Your Business News

Ransomware-as-a-service: A new business model for cybercriminals

June 2, 2022

Authored by RSM Canada LLP

Joel A. Humphrey, CPA, CA shared this article

ARTICLE | June 02, 2022


Ransomware has become the most significant cybersecurity threat today, affecting large multinational organizations and the smallest of entities. A ransomware attack represents a low-risk, high-reward opportunity for criminals, as little effort is required to access sensitive information and demand bounties that can cause extensive harm to businesses—especially small- to medium-sized companies.

The RSM US Middle Market Business Index 2022 Cybersecurity Special Report found that 41% of middle market executives know of a company targeted by a ransomware attack, and 23% of executives experienced an attack themselves in 2021. In the current environment, inaction is not an option, and companies must take proactive steps to address expanding and evolving ransomware risks.

To add to the evolving threat landscape, cybercriminals have taken advantage of the exponential growth of ransomware-as-a-service (RaaS), a service model where sophisticated threat actors develop and sell ransomware platforms to other threat actors. Now, cybercriminals no longer need to be highly technical to launch a cyberattack on an organization, so potentially lucrative ransomware attacks are rapidly increasing.

How does the RaaS model work?

The RaaS model provides the purchaser with extensive training, reference materials and malicious code that can be used to launch a ransomware attack. Here are some key takeaways for understanding how RaaS works.

RaaS providers typically use several different purchase models

  • Subscription: The RaaS provider receives a predetermined cryptocurrency payment for a finite period of usage.
  • Affiliate: The RaaS provider receives a recurring fee plus a percentage of the ransom payment.
  • Purchase: The RaaS provider sells a kit to the purchaser.

The attacks leverage well-established hacking tools (i.e., Mimikatz), while employing current vulnerability and penetration testing tools (i.e., Cobalt Strike). These attacks are designed to not only exploit well-known, existing vulnerabilities but also take advantage of new zero-day vulnerabilities. Threat actors have developed elaborate social engineering and intelligence-gathering methods to cause significant devastation for a victim when a ransomware attack is launched.

How to protect your organization from ransomware attacks

The reality is that ransomware will continue to be an ongoing threat to organizations, and there is no way to completely remove the risks. However, the following actions can help reduce the potential success of an attack.

Stay informed about new vulnerabilities

The National Institute of Standards and Technology (NIST) published information to help protect against threats and recover from a potential ransomware attack. In addition, the US-CERT—CISA regularly posts updates on new vulnerabilities and attacker tactics, techniques and procedure (TTP) trends.

Make sure you have backups

It is important to have backups not just for business continuity and disaster recovery, but also to be able to restore critical data if a ransomware attack occurs. The trusted, age-old 3-2-1 backup rule will help protect backups from attackers. Don’t forget that attackers also work nights, weekends and holidays, so you should have regular and frequent backups.

Implement advanced endpoint detection and antivirus protection

While attackers use established TTPs, they are also attacking new vulnerabilities and constantly updating their tool sets. Have a robust and properly configured defense system in place to identify and minimize potential attacks before they gain traction and affect your environment.

Have an incident response plan

Develop a strategy that outlines how your organization will respond if you suffer an attack. A ransomware situation is a chaotic event; the longer it takes you to respond to an attack, the more costly it will be. Ransomware has always been a concern, but the rapidly changing threat landscape is increasingly affecting companies of all types and sizes. Every organization should create a security approach that includes strategies to both prevent and remediate ransomware attacks. A strong security plan can limit financial exposure and reduce downtime.

Let's Talk!

Call us at 1 855 363 3526 or fill out the form below and we'll contact you to discuss your specific situation.

  • Topic Name:
  • Should be Empty:

RSM Canada Alliance provides its members with access to resources of RSM Canada Operations ULC, RSM Canada LLP and certain of their affiliates (“RSM Canada”). RSM Canada Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM Canada. RSM Canada LLP is the Canadian member firm of RSM International, a global network of independent audit, tax and consulting firms. Members of RSM Canada Alliance have access to RSM International resources through RSM Canada but are not member firms of RSM International. Visit rsmcanada.com/aboutus for more information regarding RSM Canada and RSM International. The RSM trademark is used under license by RSM Canada. RSM Canada Alliance products and services are proprietary to RSM Canada.

FCR a proud member of RSM Canada Alliance, a premier affiliation of independent accounting and consulting firms across North America. RSM Canada Alliance provides our firm with access to resources of RSM, the leading provider of audit, tax and consulting services focused on the middle market. RSM Canada LLP is a licensed CPA firm and the Canadian member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.

Our membership in RSM Canada Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise, and technical resources.

For more information on how FCR can assist you, please call us at 1 855 363 3526

Important Notice:

FCR will now redirect you to CCH Portal where your FCR Client Portal login is located.

Share This