Topics In Demand
Notification
New

No notification found.

The rise of Ransomware-as-a-service (RaaS)
The rise of Ransomware-as-a-service (RaaS)

242

2

In 2022, ransomware may undergo an Industrial Revolution of its own…

The appearance of Software-as-a-Service (SaaS) organizations at the turn of the century has led, just over twenty years later, to an IT market where start-ups operating under this model are seemingly ubiquitous. By the end of this year, the global SaaS market is expected to be worth almost US $172 billion, an endorsement of the model’s success.[i] It is only natural that hackers would seek to replicate this success.

RAAS

The rise of Ransomware-as-a-service (RaaS)

Since the mid-2010s, the cybersecurity experts at BSI, and many others around the world, have noticed a gradual but continuous rise in the prevalence and impact of ransomware on both organizations and consumers. Given this rise, which currently shows no signs of stopping, it is highly likely that businesses will need to escalate their preparations against ransomware even further in 2022.

With ransomware becoming an almost daily headline occurrence over the past two years, I believe that 2022 may be the year where we finally see a transition from ideas of cybersecurity to ones of cyber-resilience as the key technology risk objective. Organizations should recognize that they are incapable of preventing cyberattacks completely, considering the broad range of players which now aim to take advantage of system vulnerabilities, ranging from isolated individuals to hackers in the service of nation-states. Instead, the aim should be to minimize the damage caused by cyberattacks. As we often say, it isn’t a matter of if, but when a cyberattack will take place. Indeed, it may have already occurred and your organization may not be aware…

Ransomware-as-a-service (RaaS) sees knowledgeable software developers build ransomware tools and lease them out, often via the dark web, to those who wish to use them in the same way that B2B and B2C SaaS developers build more legitimate software tools for businesses and consumers. It’s an attractive product for the same reason SaaS is; often, very little in-depth technical knowledge is required to use the ransomware tools and once purchased, they are often highly effective. The business models can vary, but by 2031 ransomware is predicted to cost the world US $265 billion annually, according to one report.[ii]

The maturing RaaS industry

Given that currently, consumers and devices are expected to come under attack from ransomware every eleven seconds[iii], it is my belief that crowd-sourcing and ransomware-as a service will soon no longer be seen as an anomalous activity. As a practice, it is likely to become mainstream as cybercriminals reveal themselves to be truly ‘organized’ criminals. 

In this way, we may see Ransomware-as-a-service (RaaS) become “industrialised” in much the same manner as has occurred in traditional software development over the past twenty years, leading to a further increase in attack frequency.

Furthermore, compartmentalised criminal groups operating in segmented attack chains could conduct attacks on unwitting and/or ill-prepared enterprises, often weaponizing tools used by in-house security teams to bypass cyber-defence strategies. The increasingly organized criminal structures of ransomware collectives, as they seek dominance in an ever-more lucrative market, will operate in two ways as rival criminal gangs choose to collaborate in order to increase criminal returns or undermine each other’s activities. We should expect the business models of these groups, for that is essentially what they are, to evolve.

What is certain is that there is no end in sight to ransomware attacks. The need for organizations to continue to increase their ability to withstand such attacks and all forms of cyberattack is a core business risk management activity. Businesses should transition from aiming for true cybersecurity to cyber-resilience and hope to achieve ‘digital trust’ on the part of their users and customers. As organizations reckon with the increasingly interconnected nature of the global supply chain, growing in awareness of the upstream, midstream and downstream risks, they will see the need to show that they can act as a trusted operator. As the decade progresses and ransomware attacks become more regular and more targeted, organizations will need to exert considerable effort in order to become truly cyber-resilient.

References:

[i] SaaS market size worldwide 2022 | Statista

[ii]Global Ransomware Damage Costs Predicted To Exceed US $265 Billion By 2031 (cybersecurityventures.com)

[iii] Retail Warning: Ransomware attacks are happening every 11 seconds


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


BSI enables people and organizations to perform better. We share knowledge, innovation and best practice to make excellence a habit – all over the world, every day.

© Copyright nasscom. All Rights Reserved.