Column: Ransomware-as-a-service is a part of the dark web

Select an option below to continue reading this premium story.

Already a Honolulu Star-Advertiser subscriber? Log in now to continue reading.

Get unlimited access

From as low as $12.95 /mo.

Subscribe Now

By all accounts, ransomware attacks are occurring with greater frequency. The rise of ransomware-as-a-service, combined with the increased usage of bitcoin, has nefarious schemers from around the globe going after your hard-earned kala. What, then, can folks do to minimize their exposure to this plague?

First, let’s talk about ransomware-as-a-service. In the world of XaaS, many products can now be consumed “as-a-service.” Starting out with software-as-a-service (SaaS), this arena now includes more granular offerings such as storage-as- a-service (STaaS) or database-as-a-service (DBaaS). It only stands to reason that some criminal would figure out a criminal offering and come up with ransomware-as-a-service (RaaS).

Acquired via the dark web, criminal customers can use RaaS much like any other XaaS offering. Pay a fee, pick a target and unleash the ransomware. If successful, the provider takes a cut of the ransom and passes the rest on to the subscriber. Anecdotally, costs for subscribing to an RaaS are extremely low, less than a hundred bucks a month in some cases.

Obviously, this will only lead to more ransomware attempts as bad people try to make a quick buck. And more attempts will lead to more successful attacks. Further, we are also seeing lower, more affordable ransoms, sometimes less than $1,000 for small businesses and individuals. Many folks opt, or often have no choice but, to pay the ransom.

To combat ransomware, everyone — businesses, government agencies and individuals — must employ the old adage “Hope for the best and plan for the worst.”

Under the category of “hope for the best” are employing things like anti-malware software with specific anti-ransomware capabilities. A new breed of anti-malware packages utilizes behavior-based algorithms to detect malware infections, as opposed to the old-school style of relying upon a database that is outdated the day it is released.

Don't miss out on what's happening!

Stay in touch with top news, as it happens, conveniently in your email inbox. It's FREE!

By clicking to sign up, you agree to Star-Advertiser's and Google's Terms of Service and Privacy Policy. This form is protected by reCAPTCHA.

Further along the lines of “hope,” businesses and government agencies need to train the workforce on how to recognize and avoid ransomware threats. Individuals will do well to self-educate themselves. To this day the vast majority of ransomware attacks are initiated via email. This includes attacks via RaaS.

All of the preventive measures are well and good, but there is no excuse, in this day and age, to not prepare for the worst. In the case of ransomware, the primary, fail-safe defense is to have a reliable backup in place. Even if your data is in the cloud such as Office 365, GSuite or Dropbox, it is not 100% protected against ransomware. Such data still needs to be backed up, and can be backed up to another cloud provider as well. Some folks even back up their cloud data to a storage device in their office.

John Agsalud is an information technology expert with more than 25 years of information technology experience in Hawaii and around the world. He can be reached at jagsalud@live.com.