At least 79% of businesses that participated in Sophos’ research conducted in 2022 admitted that they’d experienced some form of ransomware in the past year, with an average ransom payout of about US$812,360 (RM3,639,372).
But that’s not all, local businesses that were affected were also of various sizes and industries. Just to name a few, the victims include a vintage shoe seller, the Malaysian Employer Federation, and even our very own local web hosting company, Exabytes.
With local companies putting heavy emphasis on staying connected, data storage, and usage of cloud services, there is a high probability that the number of victims will increase yearly.
Ransomware attacks are also becoming more and more sophisticated too, such as the emergence of Ransomware-as-a-Service (RaaS) like Reveton, which first made an appearance in 2012.
What are the differences between ransomware, and an RaaS?
What is Ransomware-as-a-Service?
At their core, ransomware and RaaS both function similarly where they restrict access and encrypt files on the victim’s device.
Access can only be regained after the ransom has been paid, and the attacker sends the decryption key.
Where they start to show stark differences is that RaaS is actually more similar to SaaS (Software-as-a-Service), as it is maintained by a team of malware developers, has 24/7 technical support, bundled offers, and more.
On top of the relatively affordable price of around US$40 (MYR179) to “rent” per month, RaaS drastically cuts down the cost of developing ransomware from scratch and deployment, which is presumably one of the factors for the increase in ransomware attacks as of late.
RaaS attack methodology
Once the RaaS kit has been acquired and properly configured, the next step is to launch the RaaS attack. It usually involves one of these attack methodologies:-
1. Phishing:
The most common attack, a phishing attack, involves tricking users into clicking malicious links disguised as legitimate entities. These phishing links can be sent through multiple delivery mediums, such as email attachments, web pages, pop-ups, instant messages, and more.
Once the link has been clicked, the ransomware will then be deployed, infecting the victim’s device and potentially other devices connected to the same network.
2. USB Attacks:
Much like phishing attacks, USB attacks take advantage of the naivety of users too. But instead of having the victim click on a malicious link, USB attacks involve having their unsuspecting victims attach a malicious USB drive to their device.
From there, the malicious payload is then run automatically, affecting the device it’s connected to, as well as those within the same network. This method is often used when the attacker targets a specific person or organisation.
3. Exploit Kits:
When a victim visits a website that has been compromised by an exploit kit, a hidden malicious code will then redirect them to an exploit kit landing page and trigger a drive-by download sequence to load the ransomware.
Keep in mind that this is a non-exhaustive list, and there are potentially many more attack methodologies that we have yet to discover.
Once successfully deployed, the ransomware will begin encrypting the affected devices, restricting access until a decryption key is used.
Individuals and organisations must pay the ransom via International Wire Transfers or through cryptocurrencies like Bitcoin, Ethereum, and even Dogecoin to obtain the decryption keys.
Even after the ransom has been paid, there’s still a risk that the attacker might not send the decryption key, or victims may not get back all the data that was held for ransom.
Malaysia’s Response to RaaS
This is not to say the Malaysian government isn’t doing anything to curb the number of RaaS attacks on Malaysian businesses.
For one, there are multiple laws in place, like the Computer Crimes Act 1997, the Communications and Crimes Act 1998, as well as the Malaysian Penal Code and Personal Data Protection Act 2010, that exist to deter bad actors from committing various crimes.
Additionally, multiple agencies in Malaysia were formed to help strengthen and protect our devices, data, and sensitive information from prying eyes.
These agencies include: –
1. National Cyber Security Agency (NACSA):
Malaysia’s national lead for cyber security matters. They help coordinate and consolidate local cyber security experts to help implement cyber security policies and strategies nationwide to protect against ransomware and cyberattacks.
2. Malaysian Common Criteria Evaluation and Certification (MyCC) Scheme:
Equipped with their own Evaluation Facility to carry out security inspections on Information and Communications Technology (ICT) products to ensure that it meets modern-day cyber security standards.
3. Cyber999 Help Centre:
Cyber999 Help Centre is operated by the Malaysia Computer Emergency Response Team (MyCERT) to resolve security complaints, often with the aid of CyberSecurity Malaysia, law enforcement agencies, internet service providers, and more.
4. CyberSAFE Malaysia:
CyberSAFE Malaysia aims to educate and increase public awareness of cyber safety and local ransomware attacks. They also provide guidelines and resources for Malaysians to ensure their online experience is positive and secure.
How to prevent a ransomware attack?
Having said all the above, keeping your business data, as well as your personal data, safe is completely in your hands.
Here’s how you can stop ransomware-as-a-service attacks by doing the following crucial steps:-
1. Take advantage of tried-and-tested cyber security frameworks that have undergone extensive testing and have been placed in real-world scenarios.
2. Use a unified cybersecurity platform to ensure no gaps in your network’s security parameters. A common occurrence when using a fragmented cyber security solution.
3. Apply the Zero Trust Network Architecture (ZTNA) framework to ensure all users accessing the network are constantly logged and validated.
4. Back up your files by following the 3-2-1 rule, where there are 3 copies stored across 2 different storage devices and at least 1 copy off-site.
5. Regularly validate that all your data are accessible.
However, if you’re unsure where to start, AceTeam Network’s customer-focused problem solvers are here to lend a hand.
About AceTeam Networks
AceTeam Networks is skilled at performing network and architecture framework designs, auditing, support, management, as well as network security.
Furthermore, our team of certified engineers will guarantee 24/7 support for cybersecurity management and offer a secure network environment for working on-site and off-site.
As there is no such thing as a one-size-fits-all solution, a quick consultation with AceTeam Networks will help assess your current business network to address any shortcomings and determine the best way to secure your network.
Head over to our contact page if you’re interested in knowing more about how AceTeam Networks can help protect your business and personal information from RaaS attacks by integrating solutions from notable industry leaders like Palo Alto Networks, Fortinet and AlgoSec.
REFERENCES
- Adhikari, B. (2022, September 9). Malaysia – Loopholes In Malaysian Cyber Laws. – Conventus Law. Conventus Law.
- Clay, J. (2022, September 22). How to Prevent Ransomware as a Service (RaaS) Attacks. Trend Micro.
- CyberSecurity Malaysia. (2022). CyberSecurity Malaysia. Cybersecurity.my.
- Hasbi, A. (2021, August 5). RM40,800 Converse vintage shoe seller comes under cyber attack. NST Online; New Straits Times.
- Palo Alto Networks. (2015). Ransomware: Common Attack Methods. Palo Alto Networks.
- The Star Online. (2021, September 20). Web hosting service Exabytes hit by ransomware attack, still restoring services. The Star.