Ransomware-as-a-service increasing SMB attacks - Cobweb

Ransomware-as-a-service increasing SMB attacks

Home » Content Hub » Ransomware-as-a-service increasing SMB attacks

Cyber-Attacks, once seen a as rare occurrence and easily dealt with by simple Anti-Virus Software, are now one of the biggest potential threats to any business. The different types of attack and sophistication has increased exponentially to include Phishing, Malware, Man-in-the-Middle Attacks (MiTM), Denial-of-Service (DOS) Attacks, SQL Injections, Zero-day Exploits and Password Attacks. Many of these then lead to Ransomware demands.

The profile of the people behind these attacks is evolving, as knowledge and accessibility to tools becomes more available. Whilst large, organised crime groups on the dark web such as REvil, Darkside & Conti continue to target major companies such as AcerGarmin and JBS Foods for ransoms running into the millions, new groups and individual cyber-criminals with less structure and resources are now targeting small and medium sized businesses (SMBs), demanding lower, but still devastating ransoms – relative to the turnover of the company.

One of the most worrying developments that has enabled this new target group is the growth in ransomware-as-a-service (RaaS). This service is subscription based, similar to any other legitimate software-as-a-service (SaaS).  Cyber-attackers buy the RaaS solution online with the basic framework of a ransomware virus. These may include encryption tools, a way to collect ransom (usually through cryptocurrency payment), how to communicate with the targets to get best results and general hints and tips to ensure traceability is minimised. The attackers then have to customise certain elements to use in a cyber-attack. The major ransomware groups are predominantly behind the supply of these ‘RaaS’ software packages.

The most common mistake that SMBs make when considering cyber-security is thinking that it won’t happen to them. Increasingly it is not until an attack takes place that the reality kicks in. The UK Government continues to produce and update guides stressing the dangers and spreading messaging to educate and advise businesses for free.

For the businesses unfortunate enough to fall victim to an attack, up to 60% will go out of business within a year – whether that be through financial loss, downtime resolving the issue, loss of company reputation, or a combination of all three.

As cyber-attacks become news for the mainstream media, in particular Ransomware attacks, awareness is growing, and we see an increasing trend for enquiries to help secure businesses. It is essential if you haven’t already, to review your security for vulnerabilities, implement layers of protection and ensure your staff awareness of cyber-threats is always up-to-date.