The advent of ransomware-as-a-service (RaaS), has led to ransomware becoming one of the biggest cyberthreats, according to research from cybersecurity firm Tenable.

According to the research, the service model has significantly lowered the barrier of entry, allowing cybercriminals who lack the technical skills to commoditise ransomware. 

In 2020 alone, ransomware groups reportedly earned $692 million from their collective attacks, a 380 per cent rise over the previous six years combined ($144 million from 2013-2019). 

“The success of RaaS has also attracted other players such as affiliates and initial access brokers (IABs) who play prominent roles within the ransomware ecosystem - oftentimes more than ransomware groups themselves,” the report said.

Double extortion

Affiliates earning between 70 per cent-90 per cent of the ransom payment are in charge of gaining access to networks through “tried and true” methods such as spearphishing, deploying brute force attacks on remote desktop protocol (RDP) systems, exploiting unpatched or zero-day vulnerabilities and purchasing stolen credentials from the dark web. 

They may also work with IABs, which are individuals or groups that have already gained access to networks and are selling access to the highest bidder. Their fees, on average, range from $303 for control panel access to as much as $9,874 for RDP access.

The research further found that the current dominance of ransomware is tied directly to the emergence of a technique known as double extortion. 

“The tactic, pioneered by the Maze ransomware group, involves stealing sensitive data from victims and threatening to publish these files on leak websites, while also encrypting the data so that the victim cannot access it,” it explained.

DDoS attacks

Ransomware groups have recently added a host of other extortion techniques to their repertoire, including launching DDoS attacks to contacting customers of their victims, making it a bigger challenge for defenders. These tactics are meant to put additional pressure on victim organisations.

“With RaaS and double extortion, Pandora’s box has been opened, and attackers are finding holes in our current defences and profiting from them. In 2021, double extortion ransomware increased by 117 per cent globally. CERT-In noted that the country witnessed double the ransomware attacks in 2021 compared to 2020, leading to more organizations paying ransoms,” said Satnam Narang, senior staff research engineer, Tenable.

“So long as the ransomware ecosystem continues to thrive, so too will the attacks against organisations and governments. It’s imperative that these entities prepare themselves in advance so they are in the best position possible to defend against and respond to ransomware attacks,” Narang said.