Microsoft sounds the alarm over dangerously simple ransomware kits
Ransomware-as-a-service is a growing problem
The rise of ransomware-as-a-service (RaaS) has lowered the barrier to entry substantially for new cybercriminal groups, Microsoft has warned.
In the second edition of its Cyber Signals report, Microsoft unpicks the dynamics of the RaaS market, which as well as easing the entry for new players serves to hide those responsible for initial access brokering, infrastructure and ransoming.
“Because RaaS actors sell their expertise to anyone willing to pay, budding cybercriminals without the technical prowess required to use backdoors or invent their own tools can simply access a victim by using ready-made penetration testing and system administrator applications to perform attacks,” the company explained.
Clarity and prioritization
The situation is only going to get worse, Microsoft said, citing data from the FBI, ENISA, and others. Apparently, the FBI’s 2021 Internet Crime Report found the total cost of cybercrime in the country exceeds $6.9 billion, while ENISA (European Union Agency for Cybersecurity) reported 10TB of data stolen by ransomware operators each month, between May 2021 and June 2022.
To tackle this growing problem, businesses need more clarity and improved prioritization, and need to get better at sharing valuable information with their peers, both in the private and public sectors. “Security is a team sport,” Microsoft wrote.
Businesses also need to set up “basic defenses”, such as multi-factor authentication (MFA), the company further states.
“While many organizations consider it too costly to implement enhanced security protocols, security hardening actually saves money. Not only will your systems become more secure, but your organization will spend less on security costs and less time responding to threats, leaving more time to focus on incoming incidents.”
For RaaS to be successful, there needs to be a ransomware developer and operator, affiliate partners to deploy it, and initial access brokers to provide the initial access via malware.