Ransomware-as-a-Service, what you should know




The as-a-Service (aaS) business model is nothing new to us today. We have seen Software, Platforms, Hardware, and even Management services sold as a service. With this (aaS) business model being so successful, hackers also started offering their malware and expertise as-a-Service.


Avaddon Ransomware first appeared in February 2020 and its authors started offering it with a Ransomware-as-a-Service (RaaS) model in June the same year, offering partners an initial 25% cut on the collected ransom.


Over the past few months, Avaddon Ransomware operators continued to promote their services in cybercrime forums to recruit more partners while continuously upgrading their code to avoid detection.


With remote access and remote working as the norm since 2020, Avaddon ransomware actors have compromised victims through remote access login credentials. Improperly configured remote desktop protocol (RDP) and virtual private network (VPN) with only single-factor authentication are the most common.


After gaining access, the actors map the network, identify backups to delete/encrypt, and creates a persistence (backdoor) for future access if needed. While most ransomware encrypts your files and demands a ransom in exchange for the decryption key, Avaddon takes this a step further and exfiltrate data from their victims and threatens to leak the victim's data to the dark web. In January 2021, Avaddon actors have also stated that they would attack victims who do not pay the ransom with distributed denial-of-service (DDoS) attacks.


So How Do We Better Protect Against Such Attacks

While there is no 100% protection against cyber-attacks, we can certainly put in place plans to help mitigate and reduce the potential damage caused.

  • Backup your critical business data using the 3-2-1 backup rule.

  • 3 copies of your data (1 production & 2 backup copies)

  • 2 different backup media

  • 1 backup copy stored offsite (cloud or secondary location)

  • Secure your back-ups and ensure data is not accessible for modification or deletion from the system where the data resides

  • Use multi-factor authentication (MFA) with strong passwords, including for remote access services.

  • Keep computers, devices, and applications patched and up to date.

  • Install and regularly update anti-virus or anti-malware software on all hosts.

  • Consistently monitor your IT environment for any suspicious activities.

Most organisations can often be too fixated on "prevention" tools and often overlook the importance of the proactive upkeep and education of employees on security awareness. After all, you can only be as strong as your weakest link.


Wish to learn more about how you can better mitigate your cyber risk? Contact us for a free consultation today.

29 views0 comments