Ransomware has been a major talking point for some time now; spanning all sectors. However, you can often feel lulled into a false sense of security, as if your organisation is far removed from the likes of the WannaCry ransomware attack and other malicious actors. The reality is ransomware is ever-evolving, often faster so than modern-day infrastructure and applications can keep up with.
A new buzzword floating about in the security sphere is Ransomware-as-a-Service (RaaS), but is this just that — a buzzword — or is there more to it than meets the eye? In short, it is actually quite an important shift in the cybersecurity space which, in many ways, makes ransomware even more accessible to new, amateur audiences.
What is Ransomware-as-a-Service?
Ransomware-as-a-Service is a subscription-based model, much like Software-as-a-Service (SaaS), or Infrastructure-as-a-Service (IaaS).
As a service is the key element here, rather than either writing your own ransomware (which requires a great deal of knowledge) or purchasing a prebuilt piece of ransomware (which becomes outdated quickly) instead RaaS is a group of knowledgeable people that have the know-how to act on your behalf. They write and maintain the tools to perform the malicious tasks you set out and all you have to do is provide a monthly instalment. It’s essentially a hacker for hire. Often popular RaaS providers like the BlackCat ransomware creators will even negotiate the ransom itself on your behalf.
This new development opens up the ransomware space to a much wider audience who would otherwise not have access to such an advanced toolkit. The implications mean widening attacks — particularly on smaller businesses where the ransom may well be paid up.
According to the DCMS Cyber Security Breaches Survey 2021, 39% of businesses reported experiencing security breaches or attacks in the last 12 months and in the UK, the average cost of these security breaches and attacks was £8,460. This rose to £13,400 when focusing on medium and large firms. As you can see the problem is widespread and organisations are often paying the ransom when faced with the alternative of downtime and data loss.
How to protect your business against ransomware?
Many businesses, organisations and SMBs are all too casual when it comes to protecting their data, not realising the importance until it’s too late and data is lost or corrupted and unrecoverable. According to a study conducted by the Ponemon Institute and paid for by IBM more than 77% of organisations have no cyber-security incident response plan in place.
The advice from the National Cyber Security Centre and the police is that ransoms should never be paid, businesses often resort to recovering systems from backups or face losing data.
With the above in mind, the best way to protect against ransomware attacks is to act now instead of retrospectively. Ensure your organisation has a robust cyber-security incident response plan in place and create multiple, regular off-site backups so that in the event of a cyber-attack you are able to recover quickly.
Schrödinger’s Backup: “The condition of any backup is unknown until a restore is attempted.”
Tweet this…
It is also important to test your backup and recovery plan — you don’t want to find out backups are corrupt when you are in the process of restoring them.
An easier solution
Cloud backup, recovery, archiving and protection services can do all of the above automatically saving you time, and money and most importantly keeping your data safe and accessible. We recommend Redstor who was recently rated as the world’s #1 software vendor on G2.
One of the benefits of cloud backup and recovery is that there is no reliance on hardware, and therefore, no expensive CAPEX investment is needed.
When considered, this makes the total cost of ownership cheaper. Especially when an organisation is used to paying ongoing management and support costs for infrastructure over a 3-5 year period.
In addition, the flexible, scalable nature of cloud solutions ensures that users can benefit as their data sets grow or shrink, whereas traditional models can leave users paying for systems they aren’t using.