Ransomware-as-a-Service: Amping Up the Threat

Justin Stoltzfus

Have you heard about ransomware? When you fall victim to this kind of cyber attack, there aren’t any notes made of cut-out magazine letters, or duffel bags full of cash, or any of those quaint things we typically associate with a traditional ransom situation – but your computer could crash, and your files could be lost forever – or even put into the hands of criminals!

Ransomware is a word for a new form of hacking that targets files on a user system. It can hit a business – or it can hit your home computer. Security experts are aware of high-profile corporate cases – but they also know that many homeowners have had their personal files snatched from their home computers and held for virtual ransom. Since 2016, the FBI has been reporting that incidents of ransomware are on the rise in the U.S., and lots of IT professionals are talking about how specific attacks are showing how vulnerable most of us are to this form of hacking.

The idea is that a hacker gets access to files full of data. Then he or she reaches in and encrypts them, so that only the hacker holds the key. You can imagine how devastating this can be for a medical or law enforcement office, or any business with critical real-time operations. But it can feel pretty bad for an individual user, too! All of your pictures, and text files, and music can be gone in the blink of an eye.

How to Spot Ransomware

There are some ways to know if you are being targeted by a ransomware program – in fact, you may be able to stop the attack in its tracks if you can detect it fast enough. An article from HowtoRemove.Guide reveals that early warning signs include your computer slowing down a lot. Because encryption is a resource-hungry process, the CPU will be under pressure as the attacker tries to do it. You may also see some of your antivirus security disabled, another common warning sign.

If the attack is successful, of course, you’ll probably get some kind of ransom note – except it’s likely to be an email, or some kind of “red alert” screen banner ad, as in this instance chronicled on NPR.

So if the hackers don’t want cash in a briefcase, what are they asking for? Ransomware operators often ask for a type of digital currency called Bitcoin, because it’s difficult to trace. How do you get Bitcoin? Hopefully, you never have to find out.

As for who to call for help in a ransomware emergency, you can take your computer to a trusted local “malware fix-it” shop – to try to find out specifically what kind of ransomware has been installed, and whether there’s any way to foil the hacker’s nefarious plot, short of handing over the ransom. However, if you are fortunate enough to have a backup data service contract, these are the people to call. A cloud backup can often easily replace your files after a hacker encrypts the hard copies on your drive. In some cases, it can also help to notify law enforcement, especially if you are able to find out key pieces of information about the hackers, for example, through identifying their IP address.

What Is Ransomware-as-a-Service?

Over the years, individual hackers and criminal outfits have found a variety of tricky ways to steal files and hold them for ransom. But now, part of why ransomware is so scary involves a new “product” called Ransomware as a Service (RaaS).

What is RaaS? This idea relies on the basic concept of offering software over the Internet. You may have heard of “cloud services” – vendors that store data remotely, and move it to and from client systems through the web. Web-delivered software has done great things for the business world. It allows individuals and businesses to access all sorts of digital help, from financial transaction handling to analytics, right through the Internet, without installing software from CDs that they buy in shrink-wrap on a store shelf. Cloud has even made possible some of the backup services that can foil ransomware attempts.

At the same time, hackers have also been able to use Software-as-a-Service models. So essentially, with RaaS, unscrupled cyber-attackers are selling each other the software to perform ransomware attacks.

It’s easy to see how the service model raises your risks of getting hit by a ransomware attack. Now, hackers who don’t have the ability to build ransomware on their own can just outsource that job to someone else!

Tips on Network Protection

To a large extent, protecting yourself is all about knowing the risks and what’s out there in terms of malware and cyber attacks. Some of the best advice for defending against ransomware is the same kind of advice you always hear about being safe online: don’t click on strange links, or emails from friends that don’t look legitimate. Stay away from web sites that generate warnings in your browser screen, such as sites that have outdated SSL security certificates.

Other tips revolve specifically around ransomware. The backup service is the best way to protect yourself. Having a separate backup takes the teeth out of what ransomware hackers can do to your system. If you already have the valuable data backed up, you’ll be less panicked if someone gets their hands on what’s on your hard drive.

One other key security tip involves tightening your network controls – for instance, using available password protection on a home network helps. So does avoiding casual friending on social media, where hackers can get a better look at your profile and personal information if they’re able to trick you with a false profile.

Hopefully, by knowing how ransomware works and thinking about protection, you’ll be able to stay out of the way of this kind of dangerous cyber attack. Loss of personal data can lead to all sorts of other bad situations – including identity theft. Staying aware, and protected, can help.

Related: Stay Safe When Surfing the Web

Leave a Reply

Comments are subject to moderation and removal without cause or justification and may take up to 24 hours to be seen in comments. At Extra Mile we do not have access to personal policy information, please do not include personal identification information. If you have questions or concerns regarding your policy, please log into your account at our customer service center or you can speak directly to a Customer Service Representative.