Ransomware-as-a-service: the enemy is within

The attack on the Lazio Region is an opportunity to return to talk about RaaS, or this business model of cyber crime, which for some years has found the meeting of supply and demand on the dark web. Stefano GAZZELLA August 5, 2021

After the computer catastrophe that involved the Lazio Region, there is a return to talk of ransomware even if, in reality, among anyone with a minimum of cybersecurity literacy, the topic has always been absolutely topical and anything but of little concern. In particular, however, the phenomenon of the so-called Ransomware-as-a-Service or RaaS, which is a real service made available via a platform on the dark web by some cybercriminals to field test the effectiveness of some ransomware. Obviously, everything also happens to make profits from the illegal activity by the user, who can buy service "packages" and thus interface with developers who with a few clicks are able to provide both the desired type of ransomware and the site on which to make the payment of the ransom. Obviously, a portion of the payments (about 20-30%) is withheld by the platform managers as a fee for the service provided. Furthermore, thanks to a control panel, it becomes possible to monitor the spread of the ransomware purchased and used for one's own cyber attack, learning both the infected users and the amount of the extorted payments. All this leads to a much wider diffusion of this type of threat, since both accessibility even to users inexperienced in the creation of malicious codes and its diffusion increase, with an undoubted impact on the prospective risk scenarios. For example, the criminal group LockBit 2.0 is actively recruiting insiders to be able to enter the IT systems of companies without the need for additional intermediaries, since in this way access is made using directly the accounts of the personnel who can get or already have remote access or via VPN. The offer that is presented consists of the opportunity to earn millions of dollars thanks to a simple click on an executable file when you are inside the systems of your company, which will allow cybercriminals a first access, and the guarantee of total anonymity. . Obviously, support is also provided via anonymous chat to clarify any doubts or receive more precise information. In short: there is also a ticketing service perfectly in line with the many legitimate as-a-services we are used to. Now, considering that these scenarios are current, it is good to consider a review of the IT risk analysis and, consequently, the preparation of adequate and, preferably, preventive security measures. Otherwise, all that remains is to wait for the inevitable event and then invoke an adverse fate as an excuse. But this practice - unfortunately still widespread - does not help to keep data or liability for any organization unharmed.