Bookmark and Share

Outsourcing Cybercrime: Combatting Ransomware as a Service

Ransomware as a service is ransomware in a packaged application that threat actors can buy off the shelf and use to attack enterprises. It’s sold on the dark web and even through seemingly legitimate sources such as YouTube. Moderator James Quadarella and his participants discussed the best ways to face this threat and stop it before it occurs. One suggestion was to avoid having elevated privileges in your environment, if possible, so that when a mass attack occurs, you don’t have these individuals who can be targeted as the greatest weaknesses in your system. Enterprises should also develop an incident response plan with a playbook on how to enact the plan in the event of a ransomware attack. The participants maintained that their enterprises would not pay the ransom demanded of them, but many organizations may not have a choice, given their underfunded cybersecurity budgets and a lack of maintained data backups, if they even use cloud technology at all. The best way to prevent ransomware from taking place is to have organization-wide security awareness, namely by having individuals within the business who are “security champions.” These champions can educate their business units about cyber hygiene, ransomware, and other security concepts and demonstrate actionable security behavior that supplements whatever training employees receive as a whole. Having multiple, trusted cloud vendors should also be considered, so that enterprises have backups of their data in various places. Vendors in turn can help enterprises with containment and remediation solutions, even potentially assisting with decryption technology to break the ransomware’s own encryption security.