Get An Auto Insurance Quote

Find out if you're eligible to save hundreds on your car insurance.


Why You Should Beware of Ransomware-as-a-Service?

Justin Stoltzfus and Sarita Harbour

Have you heard about ransomware? When you fall victim to this kind of cyber attack, there aren’t any notes made of cut-out magazine letters, duffel bags full of cash or any of those quaint things we typically associate with a traditional ransom situation. Instead, your computer could crash and your files could be lost forever – or even put into the hands of criminals.

Ransomware Basics

Ransomware is a type of malware, malicious software that targets and encrypts files on a computer system so they become unusable. According to a recent Forbes article, ransomware often removes or “exports” your files, holding them “hostage” until you pay a ransom to decrypt and return the files.

The idea is that a hacker gets access to files full of data. Then they reach in and encrypt the files so that only the hacker holds the key. No one sees the data until a “decryption key” gets activated.

This can severely damage a business or organization, such as a medical practice or law office, or any business with critical real-time operations. And it can also have a negative impact on individual users as well, when everything from treasured pictures of grandchildren to pension statements or bank statements disappear from devices.

The news is full of stories about ransomware attacks on businesses and organizations. Certain industries, such as healthcare, education, government and finance are particularly at risk.

For example, the HIPAA Journal reported 9.7 million medical records were stolen in September 2020. On top of this, American Banker reported a security banking firm saw a 520% increase in phishing and ransomware attacks between March and June of 2020.

However, ransomware attacks can also hit your home computer or smartphone and as more workers switched to remote work during 2020, ransomware attacks continued to increase, up 93% in 2021 Q1.

Ransomware Attack

What Is Ransomware-as-a-Service?

Over the years, individual hackers and criminal outfits have found a variety of tricky ways to steal files and hold them for ransom. But now, part of why ransomware is so scary involves a new “product” called Ransomware as a Service (RaaS).

What is RaaS? This idea relies on the basic concept of offering software over the Internet.

You may have heard of “cloud services” – vendors that store data remotely, and move it to and from client systems through the web. Web-delivered software allows individuals and businesses to access all sorts of digital help right through the Internet without installing software from CDs. This software can help them with:

  • Financial transaction handling
  • Analytics
  • Backing up large amounts of data

At the same time, hackers have also been able to use software-as-a-service models to create and deliver ransomware to cybercriminals. So essentially, with RaaS, cyber-attackers are selling each other the software to perform ransomware attacks.

Why Hackers Like Ransomware-as-a-Service

Hackers like ransomware-as-a-service because it’s efficient. Instead of learning how to create and insert ransomware, they can simply purchase a “done-for-you” ransomware product from another cybercriminal who specializes in it. As with legitimate businesses, outsourcing to an “as a service” cloud-based provider saves time and money.

What Ransomware Does

Once it’s on your smartphone, laptop or desktop computer, ransomware effectively “locks” your devices. Your files, photos, and information become inaccessible. Instead, you’ll receive a notification that you’ll get access to a decryption key along with access to your files once a specified “ransom” payment is received by the hackers.

Ransomware cybercriminals may also threaten to make your files and data public or to sell the information to “the dark web” if you don’t pay the ransom. The dark web is where your personal information like your name, address or social security number could be used by cybercriminals to perpetrate crimes like identity theft. This can help them obtain:

  • Credit in your name
  • False passport
  • Drivers’ licenses
Ransomware as a Service

How to Spot Ransomware

There are some ways to know if your devices get targeted by a ransomware program. In fact, if you notify your local authorities immediately, you could possibly stop the attack.

Some of the early signs of ransomeware on your device may include:

  • An increasing number of popup ads.
  • Your browser being redirected multiple times.
  • Unusual security warnings in messages or popups.
  • Your system slows down.

If the attack is successful, of course, you’ll probably get some kind of ransom note – likely in the form of an email, or some kind of “red alert” screen banner ad, according to this recent AARP article.

So, if the hackers don’t want cash in a briefcase, what are they asking for? Ransomware operators often ask for a type of digital currency called Bitcoin, because it’s difficult to trace. How do you get Bitcoin? Hopefully, you never have to find out.

As for who to call for help in a ransomware emergency, you have a couple of options.

First, notify your local law enforcement. Their cybercrime experts may have experience with the ransomware operators who have targeted you.

Next, talk to your internet service provider. If you have a cloud backup data service, ask for their assistance. A cloud backup can often easily replace your files after a hacker encrypts the hard copies on your drive.

Another option is to visit the No More Ransom site. This site contains information and decryption keys for known ransomware. If your devices get targeted by well-known ransomware, such as one spread via ransomware-as-a-service, you could install the decryption key and retrieve your data.

How to Safeguard Your Computer and Smartphone Against Ransomware

To a large extent, protecting yourself is all about knowing the risks and what’s out there in terms of malware and cyber attacks. Some of the best advice for defending against ransomware is the same kind of advice you always hear about being safe online:

  1. Try to avoid accessing public Wi-Fi for anything other than general searches.
  2. Use two-factor authentication whenever possible. This often involves receiving a “token” or special number via a different device. Enter the number before accessing your account. For example, if you’re trying to access your bank account on your laptop, you may receive a verification code or token via your smartphone.
  3. Learn how to recognize phishing scams. Don’t click on strange links, direct messages on social media or emails from friends that look suspicious.
  4. Stay away from websites that generate warnings on your browser screen, such as sites that have outdated SSL security certificates. Read up on how to cyber proof your smartphone as well as your home computer.
  5. Install security updates on your laptop, desktop and smartphones when they come out.

Other tips revolve specifically around ransomware, including:

  1. Talking to your internet service provider about a backup service to protect yourself. Having a separate backup takes the teeth out of what ransomware hackers can do to your system. If you already have the valuable data backed up, you’ll be less panicked if someone gets their hands on what’s on your hard drive.
  2. Never using passwords that include names, birthdays or addresses. Don’t reuse passwords. Instead, use a service such as LastPassAvira Password Manager or Dashlane. They generate and store random passwords for all your digital accounts.
  3. Avoiding casual friending on social media. When hackers can get a better look at your profile and personal information they’re more able to trick you with a false profile.

Hopefully, by knowing how ransomware works and thinking about protection, you’ll be able to stay out of the way of this kind of dangerous cyber attack. Loss of personal data can lead to all sorts of other bad situations – including identity theft. Staying aware and protected can help.

We Want to Hear From You

Let us know in the comments if you have been the victim of any scams or fraudulent activity. Maybe if you share your story, you can help someone else stay safe from these predators.

10 Responses to "Why You Should Beware of Ransomware-as-a-Service?"
    • Thom Anderson | November 22, 2021 at 11:26 pm

      B of A has allowed charges [since reversed] against an expired credit card and for an Amazon purchase. Amazon & FTC do not respond to complaints and I don’t know how to protect against such violations. Does your service address such problems?

    • Linda Weaver | November 22, 2021 at 1:55 pm

      Thank you for the notice about Ransome Ware. Good advice!

    • David Netz | November 21, 2021 at 9:51 am

      A few years back I was doped into a scam. My PC all of nowhere had a siren go off and saying they were from microsft, that my pc was infected and will make thousands of other home pcs get it too. told me to call right away so they could fix my pc & all others. So i bite and called they talk me into it. Ended up paying over a grand,plus gave them access freely to my pc to fix the scam that they said I was infected with. After paying thy printed out a bougus recepit. Never heard from them again,but others were contacting me through e-mails & phone. Thought I would share.

    • Peter | November 21, 2021 at 2:48 am

      I was just hacked thru my iPhone by people pretending to be PayPal,
      Stop using that method of payment.

      • Paul Olson | November 22, 2021 at 3:12 pm

        That can happen with ANY form of internet/cell phone pay app, Venmo, Apple Pay, etc. You have to beware of any message that is sent to you and never click on a link within that message. Any company’s online website can be hacked this way. Use 2-step verification and that will greatly reduce phishing attempts.

    • Jane C. Davis | November 20, 2021 at 8:48 pm

      On November 17, 2021, I got a call that I won eighteen million dollars from Publishers Cleaning House. I had been their customer for several years, so I returned the call. The man said his name was Peter Washington. He re-affirmed that this was true plus I had won the new Mercedes SUV. He told me to download the notice and picture of the car. I did that, but when I did, I saw there was a notice that I had to pay shipping fees of $5,400.00. By then, I realized the was a fraudulent scam, so I hung up. I later told my daughter and she said they could hack my files. As a book writer with two published titles, I became worried. I called the BBB and reported the call. The office was closed, however, there was someone to take my call, but they could not trace the phone number the scammer gave me. I will now contact McAfee to report this and see if they can help.

    • ROMUALDAS SIMONAITIS | November 20, 2021 at 2:56 pm

      good article

    • Arche | November 20, 2021 at 1:03 pm

      I was setting up a new computer with favorite programs. I downloaded one from what I thought was a reliable site. Since there was nothing of any value they seem to have released my computer but i did call them and related the situation. I reset the Win 10 system and only lost a few items per advisement from MS.
      This occurred over 2 years ago. Only load programs from trusted sites.

    • Harold Russell Donovan | November 20, 2021 at 10:58 am

      You forgot to mention the most important preventive measure to mitigate damage from ransome-ware: backup your data files at least daily, and be fanatical about following your backup routine. I do three different backup procedures daily, one of them to the cloud. Two of my routines are set for continuous file backups; one backs up to a separate machine on my home PC LAN. As a retired IT Director, I am the primary tech support resource for many of my friends and family. I only wish I could convince all of them of the need to implement a daily backup routine BEFORE disaster strikes and they then seek my help!

    • Theng my | November 18, 2021 at 12:01 pm

      It is the best advise to protect my devises

Leave a Reply

Disclaimer: Comments are subject to moderation and removal without cause or justification and may take up to 24 hours to be seen in comments. Your email address will not be published. Required fields are marked * Please do not include personal policy information; if you have questions or concerns regarding your policy with The Hartford, please log into your account or you can speak directly to a Customer Service Representative.