Rising housing, education, and food prices are plaguing countries globally. To cope with the surging costs of living, side jobs (otherwise known as gig work or moonlighting) have gained significant popularity, particularly within the ride-hailing and food delivery services like Uber, DoorDash, and Grubhub, where companies are capable of obtaining an average of 93 million users per month. This steady, high market demand, the extra cash influx, and the flexibility of working on your schedule have been highly alluring aspects of gig work since the establishment of these services. At least, this was the standard until the COVID-19 pandemic made its debut.
When many companies opted for remote working conditions to ensure the safety of their employees, a cognitive shift occurred within the moonlighting community, leading to the desire for remote gig work as well. Add in the cybersecurity holes introduced by organizations unprepared for remote working conditions, and gig workers have been exploiting the opportunity to make significantly more money than they did DoorDash-ing by joining ransomware gangs. As a result, the number of ransomware hackers has burgeoned and produced a flood of ransomware attacks aimed at businesses worldwide.
Ransomware Overview, Trends, and Effects
For those unfamiliar with the terminology, ransomware is malware that encrypts files on an organization’s computers and servers, threatening critical infrastructure. Often, sensitive data is exported in tandem and kept hostage for ransom. Ransomware is typically distributed through phishing attacks and software vulnerabilities, and ransom notes with monetary demands are delivered to the victim once the ransomware has been downloaded and the hacker has exported the victim’s information. At this point, the victim either chooses to pay the ransom and recover their data or risks having their sensitive information exposed to all dark web criminals. Upon ransom collection, victims are offered a decryption key to decrypt the ransomware and collect their data.
The pandemic provided favorable breeding grounds for ransomware hackers in particular. Since the onset of the pandemic, ransomware hackers have been shifting their attention to severely impacted industries like municipal, educational, and healthcare facilities. Not only have their targets turned, but all aspects of ransomware attacks are seeing a steep upward climb from 2019 values: the frequency of attacks is up 148%, ransom demand values have increased 33%, and the
So, what’s causing this surge among the hacker community?
Ransomware as a Service (RaaS): The Business Model
Previously, ransomware was a “direct-to-consumer” business: developers created the code – with a high chance of penetration, low chance of discovery – and also distributed the cyber attacks. Now, cloud infrastructure is widely available, providing standardized and scalable environments and offering crime gangs the ability to franchise their efforts. What was once a linear attack model is now a multi-dimensional one.
This new, multi-faceted approach mirrors the typical Software as a Service (SaaS) model, where software is centrally hosted from a cloud service provider and licensed to affiliates. With the Ransomware as a Service (RaaS) model, the developer still creates the code but now leases the ransomware variants. This is often done by employing an affiliate as a “middleman” to carry the bulk of the risk and distribute the ransomware code to victims – with an attractive payout, too! There are four general revenue models, ranging from a monthly subscription for a flat fee to affiliate programs (with about 20% of profits going to the RaaS operator), a one-time license fee with no profit-sharing, or pure
Using this organizational technique, RaaS is structured like big business, with the increased operational efficiencies leading to an observed escalation in the number of ransomware attacks. This RaaS franchise effort is frequently supported with onboarding documentation, a step-by-step guide, and sometimes even status monitoring. Under this workflow, you no longer need technical prerequisites to become a successful hacker, making it widely available to everyone as a side gig. This opens the door to more than just your everyday criminals; terrorists are now entering the game as a way to inflict damage on their targets, causing a significant threat to national security in the United States. For them, the ransom is just frosting on the cake.
Although it’s well-known that ransomware hacking is illegal, the enticement for general affiliates is the developers’ adoption of a sheen of professionalism. Affiliates see the increased efficiency of the RaaS model and believe in the legitimacy of the work, going so far as to take corporate responsibility pledges in some affiliate programs. Because the RaaS business model is a vicious loop, as ransomware groups make more money, they can invest more in their operations and hire more affiliates, allowing them to hit bigger targets, repeating this cycle indefinitely.
This pattern and the current threat landscape highlight the lack of tools, resources, and expertise to keep up with the growing list of vulnerabilities, attack techniques, and security incidents within victimized organizations. To prevent cybersecurity attacks and protect your organization, focus on educating your staff on cybersecurity best practices, establishing defense tactics, and continuously monitoring your systems for vulnerabilities.