Ransomware as a Service (RaaS), the new virus of 2021?

Ransomware as a Service

The beginning of 2021 will be marked not by a wave, but by a large number of cyberattacks that will hit many organizations in France. For the past few years, the ANSSI (French National Cybersecurity Agency) has been warning companies and institutions about the resurgence of cyber viruses. In the CERT-FR Threats and Incidents report, it states a dramatic 255% increase in reports of ransomware attacks in 2020 and highlights Ransomware as a Service, RaaS, an emerging trend in the cybercrime market.

What is Ransomware as a Service?

Ransomware as a Service is one of the business models invented by cybercriminal groups that consists of offering access to ransomware as a subscription or partnership. “Affiliates”, the name given to cybercriminals who subscribe to it, use this service to:

  • Conduct massive infection campaigns, characterized by untargeted, unsophisticated, low-cost attacks.
  • Carry out massive automatic campaigns
  • Carry out highly targeted stealth attacks against a previously identified target, chosen for the criticality of its data and/or its business continuity, and which would be more likely to pay large ransoms.

Some names of RaaS: REvil, Ryuk, Maze, DoppelPaymer, Netwalker, Mespinoza or Egregor.

Ransomware as a Service: A sectoral victimology?

No sector of activity and no geographical area is immune to these crypto-viruses. Nevertheless, local and regional authorities, education, hospitals and other health institutions, and digital service companies (DSCs) are recurrently the target of computer attacks.

Several strategic reasons can explain this targeting:

  • The information system of these organizations may be poorly secured and a source of critical vulnerabilities
  • The sensitive data stored on the databases
  • The pressure of business continuity and the quasi-impossibility of interrupting operations for a long period of time
  • For DSCs, the ransomware can, by extension, spread and infect the information systems of its customers or partners if the DSC has not partitioned its IS architecture.

Sometimes irreversible damage?

In addition to financial losses, whether related to the payment of the ransom requested by the cybercriminal or to the restoration of the company’s information system, ransomware cyberattacks damage organizations in many ways: loss of operations, delayed or cancelled project deliveries, vital risks for patients, degraded brand image, loss of customers/partners, data leaks or losses. When an organization, regardless of its size and the type of cyber-attack, is critically incapacitated, the intense dose of stress faced by executives, the IT team, and the rest of the company can leave irreversible damage: stress, anxiety, fear, shame, and isolation.

How to anticipate attacks and react in case of an incident?

No targeted computer attack can be completely avoided; this is all about limiting the risk of occurrence and the propagation of the attack. The following measures, based on the ANSSI’s IT Hygiene Guide, will help prevent a ransomware attack from reaching the organization or will reduce the damage caused by such an attack:

  • Back up your data
  • Update software and operating systems
  • Use and regularly update antivirus software
  • Partition the architecture of your IS
  • Define an identity and authorization management policy
  • Control Internet access