Threat of Ransomware-as-a-Service Growing
One of the most prevalent forms of malware in today’s world of cybersecurity is known as ransomware. After loading this software on to a device, a hacker can lock important emails or other files and hold them hostage (often under the threat of releasing valuable to sensitive information) until the device’s owner pays a fee. In the past, this scam was a great way for hackers to make a quick buck, but it now seems as though the threat is evolving.
There has been an emergence of a marketplace for ransomware-as-a-service software (RaaS). Now, hackers are providing custom designed ransomware for anyone who has the connections to find them and the money to pay for it. These fees are generally transacted through BitCoin and “laundered” through several Internet marketplaces, making them very difficult to track. There are currently several of these RaaS repositories online, making it fairly easy for someone with malicious intentions to gain access to this malware as evidenced in the recent ransomware targeting of healthcare providers in the U.S.
For anyone with a vested interest in protecting their online information (which truly means anyone), this means that vigilance in cybersecurity is now more important than ever. In the past, many could consider themselves relatively safe from ransomware due to the simple fact that there were few with both the means and the motivation to pull off such a heist. Now however, those with the means are selling their services on the open marketplace on the Dark Web, and anyone with even a little knowledge of the Internet and a willingness to pay can find themselves in possession of this dangerous malware.
For those interested in more details about how ransomeware works, the security solutions team at Imperva has an interesting blog on the subject that is worth spending some time with. This includes the rather disturbing description of how the virulent RaaS Tox wreaks its havoc, and how unfortunately its TOR website is still up an running.
The truth of the matter is that the Internet is, unfortunately, inherently insecure. There will always be dangers lurking out there, and the spread of RaaS serves only to add another danger to this. The only solution for IT professionals is for cybersecurity teams to remain as vigilant as possible and always look to stay one step ahead.
Edited by Peter Bernstein