready-built furniture versus flat-pack. Instead of having to create a ransomware yourself – which involves a degree of programming knowledge – you can simply buy it, readymade and ready to inflict widespread panic on SMBs, enterprises and individuals across the globe.
This is a step-change in cybercriminal activity because until recently, ransomwares such as Cryptolocker have been the exclusive domain of well-organised criminal networks and individual skilled hackers. With the rise in RaaS, ransomware can now be purchased by anyone lacking a moral compass who has access to the Dark Web.
RaaS is a cheap product to download and an easy service to distribute. You don’t need any expensive infrastructure to launch an attack from either – a laptop and WiFi connection is all you need.
If you thought this might make it easy to catch these cyber criminals, you’d be sadly mistaken. Unlike credit card fraud or social engineering where there could be a paper, digital or CCTV trail, RaaS leaves no mark. TOR networks – IP address anonymisers – are commonly used to launch cyber attacks, and Bitcoin, the currency used for ransoms to be paid by the victim, are equally anonymous. Your attacker could be a serious organised criminal network, a bored and curious teen in his or her bedroom, or anyone in between. With RaaS, they now all have access to the same exploit kits.
The most commonly hit sectors are Mechanical and Industrial Engineering (15% were hit in 2016), Pharmaceuticals and Finance Services (13%) and Real Estate (12%) but it seems no industry is safe from Ransomware. Cyber attackers don’t window shop in a typical criminal fashion – their lens is a cocktail of port scans and security loopholes for the advanced, and a straightforward scattergun approach for the new breed of RaaS operators. This means anyone with an email address could well be a target, and because most ransomwares are so sneaky, you can be working away on an infected computer for days, weeks or even months before realising. Having said that, most RaaS attackers just want to be paid as quickly as possible, so are more likely to infect your computer and let you know straight away so they can collect the ransom.
RaaS seems scary – and definitely not a service you’ll be adding into your MSP bundle anytime soon. You can guard against a ransomware attack by following some basic Cyber Security measures and making sure you have a good quality backup in place. This, coupled with a disaster recovery strategy (yes, you do actually need one – backup services only STORE your data, they don’t recover it for you) will mean you can get your data back quickly if you are hit by a genuine attack, without having to pay the ransom.
Your best defence against RaaS? The people in your business – and a strong dose of common sense won’t do you any harm either.
You can request copies of our FREE Cyber Security posters for your workplace – just like and share this post to receive yours.