Page 34 - Banking Finance October 2023
P. 34
ARTICLE
Customization: RaaS providers offer customization options exploit kits, which are toolsets used to exploit software
for the ransomware. This allows users to modify certain vulnerabilities and deliver malware. This integration
features of the malware, such as the ransom note, enhances the capabilities of the ransomware, allowing it to
encryption methods, or target selection, to suit their specific spread more efficiently and target a larger number of
attack objectives. potential victims.
Revenue Sharing: RaaS providers typically implement Common RaaS Models:
revenue-sharing models, where they receive a percentage 1. Monthly subscription for a flat fee.
of the ransom payments made by the victims. This creates
an incentive for both the ransomware developers and the 2. Affiliate programs, which are the same as a monthly
attackers to collaborate and maximize their financial gains. fee model but with a percent of the profits (typically
20-30%) going to the ransomware developer.
Support and Infrastructure: RaaS providers may offer 3. One-time license fee with no profit sharing.
technical support, hosting services, and infrastructure to 4. Pure profit sharing.
their customers. This includes providing command-and-
control (C&C) servers, payment portals, and communication Implications and Impact: The widespread availability of
channels to facilitate the interaction between the attackers
RaaS has resulted in a surge of ransomware attacks,
and the victims during the ransomware attacks.
affecting individuals, businesses, healthcare organizations,
and even critical infrastructure providers. The financial
Criminal Ecosystems: RaaS contributes to the development impact is staggering, with victims often left with no choice
of criminal ecosystems by connecting ransomware but to pay exorbitant ransoms to regain access to their
developers, distributors, and attackers. This collaborative encrypted data. The collateral damage caused by these
model allows cybercriminals with varying skill sets to attacks includes reputational harm, legal repercussions, and
collaborate, share resources, and profit from ransomware the erosion of public trust in digital systems.
attacks collectively.
Examples of RaaS:
Escalation of Attacks: RaaS has contributed to the
widespread proliferation and evolution of ransomware Hive: Hive is a RaaS group that became popular in April 2022
attacks. It has enabled the rapid development and when they targeted a large number of Microsoft's Exchange
distribution of new ransomware variants, leading to an Server customers using a pass-the-hash technique.
increase in the frequency and sophistication of attacks Organizations included financial firms, non-profits,
globally. healthcare organizations, among many more. On January
26, 2023, the United States Department of Justice
Affiliate Programs: Some RaaS platforms operate affiliate announced they had disrupted Hive operations by seizing
programs, where individuals or groups can sign up to two back-end servers belonging to the group in Los Angeles,
become affiliates. Affiliates receive a portion of the ransom
payments or earn referral fees for bringing new customers
to the RaaS platform. This incentivizes more individuals to
participate in the distribution and use of ransomware.
Monetization Model: RaaS providers often offer different
pricing models to their customers, such as one-time fees,
subscription-based plans, or revenue sharing based on the
ransom payments. This flexibility allows attackers to choose
the payment structure that aligns with their preferences
and potential earnings.
Exploit Kits Integration: RaaS can be integrated with
34 | 2023 | OCTOBER | BANKING FINANCE
